Disturbing facts about cyber crime and SA businesses
Today’s threats are increasingly complex and sophisticated, with cyber criminals leveraging all manner of exploits and vulnerabilities to attack businesses for reasons including financial gain, ideological agenda or business disruption.
Around the world each day new strains of malware are being generated each second and organisations of all types and sizes are struggling to combat these threats, leaving many attacks unreported or even undetected.
Moreover, cyber criminals are no longer amateurs, instead they have formed well-run organisations whose operations mirror legitimate businesses. They deploy significant amounts of time and money to execute attacks that cost businesses around the world billions of rands, a trend that is only going to get worse with trends such as cloud, mobility and the Internet of Things (IoT) taking centre stage.
“Barely a day goes by without stories about breaches commanding global headlines, and South Africa is no different,” says Guy Whitcroft, CEO at Westcon-Comstor Southern Africa. “Although SA businesses perceive themselves as being unattractive targets to global hackers, this is not the case. In fact research by the South African Banking Risk Information Centre (SABRIC) revealed that not only is South Africa losing over R1 billion each year to cybercrime, the scourge has increased by nearly 30% since 2013.”
In other research – the Global Economic Crime Survey 2016 conducted by PWC – it was revealed that nearly a third (32%) of South African organisations have experienced cyber crime, and that the number is growing rapidly.”
He says this means that executives need to be prepared to fight the flood of breaches, hacks and scams that are drowning today’s businesses. “The BYO phenomenon, be it application or device is driving a slew of threats to data security. Employees bringing personal devices such as phones, tablets, laptops and wearables, and plugging them into the company’s network, is creating new security risks. While the security of the devices themselves is crucial, businesses also need to ensure they have effective measures in place to protect their networks against threats.”
According to Whitcroft, whaling is also increasingly being used in SA’s security sector. “This type of attack is a type of phishing scam that targets high profile executives that have access to sensitive information within an organisation. Through cunning social engineering tricks, they con these individuals into divulging data such as access credentials, financial details, customer information or personnel records. These attacks are particularly difficult to detect as they do not make use of malicious attachments or URLs. They are also highly effective, costing the global economy billions of rands each year.”
The next issue is that too many businesses do not know where their data is stored, who is responsible for it, and who is allowed access and use it. “A businesses who doesn’t have measures in place to control their data is losing control of their biggest asset. This is also a balancing act between accessibility and privilege. Data that can’t be accessed or shared is of no value, but if too many individuals have access, it can become a liability. This is why use and access needs to be monitored. Add to this the increasing complexity of data residency and compliance, and it’s easy to see why there needs to be control and accountability.”
Finally, and perhaps most frighteningly, was research Giant Gartner’s revelation that the average time from infection to when a breach is detected is 205 days. “Today’s threats are complex. They can infiltrate the network to gain a foothold, then lurk around on the company’s systems for months, gathering intel or exfiltrating information.”
The key to managing risks effectively, is the ability to assess, measure, monitor and control the risk. South Africans need to broaden their focus, establish their tolerance for risk, and have policies and procedures in place to limit the fallout should their tools and measures prove ineffective.