The White House opens a new era of cybersecurity

The United States has been reeling from several major security breaches. Most recently a ransomware attack prevented operations at the Colonial fuel pipeline.

 Last year, hackers believed to be directed by Russian intelligence services infiltrated SolarWinds, a popular IT management software vendor used widely by the US public sector and many private sector companies. Affected companies included Microsoft, Intel and Cisco. The US treasury, Justice and Energy departments were also affected. And earlier this year, Chinese-linked attackers targeted hundreds of thousands of Microsoft Exchange mail servers worldwide.

These incidents represent the tip of the iceberg, and they occur everywhere, not just against the US. Fortunately the security world isn’t complacent. The cybersecurity industry has developed some excellent countermeasures such as multi-factor authentication (MFA), endpoint detection and response (EDR) and models such as zero-trust security.

But whoever said: “Build it and they will come,” was wrong, at least concerning cybersecurity.

Let me give an example. You probably use multi-factor authentication often, through your bank. It will send you an SMS with a unique code or ask you to accept a prompt on your phone. You’ll notice MFA in many places, such as your Gmail account. It’s very effective, but it’s not used nearly as widely as it ought to be.

If I told you that your home would be safer with a security gate in front of your locked door, you’d see the value of that. Yet we tend to become very picky in the digital world and justify why we don’t need a seemingly obvious security feature. We see that gate as an obstruction to us, not the characters we want to keep out.

I understand the reluctance. Cybersecurity can be complicated, and complicated can lead to high costs and low effectiveness. There are other considerations, such as ageing computer systems or how security measures could annoy users and dampen productivity. So organisations play it safe, and the free market doesn’t push certain security features aggressively enough. If it isn’t broken, why fix it? Except, it’s very broken in terms of cybersecurity.

Two common but opposing mindsets adopted by organisations are to deal with a breach when it happens and try to survive versus proactively planning for compromise and adopting best practices, and deploying the right security solutions. Most companies opt for the former, hoping they won’t be targeted — a terrible strategy. 

Cybercriminals are equal opportunists, attacking everything from governments to little companies. We have to be more proactive.

In response to recent breaches, US President Joe Biden signed an executive order that determines best security practice for software companies wishing to do business with US federal departments and agencies. It mandates the use of MFA, endpoint detection and response and encourages zero-trust security, an approach that treats all data interactions with suspicious scrutiny. The order also removes barriers to sharing breach information, enabling the left and right hands to know what each is doing. It establishes a Cyber Safety Review Board to review significant incidents, similar to how the National Transportation Safety Board investigates aircraft crashes, leading to safer aviation.

Compared with previous orders and standards, this one is quite aggressive and prescriptive. It will have an effect. The US government is a large technology customer with considerable procurement power, and the security improvements that arise from the executive order will benefit other security customers. 

I hope other countries, including South Africa, are taking notice. We’ve been progressive with legislation such as the Protection of Personal Information Act. As our country rapidly adopts digital systems, clear guidance from the top will help our public and private sectors to make themselves and their users more secure.

Why should we take the lead and not wait for the US order to create change? The South African government uses many local companies that design custom software that might not have a reason to worry about what happens in North America. If we released a similar benchmark, it would help secure the public sector, the largest spender on information and communications technology, and influence the local tech sector to be more security conscious. 

Several state organs have a say on security, but a message from the top can provide clear benchmarks and expectations that others can strategise and implement.

Breaches in the US make headlines. But cybercrime strikes everywhere. Hopefully, the White House’s executive order will add clarity and direction to get the job done, helping secure our digital futures. If we do the same, South Africa will take another step into becoming a leading digital society.

We make it make sense

If this story helped you navigate your world, subscribe to the M&G today for just R30 for the first three months

Subscribers get access to all our best journalism, subscriber-only newsletters, events and a weekly cryptic crossword.”

Stephen Kreusch
Stephen Kreusch is cybersecurity director at Performanta

Related stories

WELCOME TO YOUR M&G

Already a subscriber? Sign in here

Advertising

Latest stories

Suicide cases soar in Zimbabwe

The economic crisis in the country appears to be pushing people over the mental edge

OPINION| New UK work visa to exclude graduates from Africa

If graduates did not get their qualifications from the list of top 50 universities, 40 of which are in the US, France, China, Hong Kong, Australia, Germany, Canada and Japan, they will be excluded

Hackers infiltrate SA illicit financial flows conference with porn clip

The conference was attended by state agencies, blue- chip global and local non-governmental agencies and public accountability experts

OPINION| South African audiences want more authentic and accurate diversity...

The media has the power to shape perceptions, so television shows and movies can help shape a positive view of people who feel stereotyped
Advertising

press releases

Loading latest Press Releases…
×