IBM’s 2019 Cost of a Data Breach Report, compiled by the Ponemon Institute, confirms that the key contributing factor to the cost of a data breach is time – time to detect and time to respond, writes Lukas van der Merwe, Specialist Sales Executive: Security, T-Systems South Africa.
Protection, while vitally important, is not enough. More focus should be placed on an organisation’s resilience post attack/breach. According to the report, remediation takes on average 231 days in South Africa, of which 175 days represent the time to identify and 56 days is the time it takes to contain.
Cyberattacks now regularly bring businesses to a standstill in South Africa, as well as across the globe, which means that modern cyber security must integrate at every business level. It needs to evolve into a pervasive and active presence, ensuring operations and data integrity are not disrupted. It is vital that intellectual property remains confidential and customer privacy is protected in accordance with regulations.
Advanced Cyber Defence enabled by Security Orchestration Automation and Response (SOAR) technology, combined with Artificial Intelligence (AI), offers organisations an opportunity to detect and respond much faster, limiting the extent and the cost of a breach.
According to research, only a small percentage of South African organisations are deploying SOAR technology. For some, the shortage of skills is prohibitive, while for many it is the associated costs. However, depending on the specific attack vector deployed by cyber criminals, SOAR technology could reduce the extent and cost of cyber events exponentially, turning weeks or months into hours or even minutes.
Deep machine learning
The functional elements of SOAR’s automated intelligence and deep machine learning technology enable the identification of anomalous traffic and patterns, correlate data across systems and perform behavioural risk analytics on users and entities near real-time.
However, technology and the security controls it enables do not precede policy. Advanced cyber security tools promise significant benefits, but technology in the absence of risk and data management policy does not equate to protection. Once data is classified and risks are assessed, relative to the specific business, it is possible to establish what controls are required and which technologies and services will best underpin those.
It is also imperative to involve business both from a requirement and sponsorship point of view, but organisations should not fall into the trap of automating flawed processes. They should adopt a more agile approach and deploy tools that address the highest probability and impact risks, but should not assume they have to do it themselves – an experienced partner can assist.