What if your cybersecurity could evolve as quickly as cyberthreats do?

Businesses change and grow every day — as do the environments in which they operate, the constraints on their budgets and the threats they face. This is particularly true when it comes to cybercrime, which has the potential to be one of the most costly line items on a business’s balance sheet if it’s not properly addressed. 

The most common cyberthreats in SA are related to financially motivated cybercrime, such as crypto mining carried out by self-spreading malware, or by coin-miner modules dropped by malware. Those sound complex and as though they belong in a different world to SA, but the digital world is global and pays no attention to man-made borders. 

Malware often lands up in a system or network when a user downloads a “cracked” version of legitimate software, or when they download something that looks like software, but is actually “cleverly disguised” malware.

These disguises are what make malware so lethal in a business context — many of them look like the tools that system administrators themselves would use.

While some types of malware just lurk in the background and possibly harvest personal data such as banking details or corporates’ competitive information, others have a far more instant effect.

For example, global cybersecurity firm Trellix recently came across a Russian origin disk wiper malware that quietly sat in the background, undetected by its host’s cybersecurity system. Once activated, that malware effectively destroyed everything on its host computer in 15 seconds — including its operating system and all data. 

Ever-evolving threats

It’s true that new cyberthreats emerge every day.

Many SA organisations, which have prioritised the purchase of cybersecurity systems, have chosen their solutions according to the specific types of threats that they are most concerned about. This can be a costly exercise, not only in terms of the spend on these solutions, but in terms of the skills and human resources needed to manage them effectively.

Compared to its global counterparts, SA's banking sector is extremely advanced and competitive — making it a target for industrial espionage, data theft and identity theft, among other things. 

SA's utilities sector is vulnerable to attack — particularly to ransomware. Imagine the consequences if that were to fall victim to that malware that destroys computers in 15 seconds: the entire country would be plunged into darkness.

In addition to there being just one electricity utility that generates most of our energy, each metropole has its own organisations which resell electricity and water to their residents, each with its own deep databases that hold customers’ personal and financial information, making them prime targets for cybercriminals. 

In the media sector, media platforms are vulnerable to cybercriminals who want to gather data about their readers, or use their platforms to spread malicious content. 

These are all real challenges faced by organisations which have to keep tight controls on budgets in a cash-strapped environment, and which can’t afford capex for new cybersecurity interventions every time that there’s a new threat on the horizon or in their inbox. 

But what if an company's cybersecurity could evolve as quickly as cyberthreats do?

A 'living security' approach

Because companies and their IT systems are living, constantly evolving environments, they need a “living security” approach, like Trellix's “extended detection and response” (XDR) cybersecurity architecture.

Using machine learning and automation, it evolves and develops just as fast as cyberthreats do to give organisations a holistic view of their cybersecurity status, along with the tools they need to respond quickly when a threat is identified.

For example, the Trellix XDR platform offers tools that span security information and management; security orchestration, automation and response; and user and entity (business) behaviour analytics. 

XDR makes it easier to manage cybersecurity, and to respond quickly and effectively to threats before they cost businesses money in hard costs, opportunities and reputational damage. 

This approach to “living security” means  organisations have a greater level of resilience to threats but without having to expand their internal cybersecurity teams.

Another advantage of adopting an XDR approach is that it is open and integrated, and can leverage the tools that an organisation already has in place. That’s why Trellix engages with each client to understand the maturity of their cybersecurity infrastructure.

After that, Trellix works with them to deliver tangible tools and opportunities to leverage the best possible protection, while still honouring the contracts and commitments that they have in place with other security providers.

This article was paid for by Trellix.