CISO security & business continuity insights: lessons from an undersea cable blackout – CyberTalk

Issam El Haddioui: Head of Security Engineering, EMEA – Africa | Security Evangelist with the Office of the CTO. Issam El Haddioui has held multiple technical leadership and management roles with major cyber security vendors in different countries. He has 20+ years’ experience in worldwide consulting, designing, and implementing security architectures across verticals. He holds two master’s degrees and various technical certifications.

In this dynamic and insightful interview, Check Point expert Issam El Haddioui highlights how an undersea cable disruption impacted multi-national, regional and local businesses across Africa. He then describes how to prepare for internet blackouts and brownouts within your organization, walking through best practices and forms of resilient cyber security architecture.

1. Would you like to provide an overview of the subsea cable issue that recently affected West and Central Africa?

Internet access and connectivity for a large portion of our continent, more than a dozen of countries, was impacted earlier this year due to submarine undersea cables being damaged. Businesses in Ghana, Ivory Coast, Nigeria, Uganda and more were forced to rely on phone conversations to exchange data in a timely manner. Others in East Africa had to use satellite network connections to continue operating.

2. Why is the issue significant? Who was affected and to what extent?

With almost 90% of Africa’s internet traffic relying on undersea cables, all aspects of the continent’s digital economy were subject to disruption; from quality of service to having no-connectivity at all. Stock exchanges, banks, e-commerce and logistics platforms were out of order for a significant part of the day, impacting revenue and business continuity. It caused delays to critical services for the continent and its citizens.

3. When interruptions – like what happened with the undersea cables – occur, what are the risks or vulnerabilities that businesses face?

In these circumstances, businesses are facing not only lower productivity, which impacts their competitiveness, but also security related risks, such as lack of visibility over their presence and global assets, and lack of visibility into non-local cloud platforms. They also lack real-time prevention in case of any local threats or insider actor.

4. For businesses based in West or Central Africa or with offices in the region, given the sub-sea cable cut, what kinds of general business resilience measures would you recommend?

In addition to the redundancy and resilience mechanisms applied by operators responsible for the cables, business can also opt for, when possible, a redundant/backup network connectivity via satellite communication. Also, we recommend having a local copy of critical data either on premises or leveraging the development of local and sovereign cloud providers. Sometimes, undersea cable disruption can also lead to a cyber attack due tapping or eavesdropping by threat actors who are meddling with the cable. Hence, encryption is also a highly recommended when trying to exchange data.

5. How can a SASE architecture help enterprises maintain secure and reliable connectivity to business critical applications and data?

SASE architecture that’s supported by a highly resilient meshed backbone can help maintain secure and reliable local communications for remote workers in countries using local PoP during any disruption; providing access to business data and applications.

6. What kinds of visibility and control does SASE offer and how is that beneficial?

With SASE architecture, business will have control over any connection to their data or applications, regardless of where it originates from. It allows them to check the security posture of the device where the user is initiating the connection, authentication and access control policy. It also gives them the ability to use the best route with low latency for critical traffic. It provides a full, central, in real-time and granular view of the security status of the environment; an important visibility mechanism enabling security analysts to prevent any potential threats or malicious activity.

7. How can SASE’s cloud-delivery model and optimization capabilities help reduce the impact of internet brownouts or blackouts?

SASE cloud-delivery with local PoP will help maintain local connectivity and access to data and applications during a period of internet blackout. In fact, SASE providers, such as Check Point, will have a local replica on all its PoP globally, with the same security policy. These local PoPs or some local providers have built resilience into their infrastructure that SASE can benefit from, such as dual connectivity via satellite or radio-based communication.

8. What related advice do you have for corporate leaders?

Digital transformation and the new hybrid mode of working have given businesses and governments a myriad of benefits and opportunities. These include reducing their real estate costs by enabling the remote workforce, rapid go-to-market with online and e-commerce platforms, accelerating the launch of citizen programs…etc.

This new reality cannot be supported by traditional connectivity and security architectures, but requires new agile, scalable, and holistic ways to deal with an extended attack surface and heterogenous mode of connection. SASE is one direction to help address some of these new challenges, offering secure and controlled access to data and applications from anywhere to anywhere, cloud-delivered and as-a-service.

9. At this point, the cables have been restored. Do you expect to see another incident like this within the next 12-18 months?

Even with all the resilience mechanisms that the cables operators are implementing, we are never totally immune from such incidents for various reasons. Incidents like what we saw in Africa this year are not very frequent, but according to the Center for Strategic and International Studies (CSIS), undersea cable disruptions occur at a rate of 200 incidents per year due to different accidental damages.

10. Is there anything else that you would like to share?

It is very important, during periods of internet blackout or disruption, not lose sight of insider threats, such as internal employees or third-parties, and potential local intrusion that can cost your business millions due to a data leak, reputational damage or legal liabilities. Hence, a unified and integrated security platform with visibility into the internal and external attack surface is key to your security monitoring in real-time.

For more insights from Issam El Haddioui, please see CyberTalk.org’s past interview. Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.