ITNewsAfrica logo

linkedin   twitter icon   facebook


City held to ransom: how to safeguard your network from attack

Holistic solution suite and ongoing updates and maintenance required, says Networks Unlimited Africa

JOHANNESBURG – July 29, 2019 – In the wake of last week’s City Power ransomware attack, ongoing vigilance, maintenance of systems and a holistic approach to security remains vital for critical infrastructure entities. This is according to Stefan van de Giessen, general manager: cybersecurity at value-added distributor Networks Unlimited Africa.

Van de Giessen says, “Security needs to have a layered approach, ensuring each level is protected with effective technology. A systematic, unified, layered posture ensures that all attack vectors are covered. An effective IT security ecosystem involves the holistic consolidation of tools and intelligence, and analytics should feature strongly in the technology deployed to protect the network.

“Building a next-generation security solution should include various products that complement each other starting with perimeter protection; end point and secure email solution. Having these three is a vital start to your security posture. Once your baseline is established, we need to look at how at how we protect against unknown threats, encryption of your data and ultimately deploy decoys in your network to lure hackers off your network. We advise adopting a phased approach to developing a layered posture due to cost and the complexity of management.”

Van de Giessen outlines this phased approach as follows:

  • Investing in a next-gen firewall (NGFW), next-gen antivirus (NGAV) with EDR capabilities and a secure e-mail solution is critical in securing against the most prevalent attacks. It is vital to make sure, when choosing your vendor of choice, that they have been tested by third parties such a Gartner & NSS Labs to ensure security effectiveness.
  • Protecting your applications that are internet facing and transacting with customers online: a web application firewall (WAF) and a secure payment gateway will ensure these applications and website are protected, and comply with PCI , POPIA and GDPR compliance irrespective if these are on premise or in the cloud. Onsite and offsite backups are best practice.
  • User education and training is essential in making sure that employees are able to recognise and respond accordingly to suspicious and malicious activity. This also means that any threats which bypass security measures are picked up at the last line of defence.
  • Having an advanced threat protection (ATP) strategy has become necessary as malware and threats are evolving constantly, making it hard to rely on a known signature alone. The need to include an ATP product in your security structure is now more relevant than ever to ensure we can stop zero-day attacks.

“It is never easy for an organisation to admit to a cybersecurity breach and we applaud City Power for its honesty in owning up to the reason for their systems outages, as well as for not paying the ransom demanded by the threat actors. At the same time, it should be noted that in being transparent, the organisation also acted according to compliancy principles as outlined by the European Union’s General Data Protection Regulation (GDPR) and South Africa’s Protection of Personal Information Act (POPIA).

“The phased security posture advice outlined above applies to on premise, cloud and hybrid environments. Additionally, device, operating system, software and policy updates should be carried out regularly and stringently to ensure no vulnerabilities can be exploited,” concludes Van de Giessen.

About Networks Unlimited
Networks Unlimited is a value-added distributor, offering the best and latest solutions within the converged technology, data centre, networking, and security landscapes. The company distributes best-of-breed products, including Arbor Networks, Fortinet, F5, Mellanox, ProLabs, Rackmount, RSA, Rubrik, Silver Peak and Tintri. The product portfolio provides solutions from the edge to the data centre, and addresses key areas such as cloud networking and integration, WAN optimisation, application performance management, application delivery networking, Wi-Fi-, mobile- and networking security, load balancing, data centre in-a-box, and storage for virtual machines.

Since its formation in 1994, Networks Unlimited has continually adapted to today's progressively competitive and evolving marketplace, and has reaped the benefits by being a leading value-added distributor (VAD) within the Sub-Saharan Africa market. Networks Unlimited complies with the South African Broad-Based Black Economic Empowerment (B-BBEE) guidelines as a Level 4 Contributor.

Networks Unlimited, David Wilson, +27 (0) 11 202 8400, david.wilson@nu.co.za
icomm, Vivienne Fouché, +27 (0) 82 602 1635, vivienne@pr.co.za, www.icomm-pr.co.za




ITNewsAfrica logo

Download Button