There is no doubt that African companies are increasingly being targeted by cyberattacks, with ransomware, spyware and backdoor incidents, as well as data leaks, becoming increasingly frequent.
A recent example is the distributed denial of service (DDoS) attacks on Kenyan and Nigerian organizations by “hacktivists” Anonymous Sudan in July and August of this year.
According to a report from the cybersecurity company Cloudflare, the original group emerged in Sudan, “in response to the country’s political and economic challenges. They were also known for using digital activism, which includes hacking and DDoS attacks on governments and other high-profile websites, to draw attention to issues such as Internet censorship.”
In early 2022, Anonymous Sudan launched DDoS attacks against countries such as Sweden, Denmark and the US, which continued this year, with the group announcing that it would attack the US and European financial sector in mid-June.
From the end of July, Kenyan organizations came under siege and several businesses in the country, such as banks, media outlets, hospitals, universities and other companies, were allegedly targeted in a days-long DDoS offensive.
The effects of these attacks are far-reaching, says the report, listing challenges such as service unavailability, lost revenue, decreased productivity, remediation costs and reputational damage.
How, then, can African companies take measures to mediate this type of attack or, at least, minimize the damage caused by cybercriminals? The answer is to ensure that the right strategic measures are being taken
Establish an Incident Response Plan
A great starting point is to have an incident response plan in place; a formal document, written and approved by management, that provides a set of instructions for organizations to detect, respond to, and recover from a cyber incident.
If an attack occurs, the company must consult its incident response plan and adopt the recommended measures.
The incident response plan must follow several steps:
- The first, once the plan is invoked in the event of a cybersecurity incident, is to alert all responsible people within the company, including those responsible for governance and risk, senior management and executives.
- The next step is to assemble a team of security experts from the Security Operations Center (SOC), which would include members from different cybersecurity disciplines.
- Open a “war room”, incorporate all your technical cybersecurity experts, who are tasked with investigating the attack, designing what needs to be done from a mitigation point of view and carrying out the necessary measures.
- All interested parties must be kept updated on progress made during this process.
Ideally, an incident response plan should cover all types of cyberattacks, and whether it's ransomware or a malware attack, for example, the response should always be the same – at least initially.
This means that all members of the technical and operational teams are involved in the initial phases, until it is decided how mitigation will be carried out. If different teams are designated to manage different types of attacks, the company runs the risk of losing sight of the bigger cybersecurity picture and could be vulnerable to other types of incidents.
BUT: Hacker group “BlackCat” claims cyber attack on ENDE and COSAL
Proactivity is essential
The advice is that organizations should not only have an incident response plan, but also ensure that this is regularly put to the test. This can be done through attack simulations (penetration tests) to check for exploitable vulnerabilities, say, at least two to four times a year. These exercises will confirm that, as far as possible, all stakeholders and teams involved are prepared for a real attack on the company.
Additionally, companies should do frequent check-ins with their security engineering teams to confirm they have the correct security certifications.
Another essential exercise is to ensure that the company offers ongoing cybersecurity training to end users. This is extremely important considering that more than 80 percent of attacks are caused by human error.
You've been attacked, what's next?
It is increasingly less likely that African companies will remain unscathed from cyberattacks, which is why it is important to analyze how to recover in the event of an incident.
To begin, the organization should analyze the type of incident it suffered and see how it can take more effective measures to protect its business systems from similar future attacks.
Again, the company should also look for more effective training for end users, as well as raise awareness of its incident response plan to stakeholders, looking at what the plan means for the company and how it can be improved.
Companies that do not have a dedicated internal security team should seek support from an established cybersecurity partner that offers Security Operations Center (SOC) services.
An outsourced SOC offers the benefits of immediate, 24/7 access to a team of cybersecurity experts, as well as the latest advanced technologies, shared threat intelligence, scalability options, and also reduced operational costs .
In addition to the suite of powerful, proactive, and multidisciplinary cybersecurity measures, an experienced cybersecurity partner can also help establish a solid incident response plan and regular simulations and test scenarios.
