Organisations across Africa have increasingly become victims of cyber-attacks, leading to significant data compromises and financial losses. These attacks are becoming more frequent and sophisticated as hacker groups are now using artificial intelligence to carry them out. In this interview, Brendon Meyer, senior solutions engineer at Beyond Trust, shares his assessment of this growing challenge and the future of identity security in Africa. He also discussed the solutions his company is providing and what organisations and governments must do to minimise attacks, among other related issues. AMAKA ANAGOR-EWUZIE brings the excerpts:
How would you assess the state of cybersecurity across Africa with a special focus on identity security?
The cybersecurity landscape in Africa and Nigeria is evolving constantly. Every day there are new types of attacks from ransomware, phishing, and social engineering perspectives.
That said, from a regulatory front, it’s necessary to applaud how many African countries are essentially making use of regulation capabilities to address many cybersecurity issues to bolster their security posture. This unfortunate challenge is because infrastructure is still a bit of a challenge in the cybersecurity space.
From our engagement with customers across Nigeria, we notice that many lack the understanding of how they can use identity security best practices to bolster their security postures.
What does Beyond Trust do differently that separates it from other identity and access security solution companies across the globe?
Beyond Trust is a cybersecurity company. While many other companies provide similar security services, what we do differently when it comes to the security market is just the different approach we have to the market.
We have an identity-centric approach, meaning we focus on identity security and the measures we put in place to bolster organisations and personal identity security practices, make us unique when addressing cybersecurity threats in today’s modern landscape.
Beyond Trust is different because we put identity security first as a technology vendor. We have differentiated ourselves from an innovation standpoint because we constantly innovate, acquire new technology, and build out specific technology to help us bolster our identity security in conversation with our existing customers.
Additionally, one of the biggest differentiators specifically for Beyond Trust is that we might be a global company, but we have a local presence in countries within the African continent. We bolstered our capability and leveraged our partner ecosystem in each of these countries. Within Nigeria, we are pushing the conversation around identity security daily and leveraging the advanced skills the people of Nigeria can offer us.
The recent African Cyber-Threat Assessment Report puts Morocco, South Africa, and Nigeria as the most attacked by Trojans. What is the update, and what is the way forward?
The cybersecurity report in question underscores the need for organisations to have a strategic, multifaceted approach to cybersecurity, specifically in the African region.
If you could look at the sophistication of the Trojan horse attacks as a concept, we are seeing a massive increase in frequency and sophistication, and this underlines the fact that attacker and hacker groups are getting better funding, and skills, and are partnering with artificial intelligence to improve their capability when delivering these Trojan-based attacks.
They are also becoming smarter by targeting specific sectors and specific people, along with the efforts to mitigate this, which has become difficult for many organisations because they do not necessarily know this. They might go through security awareness training, but in many cases these advanced types of attacks become difficult.
As a specialist company, Beyond Trust is different because we have this identity-centric approach that allows us to see these attackers specifically through attacks based on malware and Trojan horse type of attacks. We also see these attackers providing ransomware as a service capability, and we equally see advanced persistent threat conversations specifically around cybersecurity where they constantly target organisations and, as a result, try and find these breaches in your environment.
We have observed based on data that attackers have not decreased their attacks; we have seen a significant increase in identity or privileged identity-based attacks as well as remote code execution.
From a specialist point of view, organisations must have an endpoint protection solution that rethinks the way malware can be deployed or executed. There are multiple ways you can address the conversation in the cybersecurity space.
Read also: Cybersecurity: The role of AI in safeguarding Africa’s digital future
Cybercriminals have continued to adopt more creative and sophisticated ways to attack unsuspecting organisations. How best can organisations stay ahead of this situation?
There are three-pronged approaches we recommend at a high level for most of our customers to help them prepare for any attack. First, we recommend that organisations and individuals need to be proactive.
Enterprises need to be proactive from a security posturing perspective by essentially identifying more of these threats earlier in the attack lifecycle. When organisations find these potential security risks faster, they suffer fewer breaches.
Another thing to note is that organisations have shifted from perimeter and endpoint-based attacks focus to an identity-based view. The shift from a traditional way of thinking when it comes to cybersecurity to an identity-based view has significantly bolstered and matured the security posture for these organisations when it comes to preventing or at least minimising attacks and risks associated with them.
The third leg of the prong approach is that organisations now adopt a blended prevention and detection approach to proactively stop these attacks. As a result, it helps eliminate those blind spots that those organisations might be faced with.
There is also a need for organisations in Africa to team up with artificial intelligence to make their lives much easier and better when it comes to finding and detecting these threats.
What plans is your company putting in place to create more opportunities for the development of human capital in Africa?
When it comes to identity-based attacks, in many cases we observe that humans might be the weakest link, and hackers focus their efforts on identity because they observe that humans are the weakest link.
In terms of human capital development, there is no better way to bolster security capabilities than to make use of people. In Beyond Trust, our human capital is our biggest asset, especially when it comes to solving these problems and the advanced cybersecurity requirements that we have in today’s space.
As an organisation, we bolster our capability by trying to create awareness for us. We embarked on a West/East/Central Africa road show where we went to different countries like Nigeria, Kenya, and Tanzania.
As a company, we are willing to come see our customers and build our partner ecosystem because trust is ultimately earned. We leverage the fact that we need to be in these countries and show a presence in those countries.
Beyond Trust is in the West, East, and Africa. We also have a full presence in the likes of Morocco, Tunisia, Ivory Coast, Algeria, and other regions where we have some of the biggest customers in the world using our technology. We leverage our capabilities on the African continent to differentiate ourselves.
People are our biggest asset when it comes to using the knowledge and skills that we have in the African continent, and it is one of the biggest untapped resources we can use.
How do you leverage your extensive network and expertise in the industry to offer tailor-made identity security solutions to help organisations safeguard their digital assets?
Beyond Trust has a network of identity security specialists and experts across the world. We can share and guide our customers in many ways when it comes to bolstering their capability and growing security posture in the identity space.
As a security solution vendor, we can align our operation by using any existing investments that our customers may have within the African continent. We understand that many organisations have limited budgets and resources, and this is where we are different because we leverage existing investments and existing technologies.
What do you think is the future of identity security in Africa and Nigeria amid the several challenges the continent faces?
The future of identity security in Africa and Nigeria specifically is poised for transformation. With the legal and regulatory reforms, the Central Bank, IT standards blueprint that Nigeria brought out in 2019, the 2015 Criminal Act, and the Nigerian Data Protection Act, there is a big drive to improve cybersecurity, governance, and the risk associated with the challenges being faced.
If I have to link a possible future when it comes to identity security, I think the challenges can be addressed by teaming up and working with artificial intelligence and machine learning capability and bolstering one’s capability.
So, having a research-based approach when it comes to artificial intelligence and leveraging their capability through identity threat and analytics, will help address these future challenges.
Where do you see your operations in Africa in the next five years?
In the next five years, Beyond Trust as a company will be embedded in more countries across the globe. Since 2023, we have embarked on expanding our capability into Africa.
We plan to be closer to even more customers across the African continent specifically in Nigeria. Through our various solutions, we want to play more of an advisory role for most of our existing customers, guiding them through the complex cybersecurity space.
Beyond Trust believes that by having a better, closer relationship and guiding our existing customers from a technology vendor, we will be right there as the most innovative organisation in the identity security space.
In addition, I foresee the company leveraging that capability and expanding our customer security posture over the next five years.
