Anomaly detection is the first layer

Issue 3 2021 Security Services & Risk Management

Cybercrime incidents have surged in the last year, as malicious actors take advantage of the current global situation, including the work from home (WFH) trend. As IT has evolved, so too has ransomware and attacks have become increasingly targeted, pervasive and damaging. A multi-layered, proactive approach to data management and protection is essential and this begins with anomaly detection as the first line of defence.


Kate Mollett.

The evolving threat

In a WFH environment, people are connecting to critical applications and data from multiple distributed points, without the safety blanket of the enterprise network perimeter. People working from home are also more vulnerable to attack, as it is difficult to maintain standards of awareness when face-to-face contact is limited.

In addition, cybercrime has evolved into a fully-fledged business. Ransomware-as-a-Service is available to purchase on the dark web and South Africa is an attractive target for attack. In fact, a report from Accenture reveals that South Africa has the third most cybercrime victims worldwide, losing R2,2 billion a year.

Ransomware has become extremely sophisticated, with multifaceted and highly targeted attacks exploiting multiple points of vulnerability. Malware has even begun to attack the data protection solution itself, rather than just production data, making recovery from a successful exploit all but impossible.

The attack surface is so vast that traditional solutions are simply no longer enough. A new approach to data management and protection is necessary and this begins with the ability to discover unusual activity before it can cause damage – also known as anomaly detection.

Proactive alerting is the key

Malware exploits rely on slipping through network defences without detection. Much like burglars need to get into a building undetected so that they can steal valuables, ransomware needs time to infiltrate and steal data. Anomaly detection can be likened to a security camera for your network. It helps enterprises to identify unusual or suspicious network activity as it happens, flagging it for investigation and blocking it before damage can be done. For example, dramatic and sudden increases in network traffic, moved files, or even logins from unusual locations, can all be red flags that a threat actor is attempting to penetrate the network.

With anomaly detection in place, the appropriate people are immediately made aware of potential issues so that they can take action. As the old adage goes, prevention is better than cure. While protecting data is essential, it is actually a secondary issue, because an early warning of potential issues means that risk and damage is mitigated. This enables enterprises to take a proactive approach to potential threats rather than reacting after the fact.

Layered threat detection and prevention

Backup and recovery should not be the primary defence against ransomware or any other form of data loss – it is the final step in the process. It is critical today to identify threats, protect applications and data, monitor systems, respond to threats, create awareness and then if all else fails, recover from an event.

Anomaly detection as part of a data management framework is essential to an holistic solution, because data management is about more than just security. Tools like artificial intelligence and machine learning help systems to immediately identify potential threats and automate processes to stop attacks before they can penetrate a network. Building the right framework to manage your data, with multiple layers, covering all areas from the end point to the data centre and beyond, is essential to a modern data management strategy.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Risk management and compliance enforcement
Security Services & Risk Management
Having a risk management and compliance programme (RMCP) is not just a procedural formality; it is a legal requirement under Section 42 of the Financial Intelligence Centre Act (FICA).

Read more...
The dangers of poor-quality solar cables
Security Services & Risk Management Smart Home Automation
Reports indicate that one in six fires attended by South African firefighters is linked to substandard solar installations, often due to faulty wiring or incompatible components.

Read more...
Growing risks for employers
Security Services & Risk Management
With South Africa’s unemployment rate exceeding 32% and expected to rise beyond 33% this year, desperation is fuelling deception in the job market. Trust is no longer a given, it is a gamble.

Read more...
Chubbsafes celebrates 190 years
Gunnebo Safe Storage Africa News & Events Security Services & Risk Management
Chubbsafes marks its 190th anniversary in 2025 and as a highlight of the anniversary celebrations it is launching the Chubbsafes 1835, a limited edition 190th-anniversary collector’s safe.

Read more...
New law enforcement request portal
News & Events Security Services & Risk Management
inDrive launches law enforcement request portal in South Africa to support safety investigations. New portal allows authorised South African law enforcement officials to securely request user data related to safety incidents.

Read more...
Continuous AML risk monitoring
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
AU10TIX, launched continuous risk monitoring as part of its advanced anti-money laundering (AML) solution, empowering businesses to detect behavioural anomalies and emerging threats as they arise.

Read more...
Growing risks for employers
Security Services & Risk Management
With South Africa’s unemployment rate exceeding 32% and expected to rise beyond 33% this year, desperation is fuelling deception in the job market. Trust is no longer a given, it’s a gamble.

Read more...
Managing mining physical security risks
Zulu Consulting Security Services & Risk Management Mining (Industry) Facilities & Building Management
[Sponsored] Risk-IO, a web app from Zulu Consulting, is designed to assist risk managers in automating and streamlining enterprise risk management processes, ensuring no steps are skipped and everything is securely documented.

Read more...
SAFPS issues SAPS impersonation scam warning
News & Events Security Services & Risk Management
The Southern African Fraud Prevention Service (SAFPS) is warning the public against a scam in which scammers pose as members of the South African Police Service (SAPS) and trick and intimidate individuals into handing over personal and financial information.

Read more...
Rewriting the rules of reputation
Technews Publishing Editor's Choice Security Services & Risk Management
Public Relations is more crucial than ever in the generative AI and LLMs age. AI-driven search engines no longer just scan social media or reviews, they prioritise authoritative, editorial content.

Read more...