How to mitigate and recover from rising African cyber incidents by Brian Smith

There is little doubt that cyberattacks on African organizations are on the rise, with ransomware, malware, and backdoor events, as well as data leaks, growing more frequent. The Distributed Denial of Service (DDoS) attacks by “hacktivists” Anonymous Sudan on Kenyan and Nigerian organizations in July and August of this year are one such recent incident.

The original organization appeared in Sudan, “in response to the country’s ongoing political and economic challenges,” claims a research by cybersecurity company Cloudflare. In order to bring attention to problems like internet censorship, they were also well-known for adopting digital activism, which includes hacking and DDoS attacks on governments and other well-known websites.

Beginning in early 2022, Anonymous Sudan initiated DDoS assaults against nations like Sweden, Denmark, and the US. These attacks continued into this year, and in mid-June the group declared that it would target the US and European financial sector. From the end of July, Kenyan organizations were under attack, and a number of domestic institutions, including banks, media outlets, hospitals, colleges, and other firms, were apparently targeted in a DDoS offensive that lasted days.

According to the report, the repercussions of these attacks are extensive, posing problems including service outages, revenue losses, lower productivity, remediation costs, and reputational harm.

What precautions can African firms take to prevent this kind of attack or at the very least lessen the harm done by cybercriminals? Making sure the appropriate strategic actions are taken is the solution.

Establishing a cyber incident response strategy

An incident response plan, which is a formal, written document that has been authorized by top management and provides a set of instructions for organizations to detect, respond to, and recover from a cyber attack, is a great place to start. In the event of an attack, the company would check its incident response plan and follow the suggested actions.

For instance, Datacentrix’s incident response strategy has the following stages:

1. The first step when the cybersecurity incident response plan is activated is to notify all accountable employees inside the company, including the governance and risk officer, senior management, and executives.
2. The following stage is to assemble a group of security specialists from the Datacentrix Security Operations Centre (SOC), which would include people from several cybersecurity specialties.
3. After that, Datacentrix would establish a “war room” with all of its technical cybersecurity experts. These experts would be entrusted with looking into the attack, coming up with a plan for mitigation, and putting the required safeguards in place.
4. Throughout this process, all stakeholders will be kept informed on the status of the project.

An incident response plan should, in theory, be able to handle any kind of intrusion; whether it’s ransomware or malware, for instance, the initial response should always be the same. As a result, up until it is determined how mitigation will be carried out, all members of the technical and operational teams are involved in the early stages. The company runs the danger of losing sight of the wider cybersecurity picture and opening itself up to various types of incidents if different teams are assigned to handle different types of attacks.

Activity is essential.

Organizations should not only have an incident response plan in place, according to Datacentrix, but also make sure that it is routinely exercised. This might be done, let’s say, at least thrice to four times a year, by doing attack simulations (penetration testing) to look for exploitable vulnerabilities. These tests will confirm that, to the greatest extent feasible, all parties and teams concerned are prepared for an actual assault on the company.

Additionally, businesses must regularly verify that they have the appropriate security certifications in place with the help of their security engineering teams.

Making sure that the company provides continuing cybersecurity training for end users is another crucial exercise. Given that human mistake accounts for more than 80% of attacks, this is of utmost relevance.

After being attacked, what do you do?

African businesses are less and less likely to escape unharmed from cyberattacks, therefore it’s critical to consider how to bounce back from a mishap. The organization must first analyze the nature of the incident that occurred in order to determine how it might take better precautions to protect its business systems from such attacks in the future.

Once more, the firm should consider better end-user training as well as educating stakeholders about its incident response plan and finding out what the strategy means to the business and how it can be enhanced.

Companies without an internal security staff should seek assistance from a reputable cybersecurity partner that provides Security Operation Centre (SOC) services.

The advantages of an outsourced SOC include lower operational expenses, rapid, round-the-clock access to a team of cybersecurity professionals, the most cutting-edge technologies, pooled threat intelligence, and scalability possibilities.

An experienced cybersecurity partner will also be able to help with the creation of a strong incident response strategy as well as regular simulations and testing scenarios, in addition to the array of effective, proactive, multi-disciplined cybersecurity measures.

By Brian Smith, Business Unit Manager, Datacentrix. Visit https://www.datacentrix.co.za/security-services-672943.html for more details on Datacentrix’s Security Services offering.