TigerLogic Africa’s Post

Transcript

Hi, my name is Samuel Chika, I'm the General Manager. Solutions are Tiger Logic and we have to share a few insights with you on evolving threats in our world today. And hopefully we'll get into a few things you can do to mitigate against those strikes and reduce the impact of human error in organizations. We see a whole lot of revolution that is supported by technology companies doing so much new and innovative products coming out leveraging capability that comes with technology. The challenge with this is that it has increased. Attacks office, it means that these are areas by which malicious actors or malicious people can get coming through. These different threats we see all over are increasing by the day as a digital ambition of organizations are increasing as a top on the list of those attacks we see are things like IT vulnerabilities because we now have more smart devices, more devices that have embedded chips and they have IP addresses. And they are connected on the network and the goal of those connection is to do more with those devices and have more collaborations and interruptions to get more result. But the create room for three doctors to affect our business and the risk associated with this is that the impact through these devices can be humongous. We've seen cases where critical infrastructures. Power plants and all of that's happening shut down because they have IP's and they are reachable, especially where proper protections are not put in place. We've also seen cases where smart devices like air conditioners are within financial institutions or other kind of digital organizations like that have been used to get access into the network, especially where there's no proper segmentation and so you have IP. For your cameras and have been used to reach ideas of your database critical database and malicious actions are taking place. So I'll see vulnerabilities. It is something that is increasing and something that organizations have to look at. We also have the case of ransomware especially donors sophisticated level. The idea is this when the attackers coming through an environment they take critical. Data and encrypt it and authorization to pay around some to be able to get access to that data. And as I've mentioned to people many times, even organizations who have paid have never had access to that data. And so it's something to do to extort money from organization as also as well as cost about reputation for that organization and it's seen increase we've seen cases whereby is done. In a sort of skated level, you see details attack, but the real intent is to cause around somewhere. So when you see details attack is used as a smokescreen to cover that there's a real there's another form of attack going on. So network resources, ITO operators are looking the other way, trying to send the details attack and their security structures are relaxed and then the real thing happens. So we've seen an also an increase in, in that regard of ransomware attacks going on there, the regular advanced persistent threats also coming on. People are trying to bring down in an intentional way institutions. And so these are a few of the things that are coming up, as I mentioned IO T vulnerabilities, ransomware attack and one last one which I which is very important is insider. Abuse all he said that France they even their weeks associated with individuals that are working with our communications either store parties or employees sometimes move former employees. We cannot overstate that risk is still there. As long as you have employees, you always have a treat incidents. Now we've seen the list of this thread. Now they are not exhaustive. There are more, I mean inclusive of things like a attacks. But the question is how can organization prepare for these And the right word is preparation. You need to prepare even for the kind of response that you would provide eventually when those attack comes and. You need to consider things like zero trust, especially when you want to stem off things like IT vulnerabilities. You want to have proper segmentation across your network. You want to ensure that people who need access are only granted access to the resources that they need and can only work within the ambit of that which resource and they are monitored while they do so. You don't have this. Architecture where people can just reach anywhere. So proper zero trust model in terms of network design and assets must be considered at all times. Even when you are going to the cloud, you need to think their trust. In your output of all things, you it's, it's very important. Also doesn't need to invest in also advanced to give you an example like metal detection and response. It's a it's a great tool to look at because in this case you instead of just picking off your security capability at the end point, you look at the raw packet itself and you can provide analysis and then take response based on the insights you get off it. In India too will be a great artist specially when you you will add it with AI capability that allows you to analyze this threat and respond accurately to it. You should also review other tools you have like your Cdr tools. You have good want to review and then consider things associated with your asset inventory of your asset. There's something called a service security assets and attacks. This management, it's you, you get the least of all your assets and then you look at the risks associated with each asset and then you can take the response on time. So before an asset becomes vulnerable and expose you to other kind of challenges, you can get a hold of it. You have proper visibility through a. Um Sebastian que o teatro mais ou menos sobre o ch��o. Ah, o. To encourage learning culture. Immunization, you, you know that people can only do as much as they know. So culture where you have lots of security awareness within the organization is very much required. It's important that organizations put about policies and in some cases to get assistance that could encourage continuous learning, not just on an adult basis, but on a regular basis and these systems come in. Moses the people as are the good through these different training and ascertain where their gaps and help mitigate against those that this is very important. We know that human error is a is a big deal. We say humans are the weakest link in this security chain. But then you come from wealthy human element from your city. In short, organizations walk. Are the very best way musician exists because of the human factor in it and a proper approach to. To security issue, look at this technology, look at process and the people's perspective. How do you do that? First, awareness, you must bring that awareness and training should be done on a regular basis, not on an adult basis. And you have OEM's like Movie 4 who have systems that could enable you to have your organizations trained on a regular basis and you can have the assessment on the same where the gaps are and try to. Needs to go and send reminders all the time. So that's your team. Your workforce will always be aware of the best security practice and even how to mitigate against them only on a growing basis. It's important to also put in place processes that enable team members to be able to identify. Which shows actions like social engineering practices and able to mitigate against them and if possible there should be programs that are put in place to enable one to be able to report when challenges like this identified in some organizations you could have e-mail address where reports can be shared or portal where one could share or a place where you could have you could have questions and clarifications can be provided so that. You can take the appropriate steps now. If you make this a process within your organization, it helps your team members to be able to take the right action and not just make assumptions but take the right actions around these processes. You need to have a place where supervisors. Also appraised on their ability to enable their team members to identify this kind of threat and be able to deal with it. Consider also the need to create champions. Security champions within different teams, I mean HR, engineering, product development, and all of the kind of things we have within the organizations. You have security champions who help raise their awareness of their team members to keep that culture of of all of identifying when threats are seen and what they should be doing when they see such. When you bring all of this together, what we see is a strong culture within the organization. The goal here is to make sure that everyone is responsible for understanding the duty that is associated with ensuring that the environment is fully secured, because it's secured environment eventually would lead to a prosperous environment. And if you have people who have this awareness or are very conscious of this, this culture will retain and will yield the right kind of result. Proactive security scheme very very important. You will only ensure as much as possible you are head ahead of the malicious times. You want to make sure that you do all you need to do and put all the systems in place to secure your data. Even when planning new projects or new products also it's important to do. Regular risk assessments and check off your critical systems and auxiliary systems. You need to make sure that these security structure can respond at all times. We encourage you to have a proper cyber resilient. Program that will ensure that when this bridge occurs, you can be able to recover 30 and you need to test that program. Do you risk assessment? Do it often. Don't lay down the reports. Whatever is learning from it, work on them to make sure that you are always ready. And finally, you should have school breaks, have good collaboration, have a security partner who can work with to be able to stay ahead of the call. It's important because you can get good information, great insight on your industry as well as other industry and the things that you are meant to do. There's so much to do, but we may not have all the skills and all the knowledge, but we collaborating with the security partner, you will have passes to broader knowledge. Technologic can be worn for you and work with you to help you through that journey continuously no matter what your ambition is. NOW wants you to make that decision now and make sure you are doing the most you can do to protect your organization. That logic is a trusted advisor and partner to several enterprises within the continent, and we can surely help you achieve a secure digital success. Thank you so much for listening to me. Happy cyber security awareness Month Secure.