Deimos, a leading African cloud-focused cybersecurity company, renowned for its pivotal role in cloud-native development and security operations, is sounding the alarm for an urgent need to bolster cybersecurity awareness and education across multiple sectors. With a diverse clientele spanning the public sector, fintech, and e-commerce, Deimos is resolute on the critical importance of proactive security measures in safeguarding businesses against cloud security vulnerabilities.
Deimos prioritises automated security processes to reduce manual reviews and controls, mitigating human errors. In Verizon’s 2023 Data Breach Investigations Report, they estimate that 74% of breaches involved the human element, which includes social engineering attacks, errors or misuse.
As remote and hybrid work is the new normal, businesses increasingly rely on cloud technology. Deimos sheds light on three vital methods engineering teams must apply to increase their cloud security:
“Shifting left” – moving the security planning, design, and testing of key products earlier in the software development life cycle, rather than after release.
“Defending right” – Implementing firewalls and intrusion detection systems to protect products from external threats.
Utilising automated tools to establish guardrails before moving into production – such as static and dynamic application security testing, or package vulnerability scanning, to analyse source code, software packages, or web application respectively, for vulnerabilities.Utilising automated tools to establish guardrails before moving into production.
These protections are crucial for Africa’s fast-growing tech ecosystem which holds lucrative data and assets within the cloud, making unprepared businesses an attractive target for cybercriminals. Each breach further impacts millions of Africans, across the continent and diaspora, and whilst cyber security solutions are readily available, many are not followed.
Deimos highlights the common pitfalls that startup organisations encounter when securing their operations. These include:
Startups prioritising speed and agility over security in their go-to-market strategy.
Pursuing a reactive approach to cybersecurity – that addresses security only after breaches or cyberattacks have already occurred.
Not implementing secure access control measures for employees working with sensitive information and systems.
Deen Hans, Deimos’ Director of Security Engineering, emphasised that businesses must “fortify themselves against cloud security vulnerabilities. In my experience working with our clients, the focus is very much on operations that lead to growth, competitive edge and so on. A Cybersecurity strategy usually comes in the aftermath of a breach. However, this can be costly, with critical vulnerabilities that damage reputation and erode trust. The consequences of pursuing growth without a strong security posture can be detrimental.
The cloud security company has recently taken on educating its clients on an ongoing threat that has become more prevalent in recent times, called Distributed Denial of Service (DDoS) attacks, where an attacker floods an organisation’s server with traffic to prevent users from accessing connected online services and sites. According to Kaspersky, the world’s largest private vendor of Internet security solutions, nearly 57,116 Distributed DDoS attacks were reported to the platform in Q3 2022.
Deimos highlights that DDoS attacks and similar breaches are due to a failure in prioritising good governance practices, education, and awareness of cloud technology from a security perspective.
Deimos reveals that clients often approach them uncertain about their compliance status and the state of their security, sometimes realising security flaws at the last moment before launching their services – necessitating a return to the development stage. The company has observed that the absence of cybersecurity in Africa primarily impacts remote work. IBM estimates that 82% of breaches involved data stored in the cloud. As African companies transition to remote teams and embrace cloud operations in their day-to-day activities, they often overlook access control measures and necessary permissions, thereby creating vulnerabilities. A single compromised user can have far-reaching consequences.