South Africa is currently a magnet for cyberattacks‚ with hackers set on stealing data.
Following the announcement by large South African data centre operator and website hosting service provider Hetzner that a key database had been hacked‚ Maeson Maherry‚ chief solutions officer for Africa’s leading cybersecurity firm LAWtrust‚ says numerous data breaches over the past few weeks show South Africa is a “focus area for cyberattacks”.
The Hetzner breach – which was discovered on Wednesday – follows the revelation two weeks ago that more than 30-million South Africans’ personal information (including property ownership‚ income and employment history) had been exposed online‚ in what is considered South Africa’s biggest data breach.
“We are effectively in a ‘cold war’ where the goal has become less about disruption and more about stealing data‚” Maherry says.
He says it is imperative that South African businesses act to protect their data and their brand‚ and retain customer confidence. “Businesses have to provide multi-layered defences to protect the data and this has to be done in such a way that the information services are still accessible and convenient to customers.”
Maherry says businesses need to put in place strong authentication for all administrators‚ employees and customers in light of the breaches. Companies also have to “encrypt everything”‚ including data in databases‚ file servers and in the cloud.
“It is not a question anymore of whether an organisation will be breached‚ but how and when. Therefore‚ businesses must consider bringing the protection close to data itself – encrypt your data‚ while taking into account preservation of business functionalities and convenience for the users. Encrypting everything will become the norm in the future‚” says Dr Aleksandar Valjarevic‚ head of pre-sales at LAWtrust.
Maherry adds that businesses also have to consider how they manage the cryptographic keys‚ SSH keys and digital certificates that are the foundation of the security plumbed into enterprise and cloud IT.
“If an employee can leave with a copy of the SSH key for a server and a business can’t do anything about it‚ then that business is in extreme danger‚” he says.
Source: TMG Digital.