Securing African operations in a remote, hybrid and cloud-based world
Since launching in 2018, Deimos has consulted on and resolved numerous cybersecurity threats and hacks that have arisen as a result of businesses not adhering to ‘best practi...
06/01/2023 | 2 Minute Read
Since launching in 2018, Deimos has consulted on and resolved numerous cybersecurity threats and hacks that have arisen as a result of businesses not adhering to ‘best practices’. At the 6th Africa Tech Summit (ATS) event in London, Deimos held a masterclass to speak to some of Africa’s most promising and leading tech companies on how to keep their businesses and systems safe from cyberattacks. ATS is a leading event focused on African tech and investment across the continent and provides unrivalled insight, exclusive networking and business opportunities for tech leaders and investors.
CEO Andrew Mori presented a masterclass on “Securing African Operations in a remote, hybrid and cloud-based world.’’ The masterclass session examined the system vulnerabilities of businesses as remote, and hybrid working becomes the new normal. The session also explored how businesses can apply good security hygiene to identify and secure all ingress and egress points.
Of all the challenges that leave companies with a hybrid workforce vulnerable to cyberattacks, the most common obstacle is securing the networks used by remote staff, which has been exacerbated since the pandemic. Whether at home, in a hotel or airport, remote employees rely on Wi-Fi networks to connect to their company network. Using personal or public Wi-Fi to connect to a company network exposes remote employees to unauthorised access, most notably from hackers.
Andrew further evaluated the African tech ecosystem – majorly the Fintech, Edtech, Ecommerce, Pure Saas and found:
- Security and other best practices are often an afterthought
- Startup growth at all costs – startups are more concerned about growing the number of customers
- Massive technical debt
- Systems failing as they are not built to scale
- A lack of auditability
- Young and ambitious Engineers, at early to mid-stage startups, lack the experience that failure brings
All of these inadequacies are already causing some catastrophes in businesses. There are incidents of large-scale theft, massive amounts of technical debt and application failures across industries. Taking Uber as an example, Uber was hacked due to a vulnerability in its multi-factor authentication system (MFA). Through social engineering, the hacker compromised an employee’s VPN account and gained complete access to the cloud-based systems where Uber stores sensitive customer and financial information. The attack was a result of spear phishing. In spear phishing, hackers pose as a trustworthy person or entity and target a specific person to gain access to sensitive information. The cyberattack was carried out by a group that has breached Microsoft, Cisco, Samsung, Nvidia and Okta, among others, typically using similar techniques. Though the Uber hack is unfortunate, having such a public company be visibly hacked is a lesson that the rest of us can apply to significantly reduce the risk of being hacked.
However, one of the key takeaways from Uber and other big companies’ hacks is that risks occur internally. It is nearly impossible for a hacker to get into a company’s system without first compromising a team member. It is, therefore, imperative that businesses ensure that their employees follow best practices. Essentially, adopting more secure methods of authenticating users is essential to ward off the ever-present threats of today’s digital landscape. As a remote/hybrid workplace, one of the policies you must enforce is not trusting email or Slack conversations when it comes to authorising accounts. One of the notable ways to guide against this is by promoting the use of secondary identity verification methods, such as video or phone calls. Creating unique passwords is not sufficient to prevent a security breach; this is where secondary identity verification methods can prove to be a lifesaver.
This policy should be accompanied by an effective technology partner, such as Deimos. Some of the services we have to offer against cyber threats are;
- Incident Response
- Access Control / Lockup
- System-Wide Audits
- Build a roadmap to improve security posture
- Shift Left
- 24/7/365 proactive monitoring
Need someone to assess your current and potential security threats? Click here, and a Deimos consultant will be in contact shortly.