All Article Properties:
{
"access_control": false,
"status": "publish",
"objectType": "Article",
"id": "2300599",
"signature": "Article:2300599",
"url": "https://staging.dailymaverick.co.za/article/2024-08-01-cybersecurity-lessons-and-best-practice-in-the-wake-of-the-crowdstrike-outage/",
"shorturl": "https://staging.dailymaverick.co.za/article/2300599",
"slug": "cybersecurity-lessons-and-best-practice-in-the-wake-of-the-crowdstrike-outage",
"contentType": {
"id": "1",
"name": "Article",
"slug": "article"
},
"views": 0,
"comments": 0,
"preview_limit": null,
"excludedFromGoogleSearchEngine": 0,
"title": "Cybersecurity lessons and best practice in the wake of the CrowdStrike outage",
"firstPublished": "2024-08-01 22:37:18",
"lastUpdate": "2024-08-01 22:37:21",
"categories": [
{
"id": "9",
"name": "Business Maverick",
"signature": "Category:9",
"slug": "business-maverick",
"typeId": {
"typeId": "1",
"name": "Daily Maverick",
"slug": "",
"includeInIssue": "0",
"shortened_domain": "",
"stylesheetClass": "",
"domain": "staging.dailymaverick.co.za",
"articleUrlPrefix": "",
"access_groups": "[]",
"locale": "",
"preview_limit": null
},
"parentId": null,
"parent": [],
"image": "",
"cover": "",
"logo": "",
"paid": "0",
"objectType": "Category",
"url": "https://staging.dailymaverick.co.za/category/business-maverick/",
"cssCode": "",
"template": "default",
"tagline": "",
"link_param": null,
"description": "",
"metaDescription": "",
"order": "0",
"pageId": null,
"articlesCount": null,
"allowComments": "1",
"accessType": "freecount",
"status": "1",
"children": [],
"cached": true
}
],
"content_length": 6435,
"contents": "Less than two weeks after the massive CrowdStrike outage of 19 July affected Windows users the world over, the cybersecurity industry has drawn up a series of lessons that can be taken forward.\r\n\r\nThe unprecedented scale of the outage has sparked intense discussions about cybersecurity practices, vendor accountability, and the risks associated with centralised IT services.\r\n\r\n<strong>Read more: </strong><a href=\"https://www.dailymaverick.co.za/article/2024-07-20-global-it-outage-highlights-the-hazards-of-technology-software-concentration/\">Global IT outage highlights the hazards of technology software concentration</a>\r\n\r\nStephen Osler, the co-founder and business development director at Nclose, said one of the most promising developments was the possibility of a new collaborative approach to software testing and deployment.\r\n\r\n“There is the potential for a deployment alliance, where member vendors subscribe to best-practice methodologies for testing software updates before deployment. A signing authority could also validate certain procedures. This would show vendor alignment with global best practice and give assurances to customers,” he said.\r\n\r\nWhile the full ramifications of the outage are still unfolding, one thing is clear: it has irreversibly altered the cybersecurity landscape. As organisations worldwide re-evaluate their IT strategies and vendors revamp their processes, the industry is ready for a new era of collaboration, accountability and resilience.\r\n\r\nSouth Africa has the fifth-worst <a href=\"https://www.itweb.co.za/article/south-africa-ranked-5th-on-global-cyber-crime-density-list/KA3WwMdz1nBvrydZ\">cybercrime density</a> globally and only 26% of SA companies recently surveyed have cybersecurity insurance in place.\r\n\r\nMore than <a href=\"https://privacyrights.org/\">10.9 billion</a> sensitive records were breached globally from 2005 to 2018. Cybercrime affects all industries, but two in particular — health and financial services — must always ensure uptime and sensitive data protection.\r\n\r\n<p><img loading=\"lazy\" class=\"size-full wp-image-2299963\" src=\"https://www.dailymaverick.co.za/wp-content/uploads/2024/08/Dirk-Photo-New-scaled.jpeg\" alt=\"cybersecurity crowdstrike\" width=\"1707\" height=\"2560\" /> <em>Dirk Labuschagne, chief information security officer at Direct Transact. (Photo: Supplied)</em></p>\r\n\r\nDirk Labuschagne, the chief information security officer at one of South Africa’s largest banking and payments service providers, Direct Transact, is a member of a special SA Reserve Bank task team to prepare for the eventuality of a nationwide outage.\r\n\r\nLabuschagne shared six top cybercrime mitigation tactics. As it turns out, several regulators and security organisations have released updated cybersecurity and data security guidelines this year.\r\n<ol>\r\n \t<li><strong> Compliance with the 2024 Cybersecurity Framework (CSF)</strong></li>\r\n</ol>\r\nThe US’s National Institute for Standards and Technology has published a<a href=\"https://www.theregister.com/2024/02/27/nist_cybersecurity_framework_2/\"> 2024 Cybersecurity Framework (CSF</a>), which includes information on how cybersecurity should be governed within organisations, including covering the organisational context, risk management strategies and supply chain risk management.\r\n<ol start=\"2\">\r\n \t<li><strong> PCI-DSS compliance for organisations using bank cards</strong></li>\r\n</ol>\r\nThe <a href=\"https://www.pcisecuritystandards.org/pdfs/pci_ssc_quick_guide.pdf\">PCI-DSS compliance framework</a> offers detailed guidance for the payments industry on how to maintain the highest levels of security when it comes to sensitive card payment data.\r\n<ol start=\"3\">\r\n \t<li><strong> The South African Reserve Bank’s updated 2024 rules </strong></li>\r\n</ol>\r\nThe South African Reserve Bank recently released <a href=\"https://www.resbank.co.za/content/dam/sarb/publications/prudential-authority/pa-public-awareness/covid-19-response/2024/joint-comms-2-of-2024/Joint%20Standard%20-%20Cybersecurity%20and%20Cyber%20Resilience.zip\">The Joint Standard: Cybersecurity and Cyber Resilience</a>, which sets out best practices and processes relating to cybersecurity and cyber resilience for the National Payments System in South Africa.\r\n\r\nThe standard specifically looks at developments in the payments space, related to digitisation, financial technology, automation and artificial intelligence, and what risks need to be managed. Labuschagne said all banks, payment players and financial institutions must familiarise themselves with and implement these standards before they officially come into effect on 1 June 2025.\r\n<ol start=\"4\">\r\n \t<li><strong> Top-down buy-in </strong></li>\r\n</ol>\r\nLabuschagne says one of the top requirements for successful cybersecurity is that it is supported and adopted with a top-down approach.\r\n\r\n“Cybersecurity cannot be relegated just to the IT department. A strong cybersecurity strategy needs to be driven from the board and C-suite level in order for it to become ingrained in the company’s culture, operations and workflows.\r\n\r\n“Cyber attackers look for chinks in the armour of an organisation, and if an organisation is well-managed and unified around cybersecurity, it will be much harder for bad actors to find vulnerabilities,” he says.\r\n<ol start=\"5\">\r\n \t<li><strong> Phishing emails to staff is one of the biggest vulnerabilities</strong></li>\r\n</ol>\r\nDeloitte estimates that more than 95% of cybersecurity attacks on organisations are preventable and that 90% of successful malware or ransomware attacks on organisations are due to staff negligence, such as clicking on phishing emails.\r\n\r\n“When it comes to instilling a healthy and robust cybersecurity culture in your organisation, it’s far better to use a carrot rather than a stick approach. Ultimately, a cybersecurity education and awareness strategy can only succeed if there is willing participation from all staff members.\r\n\r\n“Gamification and incentivisation are great ways to get cooperation from everyone in the organisation,” Labuschagne recommends.\r\n<ol start=\"6\">\r\n \t<li><strong> Updated technology and a good data set-up</strong></li>\r\n</ol>\r\nWhile it helps to have the most up-to-date technology, a secure data centre also goes a long way towards improving cybersecurity within an organisation.\r\n\r\nLabuschagne says a secure data centre should have immutable storage, application contingency and disaster recovery solutions in the event of natural disasters, intensified nationwide load shedding and any other adverse and unexpected events.\r\n\r\n“It’s also wise to do regular penetration testing on your data centre. Direct Transact, for instance, uses testers who are approved by the PCI Council, who we invite to try to breach our defences via multiple attack vectors. If they find vulnerabilities or weaknesses, we’ll know where to strengthen our defences,” he says.\r\n<p style=\"text-align: center;\">***</p>\r\nThe vice-president and principal analyst at Forrester, Andras Cser, largely agrees, saying tech leaders should use infrastructure automation where possible to avoid manual recovery procedures, along with developing rollback and regression capabilities, testing them often to ensure that systems can be recovered to a previous state.\r\n\r\n“Customers need to ask for business interruption indemnification clauses in the event of a software update gone awry such as the current CrowdStrike one. For software that runs in trusted spaces with automatic updates, especially those that impact/use kernel modules or otherwise may impact operating system stability, this could be seen as a necessary step toward building back trust,” he says. <strong>DM</strong>",
"teaser": "Cybersecurity lessons and best practice in the wake of the CrowdStrike outage",
"externalUrl": "",
"sponsor": null,
"authors": [
{
"id": "64897",
"name": "Neesa Moodley",
"image": "https://www.dailymaverick.co.za/wp-content/uploads/2023/09/NeesaMoodley.jpeg",
"url": "https://staging.dailymaverick.co.za/author/neesa-moodley/",
"editorialName": "neesa-moodley",
"department": "",
"name_latin": ""
}
],
"description": "",
"keywords": [
{
"type": "Keyword",
"data": {
"keywordId": "7321",
"name": "Deloitte",
"url": "https://staging.dailymaverick.co.za/keyword/deloitte/",
"slug": "deloitte",
"description": "",
"articlesCount": 0,
"replacedWith": null,
"display_name": "Deloitte",
"translations": null
}
},
{
"type": "Keyword",
"data": {
"keywordId": "12438",
"name": "Cyberattacks",
"url": "https://staging.dailymaverick.co.za/keyword/cyberattacks/",
"slug": "cyberattacks",
"description": "",
"articlesCount": 0,
"replacedWith": null,
"display_name": "Cyberattacks",
"translations": null
}
},
{
"type": "Keyword",
"data": {
"keywordId": "51418",
"name": "SA Reserve Bank",
"url": "https://staging.dailymaverick.co.za/keyword/sa-reserve-bank/",
"slug": "sa-reserve-bank",
"description": "",
"articlesCount": 0,
"replacedWith": null,
"display_name": "SA Reserve Bank",
"translations": null
}
},
{
"type": "Keyword",
"data": {
"keywordId": "85262",
"name": "Cybersecurity",
"url": "https://staging.dailymaverick.co.za/keyword/cybersecurity/",
"slug": "cybersecurity",
"description": "",
"articlesCount": 0,
"replacedWith": null,
"display_name": "Cybersecurity",
"translations": null
}
},
{
"type": "Keyword",
"data": {
"keywordId": "383924",
"name": "Neesa Moodley",
"url": "https://staging.dailymaverick.co.za/keyword/neesa-moodley/",
"slug": "neesa-moodley",
"description": "",
"articlesCount": 0,
"replacedWith": null,
"display_name": "Neesa Moodley",
"translations": null
}
},
{
"type": "Keyword",
"data": {
"keywordId": "392277",
"name": "Crowdstrike",
"url": "https://staging.dailymaverick.co.za/keyword/crowdstrike/",
"slug": "crowdstrike",
"description": "",
"articlesCount": 0,
"replacedWith": null,
"display_name": "Crowdstrike",
"translations": null
}
}
],
"short_summary": null,
"source": null,
"related": [],
"options": [],
"attachments": [
{
"id": "110892",
"name": "Dirk Labuschagne, chief information security officer at Direct Transact. (Photo: Suplied)",
"description": "Less than two weeks after the massive CrowdStrike outage of 19 July affected Windows users the world over, the cybersecurity industry has drawn up a series of lessons that can be taken forward.\r\n\r\nThe unprecedented scale of the outage has sparked intense discussions about cybersecurity practices, vendor accountability, and the risks associated with centralised IT services.\r\n\r\n<strong>Read more: </strong><a href=\"https://www.dailymaverick.co.za/article/2024-07-20-global-it-outage-highlights-the-hazards-of-technology-software-concentration/\">Global IT outage highlights the hazards of technology software concentration</a>\r\n\r\nStephen Osler, the co-founder and business development director at Nclose, said one of the most promising developments was the possibility of a new collaborative approach to software testing and deployment.\r\n\r\n“There is the potential for a deployment alliance, where member vendors subscribe to best-practice methodologies for testing software updates before deployment. A signing authority could also validate certain procedures. This would show vendor alignment with global best practice and give assurances to customers,” he said.\r\n\r\nWhile the full ramifications of the outage are still unfolding, one thing is clear: it has irreversibly altered the cybersecurity landscape. As organisations worldwide re-evaluate their IT strategies and vendors revamp their processes, the industry is ready for a new era of collaboration, accountability and resilience.\r\n\r\nSouth Africa has the fifth-worst <a href=\"https://www.itweb.co.za/article/south-africa-ranked-5th-on-global-cyber-crime-density-list/KA3WwMdz1nBvrydZ\">cybercrime density</a> globally and only 26% of SA companies recently surveyed have cybersecurity insurance in place.\r\n\r\nMore than <a href=\"https://privacyrights.org/\">10.9 billion</a> sensitive records were breached globally from 2005 to 2018. Cybercrime affects all industries, but two in particular — health and financial services — must always ensure uptime and sensitive data protection.\r\n\r\n[caption id=\"attachment_2299963\" align=\"alignnone\" width=\"1707\"]<img class=\"size-full wp-image-2299963\" src=\"https://www.dailymaverick.co.za/wp-content/uploads/2024/08/Dirk-Photo-New-scaled.jpeg\" alt=\"cybersecurity crowdstrike\" width=\"1707\" height=\"2560\" /> <em>Dirk Labuschagne, chief information security officer at Direct Transact. (Photo: Supplied)</em>[/caption]\r\n\r\nDirk Labuschagne, the chief information security officer at one of South Africa’s largest banking and payments service providers, Direct Transact, is a member of a special SA Reserve Bank task team to prepare for the eventuality of a nationwide outage.\r\n\r\nLabuschagne shared six top cybercrime mitigation tactics. As it turns out, several regulators and security organisations have released updated cybersecurity and data security guidelines this year.\r\n<ol>\r\n \t<li><strong> Compliance with the 2024 Cybersecurity Framework (CSF)</strong></li>\r\n</ol>\r\nThe US’s National Institute for Standards and Technology has published a<a href=\"https://www.theregister.com/2024/02/27/nist_cybersecurity_framework_2/\"> 2024 Cybersecurity Framework (CSF</a>), which includes information on how cybersecurity should be governed within organisations, including covering the organisational context, risk management strategies and supply chain risk management.\r\n<ol start=\"2\">\r\n \t<li><strong> PCI-DSS compliance for organisations using bank cards</strong></li>\r\n</ol>\r\nThe <a href=\"https://www.pcisecuritystandards.org/pdfs/pci_ssc_quick_guide.pdf\">PCI-DSS compliance framework</a> offers detailed guidance for the payments industry on how to maintain the highest levels of security when it comes to sensitive card payment data.\r\n<ol start=\"3\">\r\n \t<li><strong> The South African Reserve Bank’s updated 2024 rules </strong></li>\r\n</ol>\r\nThe South African Reserve Bank recently released <a href=\"https://www.resbank.co.za/content/dam/sarb/publications/prudential-authority/pa-public-awareness/covid-19-response/2024/joint-comms-2-of-2024/Joint%20Standard%20-%20Cybersecurity%20and%20Cyber%20Resilience.zip\">The Joint Standard: Cybersecurity and Cyber Resilience</a>, which sets out best practices and processes relating to cybersecurity and cyber resilience for the National Payments System in South Africa.\r\n\r\nThe standard specifically looks at developments in the payments space, related to digitisation, financial technology, automation and artificial intelligence, and what risks need to be managed. Labuschagne said all banks, payment players and financial institutions must familiarise themselves with and implement these standards before they officially come into effect on 1 June 2025.\r\n<ol start=\"4\">\r\n \t<li><strong> Top-down buy-in </strong></li>\r\n</ol>\r\nLabuschagne says one of the top requirements for successful cybersecurity is that it is supported and adopted with a top-down approach.\r\n\r\n“Cybersecurity cannot be relegated just to the IT department. A strong cybersecurity strategy needs to be driven from the board and C-suite level in order for it to become ingrained in the company’s culture, operations and workflows.\r\n\r\n“Cyber attackers look for chinks in the armour of an organisation, and if an organisation is well-managed and unified around cybersecurity, it will be much harder for bad actors to find vulnerabilities,” he says.\r\n<ol start=\"5\">\r\n \t<li><strong> Phishing emails to staff is one of the biggest vulnerabilities</strong></li>\r\n</ol>\r\nDeloitte estimates that more than 95% of cybersecurity attacks on organisations are preventable and that 90% of successful malware or ransomware attacks on organisations are due to staff negligence, such as clicking on phishing emails.\r\n\r\n“When it comes to instilling a healthy and robust cybersecurity culture in your organisation, it’s far better to use a carrot rather than a stick approach. Ultimately, a cybersecurity education and awareness strategy can only succeed if there is willing participation from all staff members.\r\n\r\n“Gamification and incentivisation are great ways to get cooperation from everyone in the organisation,” Labuschagne recommends.\r\n<ol start=\"6\">\r\n \t<li><strong> Updated technology and a good data set-up</strong></li>\r\n</ol>\r\nWhile it helps to have the most up-to-date technology, a secure data centre also goes a long way towards improving cybersecurity within an organisation.\r\n\r\nLabuschagne says a secure data centre should have immutable storage, application contingency and disaster recovery solutions in the event of natural disasters, intensified nationwide load shedding and any other adverse and unexpected events.\r\n\r\n“It’s also wise to do regular penetration testing on your data centre. Direct Transact, for instance, uses testers who are approved by the PCI Council, who we invite to try to breach our defences via multiple attack vectors. If they find vulnerabilities or weaknesses, we’ll know where to strengthen our defences,” he says.\r\n<p style=\"text-align: center;\">***</p>\r\nThe vice-president and principal analyst at Forrester, Andras Cser, largely agrees, saying tech leaders should use infrastructure automation where possible to avoid manual recovery procedures, along with developing rollback and regression capabilities, testing them often to ensure that systems can be recovered to a previous state.\r\n\r\n“Customers need to ask for business interruption indemnification clauses in the event of a software update gone awry such as the current CrowdStrike one. For software that runs in trusted spaces with automatic updates, especially those that impact/use kernel modules or otherwise may impact operating system stability, this could be seen as a necessary step toward building back trust,” he says. <strong>DM</strong>",
"focal": "50% 50%",
"width": 0,
"height": 0,
"url": "https://dmcdn.whitebeard.net/dailymaverick/wp-content/uploads/2024/06/iStock-1386184656.jpg",
"transforms": [
{
"x": "200",
"y": "100",
"url": "https://dmcdn.whitebeard.net/i/tKLxDFGxcwMxy9xmQsMK0XXLtRI=/200x100/smart/filters:strip_exif()/file/dailymaverick/wp-content/uploads/2024/06/iStock-1386184656.jpg"
},
{
"x": "450",
"y": "0",
"url": "https://dmcdn.whitebeard.net/i/-a64cBt3jjeq3uGxb4GJz1UUXoA=/450x0/smart/file/dailymaverick/wp-content/uploads/2024/06/iStock-1386184656.jpg"
},
{
"x": "800",
"y": "0",
"url": "https://dmcdn.whitebeard.net/i/1QPQdNqJxSWSFj8FZBBcc7hkGeY=/800x0/smart/filters:strip_exif()/file/dailymaverick/wp-content/uploads/2024/06/iStock-1386184656.jpg"
},
{
"x": "1200",
"y": "0",
"url": "https://dmcdn.whitebeard.net/i/rWH-8PPc5U83m8vG7GrO8fi1-yo=/1200x0/smart/filters:strip_exif()/file/dailymaverick/wp-content/uploads/2024/06/iStock-1386184656.jpg"
},
{
"x": "1600",
"y": "0",
"url": "https://dmcdn.whitebeard.net/i/knVWW6bZ9vQj0UirDzEUDEzwmfA=/1600x0/smart/filters:strip_exif()/file/dailymaverick/wp-content/uploads/2024/06/iStock-1386184656.jpg"
}
],
"url_thumbnail": "https://dmcdn.whitebeard.net/i/tKLxDFGxcwMxy9xmQsMK0XXLtRI=/200x100/smart/filters:strip_exif()/file/dailymaverick/wp-content/uploads/2024/06/iStock-1386184656.jpg",
"url_medium": "https://dmcdn.whitebeard.net/i/-a64cBt3jjeq3uGxb4GJz1UUXoA=/450x0/smart/file/dailymaverick/wp-content/uploads/2024/06/iStock-1386184656.jpg",
"url_large": "https://dmcdn.whitebeard.net/i/1QPQdNqJxSWSFj8FZBBcc7hkGeY=/800x0/smart/filters:strip_exif()/file/dailymaverick/wp-content/uploads/2024/06/iStock-1386184656.jpg",
"url_xl": "https://dmcdn.whitebeard.net/i/rWH-8PPc5U83m8vG7GrO8fi1-yo=/1200x0/smart/filters:strip_exif()/file/dailymaverick/wp-content/uploads/2024/06/iStock-1386184656.jpg",
"url_xxl": "https://dmcdn.whitebeard.net/i/knVWW6bZ9vQj0UirDzEUDEzwmfA=/1600x0/smart/filters:strip_exif()/file/dailymaverick/wp-content/uploads/2024/06/iStock-1386184656.jpg",
"type": "image"
}
],
"summary": "While the full ramifications of the outage are still unfolding, one thing is clear: it has irreversibly altered the cybersecurity landscape.",
"template_type": null,
"dm_custom_section_label": null,
"elements": [],
"seo": {
"search_title": "Cybersecurity lessons and best practice in the wake of the CrowdStrike outage",
"search_description": "Less than two weeks after the massive CrowdStrike outage of 19 July affected Windows users the world over, the cybersecurity industry has drawn up a series of lessons that can be taken forward.\r\n\r\nThe",
"social_title": "Cybersecurity lessons and best practice in the wake of the CrowdStrike outage",
"social_description": "Less than two weeks after the massive CrowdStrike outage of 19 July affected Windows users the world over, the cybersecurity industry has drawn up a series of lessons that can be taken forward.\r\n\r\nThe",
"social_image": ""
},
"cached": true,
"access_allowed": true
} 
Dirk Labuschagne, chief information security officer at Direct Transact. (Photo: Supplied)