At the weekend the Department of Employment and Labour arrested an employee in connection with a hack of the department’s servers.
Headlines involving cybercrime are becoming more frequent and that’s not because it’s sensational, but because the threat is real.
Research from IBM Security in 2019 puts the average cost of a data breach in South Africa at R36.5 million – the seventh highest of 16 countries.
And breaches aren’t all that we should be concerned with. Malware attacks – particularly banking malware attacks increased by 58 percent in Q1 2019 according to Kaspersky.
Businesses and individuals stand to lose big and sadly the smaller the business, the harder a cyberattack hits.
“The risk that cybercrime poses is here, and it is very real. A lack of reporting on the matter is leaving many in the dark as to the resultant costs that a business could suffer as a result of a cyber breach not only from an incident response perspective but also the subsequent business costs associated with a breach of this nature that can include aspects such as business interruption, loss of business and client trust, liability of directors and officers through to reputational damage,” says client manager of Cyber Solutions at Aon South Africa, Zamani Ngidi.
The Five Horsemen
In it’s 2019 Cyber Security Risk Report, Aon outlines five key vulnerabilities that have allowed cybercriminals to execute large-scale attacks so frequently.
The first of these is access to operational data from mobile and edge devices.
While remote access to data has become almost essential in some fields, it does also pose a security risk if careful consideration is made into how this data is accessed. Growing reliance on third-party and sometimes even fourth-party services also poses something of a security risk should due diligence not be done.
The internet of things is another area of weakness that poses a threat. While the internet of things can open up a range of business opportunities, as with using third-party services, if poorly configured they can act as unsecured entry points.
Employees remain a weak point for cybercriminals to exploit. A survey conducted by Aon in 2018 found 53 percent of respondents had an insider-related attack in the previous year. That is rather worrying and businesses would do well with implementing proper training and ongoing awareness campaigns to help create a culture of good security hygiene.
Aon notes that organised crime organisations are recruiting former intelligence members to help execute more sophisticated attacks. The long and short of this is that cybercriminals have evolved and assuming they are still operating from a basement is folly and dangerous.
The final threat is one that is beyond the control of even the most successful corporation – regulation.
The fact of the matter is that lawmakers are playing catch-up to the constant stream of innovation that technology births.
Compounding this issue is the fact that legislation relating to cybercrime changes from nation to nation. We can see that right now in the fact that GDPR has been in effect for two years in May and South Africa is still waiting for POPI to take effect.
These are of course just some of the risks that businesses face but they should have you thinking deeply about security.
The bottom line
According to Aon, with the financial implications of a data breach or any cyberattack, businesses need to change their approach.
“It necessitates a major shift in business thinking to view cyber risk as both a strategic and critical risk that holds a very real threat to business and its operations. Proactive steps need to be put in place in order to prevent a business from becoming a statistic as far as possible in addition to having a solid incident response plan and cyber insurance in place to manage a worst-case scenario,” explains Ngidi.
When it comes to cybersecurity it’s best to consult an expert – or rather a number of experts – who can advise on what the best method of protection may be.
Every business needs different focus in different areas and there is no “one size fits all” approach to security.
South Africa is clearly a target for cybercriminals and being prepared for when – not if – an attack occurs will put your business in good stead for that day.
[Image – CC 0 Pixabay]