Businesses are not patching cybersecurity vulnerabilities fast enough – and with the volume of cybersecurity incidents increasing, this should be an area of concern for ICT teams.
This is a key finding of the Security Navigator 2023 research report from Orange Cyberdefense – a specialist arm of the Orange Group dedicated to cybersecurity.
It gives readers valuable insight into the South African and global threat landscape to help build a safer digital society.
The 2023 report examined almost 100,000 potential incidents that were investigated by Orange Cyberdefense teams in 2022 – including nearly 30,000 confirmed security issues.
Because of this incredible sample size, as well as Orange’s worldwide reach, Orange Cyberdefense can provide a truly global overview of the threat landscape.
South Africans feature strongly in the global report which is compiled by Charl van der Walt, Head of Security Research at Orange Cyberdefense, and his Security Research team. The report also features contributions from South Africans Wicus Ross and Ulrich Swart.
Orange Cyberdefense has had an office in South Africa since 2000 when it was originally called SensePost. It was later acquired by the Orange Group and rebranded to Orange Cyberdefense South Africa in 2019.
The SensePost name still exists within Orange Cyberdefense today in the form of the SensePost Ethical Hacking Team, which comprises ethical hackers from South Africa and across Europe.
For the first time ever, the Security Navigator 2023 report includes an analysis of penetration testing data from the last 4 years. This data comes from the SensePost ethical hacking team and contains insights from the South African teams’ penetration tests since 2018.
Dominic White, Managing Director of Orange Cyberdefense South Africa, said:
“For the first time in our 22 year history – we’ve published an analysis of our pentest findings for the last five years. Charl van der Walt has wanted to do this for years. It took a ton of work from technical challenges like extracting the data to meta challenges like preserving the confidentiality of individual customers data. We don’t know of many other people doing this and even sharing this level of data is transparent to the point of discomfort.”
Dillon Bensusan, Marketing Lead at Orange Cyberdefense South Africa, explained that research and threat intelligence are core focuses of the organisation:
“Part of how we enable our customers to make strong decisions about Information Security that support their business performance is through deep insight and dedicated research into the ever-shifting threat landscape.”
The report found that the volume of cybersecurity incidents across the world is gradually rising, but the rate of increase is decelerating.
Orange Cyberdefense saw an incident increase of 5% – compared to a 13% increase the previous year – and an average of 34 incidents every month per customer.
“What’s more – when we limited the analysis to a subset of customers that have been in our data consistently for multiple years, so we can account for other variables like new customers, or new sources of telemetry, this ‘normalised’ perspective then results in a 17.7% decrease in incidents per customer per month,” said Charl van der Walt.
Van der Walt said this is encouraging, as it suggests that an increasing number of cyberbattles are being won.
The Security Navigator 2023 report also noted a geographical shift in attacks, with malicious parties switching their focus from North America and Canada to regions like Europe, Asia, and emerging markets like South Africa.
According to van der Walt, a key reason for this could be that the US and her allies have increased pressure on the cybercriminals in various ways – so these criminals have moved onto new markets.
The South African market, therefore, needs to be cautious – particularly because 4.5 times more SMEs fall victim to cyber extortion than medium and large businesses combined.
South Africa has several million SMEs that contribute roughly 34% to its GDP and offer immense potential for growth, so they must be prepared to defend themselves against attacks.
Van der Walt said that one great way to discourage cybercriminals from targeting South African organisations is by implementing “creative and effective political measures and regulatory efforts.”
“South Africa should work with Western agencies by sharing information and collaborating – for example, between law enforcement activities, or by participating in global accords regarding cyber norms, crypto currencies, and more, as cybercriminals will be discouraged from targeting the country’s organisations thanks to these links.”
Another key finding in the Security Navigator 2023 report is that vulnerabilities are taking worryingly long to patch.
Businesses were found to be taking an average of 215 days to patch vulnerabilities after they have been reported.
Even critical vulnerabilities take at least half a year to get patched – and while this is faster than the average, it is still a concerningly long time for businesses to leave themselves vulnerable.
Van der Walt highlighted mobile phones as an example of employee devices that businesses will need to ensure are patched in the future to protect their networks.
Even then, vulnerabilities in smartphone operating systems often take several months to be patched – but businesses will need to do what they can to minimise their risk.
Article by mybroadband.co.za photo via unplsash.com