The harsh truths about rising cyber risk in SA

In recent years SA has seen a stark increase in cybercrime. When it comes to the countries most affected by this kind of criminal activity we rank sixth in the world and have garnered a reputation as a global hotspot. Our nation has also registered the largest year-on-year rise in cybercrime, seeing an increase in cyberattacks in excess of 200% since 2019.

If your business falls victim to cybercrime it can result in serious financial losses that can be worsened by the damage caused to your reputation. It has never been so important for your company to develop an in-depth understanding of evolving cyber risk so that you can take steps to protect yourself and mitigate potential losses. 

Cyberattacks can take various forms, but in essence they generally involve a malicious and deliberate attack by an individual or organisation to gain unauthorised access to another organisation’s network for the purposes of damaging, stealing or disrupting certain IT assets, computer networks or other forms of sensitive data. Cyber risk is the danger of financial loss, operational failure or damage to an organisation as a result of these disruptions.

To be aware of some of the threats that are out there, here is a breakdown of several different cyberattacks that you should be aware of:

• Malware is a malicious code or software inserted into a system to compromise the confidentiality, integrity or availability of data. It is introduced covertly to compromise information, applications or entire operating systems. It often gains access through “phishing” scams. These involve deceiving individuals into either clicking on malicious links or revealing sensitive information to steal passwords, money or identities to commit further crimes. A scam of this sort led to the December 2021 data breach suffered by a large SA bank, which compromised the personal information of property owners through unauthorised access to their confidential information. 
• Ransomware is code that enters a computer network and encrypts files through the use of public key encryption, preventing or limiting a user from accessing their own system or data. The cybercriminal responsible then demands some form of ransom payment to reinstate an organisation’s access to its own data. In March 2022 TransUnion was the target of a ransomware breach in which the personal and business data of more than 10-million individuals and organisations across SA was compromised. 
• Distributed denial of service attacks are designed to render an online service unavailable by overwhelming it with excessive traffic from various sources at the same time. The response time of the targeted website slows down significantly, preventing users from accessing its services. These attacks are often used as a means to distract organisations while more intrusive cyberattacks are attempted by cybercriminals simultaneously. 
• Business email compromise scams are generally a form of email cybercrime that is intended to target an organisation for the purpose of defrauding it. They are typically orchestrated through the use of email messages that misleadingly appear as legitimate requests from seemingly known sources. Organisations with particularly weak computer network safeguards are usually the target of such scams, specifically those with minimal controls over online banking systems. 
• WhatsApp scams have become a prevalent and effective tool to commit identity theft. These are characterised by the theft and processing of unsuspecting victims’ cellphone numbers to impersonate them to their friends and family members and request emergency money transfers. These tend to be aimed at individuals more so than organisations. 

Risk factors and common mistakes include:

Inadequate training and human error

An organisation’s employees are usually the first line of defence against cyberattacks. These attacks are often perpetrated by targeting staff members who fail to observe their company’s cybersecurity protocols. Employees can also expose businesses to various cyber risks through password compromises or sending emails to incorrect recipients. It is imperative that companies conduct comprehensive cybersecurity awareness programmes to train staff members to recognise, prevent and respond to cyber threats.

The lack of an incident response plan

This is an operational framework for responding to cyberattacks and data compromises. During cyberattacks time is usually of the essence and organisations that fail to develop effective plans in advance are often unable to respond appropriately, leading to further losses and damages. 

Legacy systems vs updated technology

Legacy systems are systems with outdated technology that have not been sufficiently updated over time. While organisations often keep these systems from early periods in their history in a bid to save costs, the cybersecurity threats that they expose themselves to as a result can be far more costly than updating their technology and system networks. 

Considering that cybercriminals are constantly designing complex cyber scams predicated on rapid technological developments that are consistently re-engineered to target unsuspecting victims, organisations can no longer afford to ignore the risks posed by cyber threats. A failure to prepare for and respond to these risks puts any business in the firing line. 

Considering the rise in cybercrime in SA and the companies that have already fallen prey to these scams, it is important to take the security of your company’s data seriously. If you want to mitigate the risks associated with cyberattacks you will need to adopt a forward-thinking dynamic approach designed to integrate effective and rapidly evolving cybersecurity mechanisms. 

• Mohamed is director and head of corporate investigations & forensics, and Ntontela: corporate investigations & forensics associate, at CMS SA.