Those in the information security sector have long held the opinion that it’s not a matter of if a company is going to experience a cybersecurity incident, but when.
Despite only 72 percent of South Africans using the internet according to The International Telecommunication Union’s indicators, the population is not immune to cybercrime.
In fact, as more South Africans come online, the risk of breaches increases as well. This was showcased in Heloise Pieterse’s paper The Cyber Threat Landscape in South Africa: A 10-Year Review published in the African Journal of Information and Communication.
“The prevalence of cyber incidents can be expected to continue in the coming years. South African organisations need to be cognisant of cyber threats and prepare financially viable defenses. However, the inadequate reporting of cyber incidents is creating a void that limits our understanding of South Africa’s cyber threat landscape. Improved collaboration with regard to the collection, analysis, and reporting of cyber incidents, guided by appropriate authorities such as the National CSIRT, is required,” writes Pieterse.
To get a better understanding of the current threat landscape, the advent of cybersecurity insurance, and whether South African firms are battening down the hatches, we spoke with Commercial Insurance Partner at King Price Insurance George Parrott, and underwriting lead of Personal Cyber at ITOO Special Risks, Candice Sutherland.
We spoke with the pair via video call and our first question was whether businesses under or overestimate the amount of risk they face in cyberspace.
Without delay, Sutherland responded, “I think they definitely underestimate their risk. We must bear in mind that we are dealing with companies that aren’t IT literate. Let’s say I’m an attorney or I’m a hairdresser and I’m outsourcing my IT Services. If my IT service provider told me that this firewall is the silver bullet, it’s impenetrable and I’ll be fine, how would I as a business owner who’s not IT literate know that what they’re saying is fundamentally untrue or incorrect.”
The underwriting lead tells us that businesses, especially in the SME sector, are more prone to attacks as what they spend on firewalls and security solutions just can’t match the tools cybercriminals have at their disposal.
Underestimating the risk a company has also stems from a misunderstanding of who is responsible for the company’s data. Some business owners may mistakenly think that because they store their sensitive data in the cloud, the cloud platform operator is responsible for that data, but that isn’t the case.
“Realistically, and in terms of South Africa’s legislation, if you are the custodian of your client’s information, you are responsible for it, regardless of where it is stored” explains Sutherland.
Circling back to the problem SMEs face, Parrott explains that cybersecurity insurance, whilst still a new insurance product, can assist greatly in navigating the risky waters of cyberspace. However, businesses appear to be reluctant to make use of the product,
“From our side, Cybersure is a fairly new product and the uptake isn’t what we expected it to be,” explains Parrott. “I think everyone realises there is a risk, a risk to data or to a network attack but there is a feeling that ‘it won’t happen to us,” the partner says.
Business owners tend to think that because they have some bases covered, they will be fine in the event of an attack but more often than not they aren’t properly covered for all vulnerabilities.
King Price’s Cybersure product is a rather attractive offering for SMEs. Beyond simply covering a business in the event of a breach or an attack, Cybersure also makes certain services available to business owners.
This cybersecurity insurance product includes access to a 24/7 helpline where an IT specialist can help you navigate an incident remotely or on-site if need be, a media specialist to help with provisions of POPIA such as notifying users of a breach, and even legal counsel and lawyers if needed.
All of this is designed to get a business back up and running as soon as possible but we’re talking about the cure now, and really, prevention is the better tactic.
As Sutherland explains, while 51 percent of breaches occur through malicious criminals, the other attacks often occur when an employee clicks a malicious link or opens a file they ordinarily wouldn’t.
This highlights the need for continuous training of employees but even here, training can only go so far. The fact is that attackers are constantly improving their methods of attack and compromise through the use of emerging technologies. Just like email birthed the 419 scam of the early 2000s, artificial intelligence presents new challenges.
“WormGPT is based on the same language model as ChatGPT but it’s designed with malicious intent in mind. With little to no knowledge at all of how to hack someone, you can use WormGPT to write the attack for you whether that be phishing or business email compromise,” explains Sutherland.
“Gone are the days where poor spelling or an incorrect logo alerts you to a potential attack,” the ITOO underwriter states.
Good reputation, bad actor
When it comes to best practices, experts will say that paying a ransom in a ransomware attack is a bad idea. This is because it signals to the attacker that they can use you as a payday in the future and attackers will often leave backdoors to return to paying targets in a bid to get them to pay again.
Unfortunately, Parrott tells us, paying the ransom is rather common in SA.
“It’s a Catch-22 situation. You don’t want to support terrorism or ransomware, and that sort of thing, but often that’s the only way to get your data back,” says Parrott.
While there is a risk that a business pays the ransom and never gets its data decrypted, this is becoming less of a concern. Solutions like WormGPT cost money and attackers want to make money. Part of that means maintaining a reputation – bizarre as that may seem – so wringing a target for money only to leave them without their data could negatively influence the reputation of the attacker, hampering their ability to get more payments in the future.
Bizarrely, this need to impress and deliver even comes down to negotiating the ransom. Sutherland tells us how a company was hit with an R80 million ransom and being unable to pay that amount negotiated it down. The company had to provide proof that it wasn’t able to pay that amount but ultimately, the attackers lowered the ransom.
This illustrates just how eager attackers are to get in and out while also making a quick buck and the more you can hamper them, the less likely they are to keep trying to compromise your business.
One way to avoid having to pay a ransom at all is by regularly backing up your data.
“It’s very easy to backup your data,” explains Parrott. “Start by backing up your data regularly and making sure that it is accessible and working. Test that the backup works regularly so that it’s easier to reinstate your data if something goes wrong.”
Good password hygiene, multi-factor authentication, training, backups, awareness, and cybersecurity insurance can all help to mitigate the impact of a cyber attack and these days it’s best to make use of as many of these as possible.
Don’t wait for an attack to happen before you take action and get cybersecurity insurance, for all you know, that attack is happening right now.
