Cyber Resilience Framework in South Africa

Cyber Resilience framework

Cybersecurity started in the 1980s after Morris created the first worm, a program capable of moving through a network and leaving behind a trail. Ever since then, cybercrime has only evolved to become the digital era’s biggest problem. Subsequently, companies and individuals alike now need to put up exceptional cyber defenses and put down protocols to deal with the aftermath of a cyber-attack. In fact, a cyber resilience framework protects electronic data and systems from cyberattacks. In addition, it ensures business continuity following a successful attack.

There’s an important distinction between cybersecurity and cyber resilience. While the former revolves around preventing a cyber-attack, the latter concerns navigating the aftermath. Cybersecurity focuses on proactive dispositions, whereas cyber resilience focuses on limiting damage and losses as much as possible.

Understanding the Cyber Resilience Framework

Cyber-attacks are becoming more sophisticated as technology evolves; so, what started as a benign worm escalated to malicious code. Cybersecurity is not a foolproof plan. Nevertheless, cyber resilience implements improved preventative measures to minimize the negative impact of cyber-attacks.

  • Offline backup features;
  • Trained staff against internal problems;
  • Recovery plan in case of public relation issue (cyber-attack suffered by a third party);
  • Regular attack simulation exercises;
  • Business continuity plan.

Accordingly, the cyber resilience framework comprises four elements according to IT Governance.

Framework 1: Manage and Protect

This step pertains to managing your defenses and protecting your organization. To that end, there are several measures to be implemented depending on your needs.

  • Malware protection;
  • Information and security policies;
  • Formal information security management program;
  • Identity and access control;
  • Security team competence and training;
  • Staff awareness training;
  • Encryption;
  • Physical and environmental security;
  • Patch management;
  • Network and communications security;
  • Systems Security;
  • Asset management;
  • Supply chain risk management.

Framework 2: Identify and Detect

The next step is hiring a team that monitors your organization’s information and information systems for anomalies.

  • Security monitoring;
  • Active detection.

Framework 3: Respond and Recover

This step addresses quick and effective incident management.

  • Incident response management ;
  • Information and communication technology (ICT) continuity management;
  • Business continuity management;
  • Information sharing and collaboration.

Framework 4: Govern and Assure

This step in the cyber resilience framework aims to ensure cyber resilience is overseen and validated by the organization’s top.

  • Comprehensive risk management program;
  • External validation/certification;  
  • Internal audit;
  • Board-level commitment and involvement;
  • Governance structure and processes;
  • Continual improvement process.

The most important advice anyone can give is to speak to professionals to ensure all appropriate measures are taken.

Cyber Resilience Framework in South Africa

In 2021, Transnet, a prominent South African rail, port, and pipeline company, was the victim of a ransomware attack. The Transnet cyber-attack attack resulted in the company declaring force Majeure (a standard clause in contracts that essentially frees both parties from liability and obligation in the case of an extraordinary event/circumstance beyond the control of either party).

The Transnet cyber-attack was the first of its kind in the African country; The Institute for Security Studies (ISS) dubbed its impact “unprecedented” in South African history. Moreover, South Africa has one of the highest rates of cybercrime victims; unfortunately, ransomware incidents are increasing. Despite good cyber governance (cyber resilience and cybersecurity) being vital to reap the benefits of our digital reality, it is still treated as optional for governments.

South African Cyber Security

The private sector in the country is the biggest employer and one of the biggest consumers of ICT. Therefore, it is especially at risk of cybercrime. In Mimecast’s State of Email Security 2022, South African IT professionals observed the following trends from 2021 to 2022:

  • Three out of four companies saw more email-borne threats.
  • Ninety-four percent were targeted by phishing emails.
  • Fifty-five percent said attacks were increasingly sophisticated — for example, combining multiple techniques in one attack.
  • Sixty percent were hurt by a ransomware attack, up from 47% in the previous year.
  • The resulting downtimes lasted an average of about 11 days.

According to this report, only 33 percent (down from 41 percent in 2021) of the companies feel they have a good grip on cyber resilience.

The Results of a Lack of Cyber Resilience

As a result of the lack of a cyber resilience framework, businesses suffered in the aftermath of the cyber-attacks in South Africa.

  • Forty-nine percent have suffered business disruption.
  • Forty-eight percent have experienced data loss.
  • Forty-two percent reported an impact on employee productivity.
  • Thirty-nine percent saw regulatory compliance drop.

As a result, the average cost of a data breach was around 3 million USD.

The Future of Cyber Resilience Framework

South Africa and any other country cannot afford apathy and negligence in their cyber resilience framework. Connectivity is increasing in all corners of the world. Therefore, the impact of threats on cybersecurity in South Africa is more significant than ever. Consequently, proactive and long-sighted leadership and cyber awareness are vital for effective cyber governance. 

In June 2022, The International Monetary Fund (IMF) released “South Africa: Financial Sector Assessment Program-Technical Note on Cybersecurity Risk Supervision and Oversight,” a technical note based on the information available at the time of completion in June 2021. The authors posed several recommendations, including:

  • Moving toward a consistent multi-sectoral regulatory framework for cyber regulation and operational resilience: Placing prudential standards instead of guidance notes will strengthen the application and enforceability to influence behavior through the total weight of the regulatory framework.
  • Formalizing the cyber resilience frameworks for all systemically important Financial Market Infrastructures (FMIs) with metrics for benchmarking: Metrics and maturity models would allow the FMIs to benchmark and assess their cyber resilience maturity against a set of predefined criteria, such as operational reliability objectives.

Final Thoughts

Not to be mistaken with cybersecurity, cyber resilience is “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources” (Bodeau & Graubart, 2016). The cyber resilience framework has four essential elements: managing, identifying, responding, and governing. While South Africa possesses an advanced framework, it has yet to develop fully. Furthermore, the IMF has suggested many amendments to achieve peak cyber governance to mitigate cyber-attacks in South Africa. Cybersecurity in South Africa is paramount for the country’s evolution.

Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Cybersecurity sections to stay informed and up-to-date with our daily articles.