How secure are your employee’s endpoints

COVID-19 continues to present problems for employees working remotely. Over the past few weeks, a number of threats have been identified in the banking industry – namely, social engineering, third-party data breaches and ransomware. Across the globe fraud and cyberattacks have soared. IT News Africa says this is of particular concern for South Africa as funds are collected to uphold the economy during lockdown and new grants are implemented to ensure the wellbeing of citizens.

We’ve also seen numerous reports of cybercriminals ramping up their attacks as more and more people started to work from home. Now the Wireless Application Service Providers’ Association (WASPA) has reiterated the need for South Africans to practice good cybersecurity at home.

“With 90 million mobile connections and widespread availability of money transfer and digital banking facilities, SA is tremendously attractive to mobile fraudsters who use malware embedded in downloadable apps to gain access to passwords, user names and other sensitive data,” General Manager of WASPA, Ilonka Badenhorst said.

Exposed Services in Africa

“The way we are preyed upon by criminals has changed. We understand how to protect ourselves from physical crimes, but cybercrime is different – it is nameless, faceless and borderless. We can’t protect ourselves directly because most of us are not IT security professionals, and there is no failsafe system,” says Rohan Isaacs, who heads the technology and privacy team at law firm Herbert Smith Freehills in South Africa.

The global Cyber Exposure Index ranks SA sixth on the list of most-targeted countries for cyberattacks, with the highest concentration of exposed or smaller businesses.

“Most organisations are blissfully unaware of the degree of cybercrime that’s out there. People believe they are well-protected, and they are definitely not – they are using yesterday’s technology to protect themselves against today’s threats,” Brian Pinnock, Mimecast.

A recent study done by ShadowServer also reported an increase in malware infection statistics, which come from data collected from sinkholes, honeypots, network telescopes and other sources, operated by either ourselves or our partners. Example network report types that contain this data include: Botnet Drone Report, HTTP Sinkhole Report, Microsoft Sinkhole Report, Brute Force Attack Report and the Darknet Report.

Based on these datasets, we see in total up to 600,000 malware infected IP addresses per day in Africa. However, it should be noted that observed activity by malware family is biased towards the threats that ShadowServer and its partners are currently sinkholing or otherwise have visibility of (around 400 malware families/variants).

Perhaps unsurprisingly, the amount of infections by unique IPs tend to be higher in absolute numbers in more populous countries and/or countries with better Internet infrastructure including Nigeria and South Africa.

What endpoint protection is required?

As already established, IP addresses are vulnerable and email is the single biggest attack vector for cybercrime, accounting for about 90% of the total cyberattacks, but how do we determine what endpoint protection is required to keep our devices protected at all times?

Antivirus software is no longer viable as it works on a detect and respond basis which is proving to be more inadequate to protect more common cyberattacks. We have moved into a modern time and technology to rather prevent than only detect as this can save a company a lot of time and money. But you may still ask yourself is this even possible?


Here are  8 key security considerations(5) for protecting remote workers as many security and IT teams suddenly have to support and protect employees who must work remotely so make sure these areas are covered too.


The endpoint protection you need

Cybersecurity Resilience Services cover all avenues of potential breaches through the combined efforts of key InfoSec principles and the deployment of rapid detection and response systems. Professional teams of engineers and analysts go through rigorous training programmes, developed by and for the military on real world scenarios and situations. They are trained to analyze, understand and recognize patterns presented by cybercriminals, and it is their responsibility to identify a threat before it happens with their extensive knowledge and understanding of cyber warfare and the determination to intercept a cyber-attack before it takes place.

As most cybersecurity firms base their defenses on the assumption that all attacks will occur from an endpoint or human vulnerability, ACDS’s intercept product knows that sophisticated cybercriminals can enter your network through other avenues linked directly to your perimeter or different network components, skipping endpoints altogether. Intercept covers all aspects of your endpoint, perimeter and network through a variety of tools to detect and defeat any unauthorized entry with speed and accuracy, to not only detect but protect!

ACDS offers full-service Information & Cybersecurity solutions that identifies, analyzes and detects a variety of cyber threats while helping you to better respond and recover from any unwanted intrusions in your business with real-time results. Our cybersecurity resilience services cover all avenues of potential breaches through the combined efforts of key Information & Cybersecurity principles and the deployment of ACDS’ rapid detection and response system.