By Fady Younes, cyber security senior director EMEA at Cisco
Though it may not feel like it, the biggest trends in workforce placement and company IT infrastructure predate the COVID-19 crisis. Many companies were already shifting to multi-cloud environments. The proliferation of the internet of things, an increase in the number of connected devices, and a distributed workforce are all intrinsic parts of companies’ digital transformation efforts. What COVID-19 did was up the pressure on security teams and professionals to deliver adequate service and protection, and embolden cyber criminals with new means and opportunities to attack.
And this is not a minor issue. Our continent’s cyber security is lacking, with many African businesses operating without the necessary protocols. Interpol’s 2021 African Cyberthreat Assessment Report reveals that the most prominent threats in Africa include online scams, digital extortion, business email compromises, ransomware, and botnets. Factor in employees working remotely or from home, and these threats resonate even more.
We need to secure connectivity in a tactical and strategic way. As remote and hybrid work models represent the new preference for many highly skilled workers, we must also consider the circumstances that may prevent us from operating in a secure digital environment.
A new kind of architecture
According to the 2022 Cisco Global Hybrid Work Study, 84.3% of surveyed employees say networking infrastructure is essential for a seamless working-from-home experience. This is a concern since only 67.9% said their company had the appropriate networking infrastructure. From a technical perspective, hybrid work is propelling organisations to abandon traditional perimeter-based models of cyber security. With a distributed workforce and infrastructure, it’s no longer a case of simply protecting your company’s headquarters or a single building.
Organisations should consider a zero-trust approach towards network architecture. Assuming that no internal device is trustworthy is a more resilient approach to cyber security. After establishing user trust, they can then proceed to evaluate the hygiene status of devices, as well as establish a least privilege access model.
Network architecture, such as secure access service edge (SASE), takes zero trust to the next level by consolidating various security functions into a single service. SASE uses secure web gateways and cloud access security brokers to centralise security management, reduce costs, and optimise applications. As our data and employees move to the cloud, so should the ways we protect both.
In short, resilience in cyber security is about moving away from point products to an integrated architecture with a unified platform (as demonstrated by SASE). We need to shift our focus from detection to prevention, prioritising the most critical alerts and automating systems that take care of the rest.
Our behaviour must change
Africa has an appetite for the cloud. The International Data Corporation (IDC) predicts that public cloud services adoption in Sub-Saharan Africa will accelerate at a compound annual growth rate (CAGR) of 25% between 2020 and 2025. This major shift, happening as hybrid work models are becoming more prevalent on the continent, means that employees are moving to a completely different kind of work environment.
But with that move comes the need to revise cyber security strategies. Whatever measures you may deploy to protect your organisation from outside threats, you must also consider the dangers that emanate from the inside. Employees are now working from home, and they are connecting to company networks from personal or unrecognised devices. They may be communicating or interacting with those networks via public Wi-Fi connections, something that itself poses a security risk.
As such, our behaviour needs to change. Organisations must provide the relevant training and resources so that employees are up to date with best practices. By reinforcing a culture of vigilance, companies can protect themselves and their people from cyber threats. This is where automation and prioritising specific protocols, as well as the importance of zero-trust architecture, come into play.
Sourcing the know-how
The world, and Africa especially, faces a shortage of talent when it comes to cyber security. According to KPMG’s Africa Cyber Security Outlook 2022, about two out of three surveyed African companies face challenges in recruiting and training qualified security professionals. This is against a backdrop of three million unfilled cyber security job vacancies globally, a number that’s expected to grow to ten million in the near future.
But at the same time, African enterprises cannot afford to wait for the right skills and solutions to come looking for them. With the Cisco hybrid work report also revealing that fewer than two thirds (64.9%) of employees said their organisations had the right cyber security capabilities and protocols in place, cyber security needs to take priority. With the right training and upskilling policies, organisations can attract and retain the professionals they need to meet their security needs.
Organisations don’t have to do it alone. The presence of reliable IT and security vendors across the continent means they can receive comprehensive support that addresses their most critical vulnerabilities. Vendors are equipped to provide more complex solutions related to automation and overhauling organisations’ architecture.
When it comes to cyber security, companies cannot get by with stop-gap solutions. With a targeted approach to dealing with issues in the face of a hybrid work revolution, we can take steps to enable and secure Africa for the future.