Share

SA business 'unprepared' for cybercrime

accreditation
Ransomware targets South Africans. (Duncan Alfreds, Fin24)
Ransomware targets South Africans. (Duncan Alfreds, Fin24)

Cape Town – South African businesses are ill-equipped to deal with emerging cyber security threats and relay on outdated protection strategies, says a security expert.

Cyber criminals have increased their attacks on SA, but company strategies have lagged the merging threats.

“A common but often misunderstood and over relied on solution is the implementation of firewalls. However, the major pitfall of this so-called ‘trusted’ solution is that firewall configuration is often not aligned with changing cyber security policies,” said Graham Croock, director of IT Audit, Risk and Cyber Lab at BDO South Africa.

“In short, the rate of change with regard to cyber-related risk is accelerating rapidly, increasing the security gaps organisations contend with, and leaving them more exposed than ever before,” he added.

Security firm Kaspersky Lab found that 7% of South African organisations experienced a cyber attack in the last year.

Malicious software such as Equation, Red October, Careto, Flame, Turla, Epic Turla, Wild Neutron, Poseidon and Desert Falcons represent the majority of attacks, but Kaspersky said that businesses should be more concerned with bespoke attacks, even though they make up less than 1% of attack strategy.

“Corporate breaches in the headlines are turning hackers into the new super rogues, as these dedicated, organised, and well-financed cyber criminals bombard organisations through alternating attack tools and paths,” said Croock.

READ: Here's how cyber crooks target young and old

He submitted seven precautions for limiting the impact of cyber attack:

•         Treat security breaches as “when” and not “if” situations
•         Invest meaningfully in people processes and technology
•         Put cyber, network security and survival in the business context
•         Stop deployment of and reliance on “end point fix solutions”
•         Practice resilience scenarios and Business Continuity Plans (BCP)
•         Understand the attack lifecycle and plan accordingly
•         Ensure that you have an active education programme in place to ensure your staff understand the threats and are trained to react appropriately to an attack

The University of Calgary recently paid C$20 000 to cyber criminals who extorted the institution by encrypting data on 100 computers on campus, reported the BBC.

The Hollywood Presbyterian Medical Centre was also forced to cough up $17 000 to gain access to its computer systems.

“Keeping pace with new attack techniques, and effectively defending against advanced threats, is perhaps the biggest challenge facing security teams today in a world of cyber threats. Therefore, architecting a cyber security solution that dynamically adapts to ongoing change is crucial. This, however, is expensive and for many organisations, unaffordable,” said Croock.

READ: Thousands of dangerous app downloads in SA

He said that companies should prepare for 10 major cyber security risks:

1.    Failure to identify cyber risks and implement basic cyber security controls
2.    Failure by executives to identify and understand what generates corporate cyber security risks
3.    Lack of a cyber security policy
4.    Confusing compliance with cyber security
5.    Failure to recognise the importance of social engineering and the risks associated with the human factor
6.    Bring your own device policy (BYOD) and the cloud
7.    Lack of adequate funding, talent, training and implementation of inappropriate resources
8.    Insufficient information security training
9.    Lack of a business continuity and data recovery plan
10.    Failure to identify, accept and understand the rate at which cyber risks are evolving (polymorphic risk)

Croock warned that organisations would do well to prepare for an increase in number of attacks, especially as “attack-for-hire” gains traction.

“The attacks are becoming more sophisticated and are comprising multiple layers and techniques, each outsourced to specialty groups, ensuring zero-day effects.”


- Follow Duncan on Twitter

We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
18.94
-0.2%
Rand - Pound
23.91
-0.1%
Rand - Euro
20.43
+0.2%
Rand - Aus dollar
12.34
+0.1%
Rand - Yen
0.13
-0.2%
Platinum
910.50
+1.5%
Palladium
1,011.50
+1.0%
Gold
2,221.35
+1.2%
Silver
24.87
+0.9%
Brent Crude
86.09
-0.2%
Top 40
68,346
+1.0%
All Share
74,536
+0.8%
Resource 10
57,251
+2.8%
Industrial 25
103,936
+0.6%
Financial 15
16,502
-0.1%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders