Building a security strategy to give hackers a hard time

When a professional boxer steps into the ring, it’s typically after months of preparation, countless bouts of sparring and extensive analysis of their opponent, all combined to develop a winning game plan.

With cyberattacks becoming increasingly sophisticated, cybersecurity heavyweights have been employing a similar strategy – stepping into the ring and sparring to predict where and how their cybercriminal counterparts will strike next.

If we look at what’s happening in Africa, we see a cybercrime landscape that is heating up.

Cyberattacks have increased in scale, shutting down companies, cities and entire countries. They’ve also become more costly – almost half of the attacks in 2018 resulted in damage of more than $500,000.

The result is while companies are more concerned about cyber risk than ever, their confidence in their ability to manage cyber risk has declined. According to Microsoft’s 2019 Global Cyber Risk Perception Survey, 79 percent of organizations worldwide ranked cyber risk as a top five concern for their company last year. This up from 62 percent in 2017.

For cybersecurity professionals who want to take on hackers and win – the days of playing defense are long over.

This is why companies are assembling their own teams of talented security experts, so they can role play as “hackers” to try and identify security vulnerabilities before they can be exploited by others. Microsoft’s team of hackers is known as the Red Team, and tests all of Microsoft’s systems and services to identify potential vulnerabilities before cybercriminals can exploit them.

The team operates in the same way as a skilled team of attackers – gathering intelligence about their target, finding strings of vulnerabilities and then building the most sophisticated exploits. Essentially the Red Team attacks Microsoft’s own products and when they find flaws, they can then share that information back with the engineering team whose job it is to continuously improve Microsoft’s products.

It’s a strategy that’s proved very successful. During its first year alone, the Red Team’s work predicted zero-day threats and blocked attacks by the world’s most advanced attackers, including nation states.

Their work is the reason why Windows 10 and its apps have blocked some unprecedented attacks by leading hacking groups.

Most importantly, they’ve also made significant inroads in helping to ensure Microsoft software is as secure as possible for its customers.

How small businesses can stay secure in the new digital era

The ability to access new and effective security features built in products like Windows 10 will become increasingly important as businesses across Africa continue to embrace digital transformation. By just 2025, Africa’s digital economy is expected to reach $315 billion, accounting for seven percent of the continent’s GDP.

The mobile economy in particular is booming. And while the mobile revolution began with the transfer of money, mobile has now become a platform for innovation, with new products and services being introduced all the time. In fact, many small and medium-sized companies in countries like Nigeria are embracing a completely mobile-first approach to business.

The adoption of emerging technology, such as cloud and IoT, is also taking place at a rapid pace in different countries across the continent. According to research conducted by World Wide Worx, around 58 percent of small South African businesses intend to include cloud technology in their future plans. Another 25 percent are already making use of IoT.

Though the adoption of these technologies will accelerate Africa’s transition to a digital economy, it will also increase the exposure of businesses to cyber threat if they don’t have the right security measures in place.

This is particularly the case for small business as they generally don’t have access to in-house security teams or major security budgets. For these businesses the ability to draw on security products constantly updated through the power of the cloud and based on intelligence from across Microsoft’s wide variety of threat researchers and experts, including the Red Team, is invaluable.

On a recent trip to Johannesburg to meet with customers, analysts and key African press, leader of the Red Team, David Weston, elaborated on some of the simple cybersecurity measures small businesses should prioritize to ensure they remain secure.

The importance of embracing the basic security measures that Weston recommends cannot be overstated. Often it’s the lack of day-to-day security fundamentals that ends up becoming a business’ biggest cybersecurity challenge. In fact, most times it’s the security basics that can make or break an organisation’s ability to stay a step ahead of cybercriminals in the ongoing, high-stakes cyber showdown.