Cyberattacks pose a serious threat to SA business

Cyberattacks pose a serious threat to SA business

Imagine being held to ransom for your business records and data by criminals demanding outrageous sums of money, so you can recoup your own information. This is precisely what many companies around the world – including in South Africa – experienced last year. Cyberattacks are big business, costing the global economy trillions. As technology advances, so opportunities for cybercriminals increase. SHEQ investigates …

Cyberattacks rank among the top three risks in Austria, Belgium, France, India, South Korea, Spain, Sweden, Switzerland, the United Kingdom (UK) and the United States, with businesses facing the challenge posed by larger and more expensive data breaches, an increase in ransomware and spoofing incidents, as well as the prospect of privacy-driven fines or lawsuits after an event. Allegedly, a mega data breach, involving more than one million compromised records, now costs an average US$42 million (about R635 million), up eight percent year on year.

According to Mimecast’s Quarterly Threat Intelligence Report, data breach in South Africa alone costs an average of R36,5 million, with the long tail costs being felt for years after the incident. More alarming still, the average time to identify a breach was 175 days – and 56 days to contain it. What’s more, large businesses are not the only targets. Hackers are indiscriminate. The Verizon 2019 Data Breach Investigations Report states that 43 percent of cyberattacks target small businesses.

“Incidents are becoming more damaging, increasingly targeting companies with sophisticated attacks and hefty extortion demands. Five years ago, a typical ransomware demand would have been in the tens of thousands of dollars – now they can be in the millions,” explains Marek Stanislawski, deputy global head of cyber, Allianz Global Corporate & Specialty (AGCS).

And extortion demands are just one part of the picture. Companies can suffer major business interruption, losses due to the unavailability of critical data, systems or technology, either through a technical glitch or cyberattack.

“Many incidents are the result of human error and can be mitigated by staff awareness training, which is not yet a routine practice across companies,” he says.

No-one is untouchable

Several large-scale Distributed denial-of-service (DDoS) attacks were reported last year, among them an attack on the Labour Political Party in the UK as an attempt to disrupt its digital systems, as well as against Minecraft servers set up in the Vatican.

Closer to home, South Africa was hit by multiple cyberattacks, including one against the Civil Aviation Authority in July, and two ransomware hits on City Power within a couple of months. The country also endured the longest-running cyberattack campaign in all the regions monitored by Mimecast, with the company detecting more than 116 000 attacks over an eight-day period in July by an unknown actor or group, using various malware types.

The highest risk now to South African businesses are cyberattacks, according to the annual survey on global business risks from AGCS. The survey incorporated views of 2 718 experts in more than 100 countries, including those of chief executives, risk managers, brokers and insurance experts.

The risk of cyberattacks extends further – to mobile phones, with Adware, in particular, continuing to pose a serious threat to South African mobile devices, accounting for more than half of attacks. Adware collects troves of private information to show users targeted banner ads. Sensitive data may end up on third-party servers without users’ consent or knowledge.

Malicious bankers are equally dangerous. This kind of malware steals credentials for e-payment and online banking systems from victims, intercepting one-time passwords and then sending the data to the attackers behind Trojan. (A Trojan is a type of malware that conceals its true content to fool a user into thinking it’s a harmless file.)

Stalkerware is another growing threat, but this one requires a specific stalker to carry out its operation. These are commercial spyware applications, usually installed on devices without users’ knowledge or consent (they stay hidden, operating in the background). Their hidden status allows them access to device location, browser history, text messages, social media chats, photos and more, without the user being alerted. They not only share sensitive information with an abuser, but there is also room for a third-party hacker to gain access to stalkerware servers and collect all of this information for their own purposes.

And it does not end there. In February, Kaspersky researchers (Kaspersky is a global cybersecurity company founded in 1997) detected an unusual malicious campaign that uses a phishing copy of a popular VPN service’s website to spread AZORult, a Trojan stealer, under the guise of installers for Windows. In this case, the campaign focuses on stealing personal information and cryptocurrency from infected users.

VPN services play an important role by enabling additional data protection and safe internet browsing, yet cyber-criminals try to abuse their growing popularity by impersonating them. In the case mentioned above, the attackers created a copy of a VPN service’s website that looks exactly the same as the original, except with a different domain name.

Managing cyber risk

In order to protect personal data, users need to be especially careful when surfing online. According to  www.webroot.com, users are cautioned not to download or install software from a source they do not trust completely or to open an attachment or run a program sent to them from someone they do not know.

In addition, all computer software should be kept up to date with the latest patches and Trojan antivirus systems.

Kaspersky experts further recommend that users check that the website is authentic. They warn: “Do not visit websites until you are sure they are legitimate and start with ‘https’. Confirm that the website is genuine by double-checking the format of the URL or the spelling of the company name, reading reviews about it, and checking the domain’s registration data before starting downloads.”

Passwords and other personal information, including a wallet’s private key, should be stored in a password manager, while cryptocurrencies (those that are not connected to the internet) should be stored in cold wallets to minimise the risk that funds will be stolen.

When it comes to mobile devices, Kaspersky experts advise users to pay attention to the apps installed on their devices and to avoid downloading them from unknown sources. The device should be kept updated and installed with a reliable security solution. As a further precaution, they advise that users regularly run a system scan to check for possible infections.

Equally, organisations need to become far more aware of this growing threat and implement the correct measures to become cyber-resilient. (See also “Cyberattacks: what YOU can do.”)

To help companies protect themselves from cyberattacks, the experts recommend that stress tests and web application audits be conducted with internal employees, or with the help of outsourced specialists, to identify the weakest points in company infrastructure. They also advise assigning specialist roles for maintaining web resources operations with people who know how to respond in the case of DDoS attacks and are ready to react outside of their scheduled working hours.

Finally, and perhaps most importantly, companies should consider extending their insurance cover to include cyber crime.

Cyberattacks: what YOU can do

Here are four crucial steps to building a cyber-resilient organisation:

Take it from the top. Cyber-risk management must be an enterprise-wide effort, but accountability needs to sit at the very top of the organisation, with the company board understanding the costs and consequences of a cyberattack.

Unite your business. Cyber risk is not just an IT security issue; it is a threat to the whole enterprise. It calls for a multidiscipline, multilevel response that involves every relevant stakeholder within the business.

Get ahead of the game. Businesses can no longer rely on bringing in a response team after an attack. Incident-response training is critical in preparing organisations for a cyberattack, and scenario-planning helps to understand operational vulnerabilities and threats.

Protect your balance sheet. Firms should assess how they are leveraging available risk-transfer opportunities. Cyber insurance can help protect an organisation’s balance sheet by providing a financial pay-out after things have gone wrong and providing pre-loss prevention and post-loss services.

Source: Aon Insurance Company

Published by

Prev Beliefs drive behaviour
Next How much more?

Leave a comment