Sponsored: Managed solutions: The key to cyber resilience

Cybercrime is not going away.

01 November 2023

Mariska Scriba, Head of Enterprise Security Services at MTN Business.

Cybercrime is not going away. It’s going to continue putting demands on developing combatant technologies, heighten the need for cybersecurity skills and underscore the need to be nimble and cyber-ready.

As the world’s way of working transformed overnight thanks to Covid, technology has become an integral part of our lives. Technology advances have been remarkable, but they have also become very useful tools for bad threat actors.

“Tools like artificial intelligence (AI), Chat GBT and quantum computing are beneficial and also challenging,” says Mariska Scriba, Head of Enterprise Security, MTN Business. “They can help organisations at different levels, depending on their cybersecurity maturity, but they are making it easier and easier for criminals to develop new tactics and techniques – and hackers don’t need to be very tech-savvy to penetrate a vulnerable client or create malicious code.

“Both AI and quantum computing will help with monitoring. Quantum computing and its potential holds promise for encryption advances, but both technologies need ethical guidelines.

“The only way to address cybersecurity is to constantly reinforce cyber resilience in order to prepare for, respond to, and recover from cyber-attacks in a way that minimises disruption. Managed solutions can help organisations achieve this cyber resilience by providing expert support and guidance.”

Scriba says that with the number of people working from home on their laptop or mobile device, organisations need to consider enterprise mobility management solutions to manage devices, solutions such as those MTN has available within its comprehensive and diverse cybersecurity portfolio.

“We help our clients respond to cyber attacks and, depending on what their needs are, provide them with what they require to prevent an attack, such as real-time monitoring, incident response and planning, cyber awareness and training, and mitigation tactics, including a PR strategy to minimise reputational damage. We always urge that there be transparent and proactive communications with all stakeholders and we guide what to say to the press.

“We provide the antidote to the chaos and help with the incident response plan for each client, defusing the possibility of rash decisions and helping them through our security operations centre and being on-site with them to mitigate and resolve any cybersecurity breach. We want to ensure business continuity; in the event of a breach, our security operations centre maintains constant contact with the client, activating the tailored incident response plans we have helped them put in place.

“We offer digital forensics, which are important when a hack happens because we want to know how to manage it.

“We also have the internal clout and trusted partnerships to provide the necessary skills – a critical resource considering the global and local dearth of cybersecurity skills available at the moment. Protection ties back to the skills available, as well as fostering and nurturing a cyber culture of awareness and the knowledge, for example, that will enable employees to know what to look for in a phishing email.

“I cannot stress enough the importance for CISOs to look at the organisation's total security posture, understanding the entire network and putting technologies in where vulnerabilities have been identified. CISOs should also prioritise security maturity assessments, evaluating these against industry-recommended practices and building their short-, medium- and long-term roadmaps around their cybersecurity maturity.”

Safety net

Insurance, Scriba says, is an important safety net, affording coverage of such costs as legal fees, digital forensics and recovery. She says the MTN approach to clients’ insurance is to align each client’s security with the requirements of insurance companies.

“We work closely with clients to identify security gaps and access points, helping them to implement controls and ensure privileged access management underlines the levels of security required.

“Insider threats are one of the biggest to address and requires a comprehensive strategy. Promoting a sense of responsibility can significantly mitigate the risks, as is having policies in place detailing what is allowed, what is not allowed and the consequences for breaking the policies. MTN, for example, has advanced monitoring protocols in place internally and with its clients using its enterprise mobility management solutions.”

Scriba also says that third party cyber attacks and threats can originate through an IT service provider. She stresses the importance of constant due diligence and holding partners to high security standards. “If our partners are breached, MTN’s reputation is also at risk.

“With cloud computing becoming massive and affording easier access to data, MTN has cloud security platforms and we deploy secure cloud architecture, conduct constant vulnerability assessments and use complex encryption methods to secure our data.”

Building scarce skills

Scriba says fostering the development of local talent is vital – especially as South Africa is still losing scarce skills as people leave the country.

“We invest in local talent and promote self-sufficiency in the workforce. We need the global partnerships, but we have to build our nation’s cyber skills. Schools and universities really should be offering cybersecurity courses and degrees.

“As part of its skills development, MTN has training programmes and platforms in place with multiple different topics to create awareness of such important factors as secure browsing.

“We also have our MTN Skills Academy, aimed at providing access to digital and financial skills training across Africa, to increase digital skills and increase employment opportunities,” she concludes.