The imperative of cyber resilience in an era of escalating threats

Cyber security has come under exponential threat in recent years. Despite best efforts, companies remain unguarded against human error. Phishing emails, one of the most prevalent threats, exploit this weakness, often resulting in costly breaches. South Africa, with its robust financial system, is particularly attractive to cybercriminals testing new tactics.

Emerging threats and their implications

Ransomware, social engineering, and supply chain attacks dominate the current cyber threat landscape. Among these, supply chain attacks have emerged as a critical concern, especially as technology and financial services companies increasingly adopt platform-based, data-driven strategies. Introducing new technologies or third-party services into an organisation's environment inherently brings these sorts of additional cyber risks.

Mobile, cloud, and AI-powered attacks are among the most concerning emerging threats. The common use of mobile devices makes them a prime target for cyberattacks. For instance, mobile malware attacks surged by 51% in the first half of 2023 compared to the previous year. Cloud environments are also under siege, with 82% of data breaches occurring in the cloud, often due to misconfigurations.

AI-powered attacks represent a growing threat, with over half of security professionals anticipating their rise within the next two years. Organisations must adapt by employing AI-driven defences and ensuring they possess the necessary technical skills to secure their cloud environments.

The joint standard on cybersecurity and cyber resilience

Recognising the escalating risks, the Prudential Authority of the South African Reserve Bank and the Financial Sector Conduct Authority issued a Joint Standard in May 2024 for Cybersecurity and Cyber resilience. This standard mandates comprehensive cybersecurity measures for financial institutions, and will come into full effect by June 2025.

In line with global best practices, the Standard encompasses six key functions: Governance, Identification, Protection, Detection, Response, and Recovery. These functions include various proactive measures for developing plans and procedures to manage risks and minimise damage related to cyber security. Key to this is protecting information's confidentiality, integrity, and availability through encryption, access controls, and regular audits.

Under the Standard, continuous monitoring and testing of cybersecurity controls is essential to identify and address vulnerabilities promptly. Managing risks associated with third-party service providers is also critical, ensuring that partners adhere to stringent cybersecurity practices.

Building cyber resilience

The Joint Standard emphasises a top-down approach to cybersecurity starting with strong governance and risk management principles and integrating protection and detection into the organisational fabric. Situational awareness is key to that, as cyber threats constantly evolve. Understanding emerging threats and adapting strategies accordingly is crucial.

Human error remains a significant factor in cybersecurity breaches. Due to this, training and awareness programs are essential to fostering a culture of vigilance among employees. In addition, a comprehensive incident response plan must be developed, including backup strategies and network segmentation, ensuring quick and effective recovery from cyberattacks.

Managing third-party risks is another crucial factor. Organisations must scrutinise their partners' cybersecurity measures and resilience. This vigilance extends to understanding whether these third parties also engage additional partners, creating a complex web of interconnected risks. A great example to learn from was the recent global IT outage that impacted all industries as a result of CrowdStrike. Some organisations were able to recover far quicker than others due to their planning, understanding their third parties, and building resilience procedures for these third parties into their frameworks.

Non-compliance with the Joint Standard may result in significant penalties. For some financial institutions, the cost of compliance can be particularly severe, as these principles are less ingrained in their current operations.

Ultimately, cyber resilience is not just about preventing attacks but about ensuring robust response and recovery mechanisms. By adhering to the Joint Standard, organisations can fortify their defences, mitigate risks, and safeguard their operations in an increasingly perilous cyber landscape.