Head of Solutions, Projects and Portfolio for T-Systems South Africa, Rajan Padayachee looks ahead on what cybersecurity needs to look like in 2018 and beyond.
2017 was a difficult year for cybersecurity with numerous phishing scams, ransomware attacks and even some high profile political hacks making the headlines. It is clear businesses need to remain vigilant and be prepared to invest in robust security infrastructure. This sentiment is echoed by Rajan Padayachee, Head of Solutions, Projects and Portfolio at T-Systems South Africa. We sit down with Padayachee to discuss the future of cybersecurity and just how crucial it is to the digital strategy of any modern business.
If last year was anything to go by businesses need to batten down the hatches as far as cybersecurity is concerned in 2018. Hackers are getting smarter and they’ll almost certainly be attempting even bigger breaches in the near future. So, where are businesses at in terms of their attitude towards keeping pace with cybersecurity developments and, more importantly, investing in it?
“The one challenge that we continue to face is that security is one of those services where it only seems to matter to a lot of people when there’s been a breach of some description,” says Padayachee. “It’s almost like a grudge purchase because customers don’t necessarily want to pay for it, but it really becomes an issue when their business is then exposed.”
With close to 130 customers in South Africa as well as its global network, T-Systems is a highly respected company offering end-to-end security encompassing infrastructure, hosting, cloud, network security and application support. Its customers haven’t yet suffered any major security breaches and, as such, Padayachee is well placed to comment on the increased possibility of potential breaches – especially for those businesses going through digital transformation, not to mention the increase in connectivity thanks to the internet of things.
“In the past, the focus was on physical security such as data centres and access control – then we moved onto infrastructure, anti-virus, firewalls and so on, but now you have to be prepared to protect every single transaction. Nobody is coming into your environment to target one specific area. Everything is at risk. This is especially true for businesses embarking on a digital journey because now you have more devices that communicate with your business infrastructure, your employees, your customers etc. The challenge now is to manage your security in a much more complex environment,” says Padayachee.
Attitudes and threats
The days of cybersecurity meaning little more than patch management and firewalling are long gone. “For example, if you’re a retail store and you have intelligent cameras, biometrics, heatmaps and a whole range of digital technology on your network, you need to make sure every piece of infrastructure is secure, bearing in mind a lot of these elements may be coming from all different kinds of providers. You need to take a holistic approach to security. You need to know the ID of every device on your network.”
Another key element of cybersecurity acting as a key enabler for digital growth is not to become complacent, according to Padayachee. “If you have encryption you may think you are secure, but if you look at the processing power available, I don’t think encryption alone will be able to protect you in two or three years’ time. Your security needs to continuously evolve in a changing environment.”
Cost is still a prohibitive element for some businesses being reluctant to invest in security infrastructure, but as Rajan points out, hackers are also evolving as is the increasing severity of their threats. “Ransomware is one of the most common forms of attack at the moment. In the past you’d try to protect your environment, but hackers aren’t coming in to steal your data; there’s so much of it out there anyway. What they do now is they come and make sure you can’t access it. They will then ask you to pay to access it.”
Beating the hackers
These developments in how hackers are now operating has also had an impact on the type of service companies like T-Systems are now offering in an effort to help combat security breaches. “We now offer a sort of simulation exercise where we go in from an executive level, so we’re not looking at it from a pure IT viewpoint,” Padayachee continues. “We try to get them to understand what it means when a business is attacked in this way. So, the conversation is all around us saying: ‘If you’re locked out of your SAP systems then what impact will that have on your business?’ For example, if a healthcare business is attacked it could affect billing, scheduling of patients operations and so on. By having these discussions we have found that a large number of businesses are not prepared to deal with a situation where they can’t access their own systems.”
Millions of cyberattacks take place every year in Africa, especially in South Africa, Nigeria and Kenya. According to 2017 Global Cyber Security Index of International Telecommunications Union, the level of commitment in Africa to cybersecurity is the lowest compared to other continents. Kenya is the 69th most vulnerable country in the Global Threat Index out of 127 nations. The country is estimated to have lost about Sh20bn as a result of cybercrime, but surprisingly 96% of companies in Kenya spent less than Sh515,000 ($5,000) in cybersecurity.
One of Padayachee’s gravest concerns is around how devious hackers are becoming too. “The intelligence is so good they can be in your system for two months before doing anything. Hackers are becoming smarter about the way they attack companies.” So, what can businesses do? “It’s all about being prepared. Really, it’s not a question of if you’ll be attacked, but when. These conversations where we go in and speak to executives are really good because they make people think about how to protect their brand, reputation and business. These people need to know what to do in a situation where they’re asked to pay a ransom. They may even just need to know whether the threat is real or not,” he says.
As the conversation draws to a close, Padayachee admits that while nobody can provide a totally fail-safe environment there are steps that can be taken to ensure damage is prevented or kept to a minimum, but it all starts with investing in the correct robust infrastructure. “No provider can guarantee 100% against security breaches because attacks are evolving, but you still need the right processes in place so that you’re ready. Bear in mind the top organisations in the world have all been compromised at one point.”