GARITH PECK: Cyberattack pandemic hits companies as criminals slip through defences

Cybercrime is clearly rising. In the past months publications have been filled with reports of ransomware attacks on healthcare facilities and malicious hacks of large financial institutions and critical infrastructure.

With recent government regulations on cybersecurity, there is a clear indication of a proliferation of cybercriminal activity in SA, from which no industry or organisation is immune.

Research by analytical firm KuppingerCole reveals that there has been a 238% increase in global cyberattacks during the pandemic, with remote working contributing to this high figure. In the study, 70% of office workers admitted to using their office devices for personal tasks, and almost a third have let other people use their work device. In addition, 71% of employees surveyed say they access more company data, more frequently, from home now than they did prepandemic.  

Inappropriate use of IT resources is a leading cause of data breaches, according to a Kaspersky report, with human error, insecure remote networks and risky employee behaviour opening the door wider for cybercriminals to find vulnerabilities. Gone are the days when organisations can assume they will not be a target.

Once an organisation has been a victim of cybercrime, the costs of investigation into an attack, repairing and restoring systems and networks and implementing increased security measures quickly add up. In late 2013 US retailer Target had a data breach in which hackers stole data from up to 40-million credit and debit cards of shoppers during the holiday season. According to the company, the breach cost it a total of $202m (almost R3bn), and led to a fall in Target’s stock price and the resignation of its CEO.

Losses are not limited to financial terms. One compromising breach can tarnish a company’s reputation, which may have taken years to build. Regaining consumer trust and loyalty can be far more difficult than recouping monetary damages in the wake of a cyberattack. 

More opportunistic

Most such attacks are attempts to gain money and sensitive information, but there is also a more sinister threat if critical infrastructure is infiltrated. There have been reported incidences at several water treatment plants in the US in which attackers gained access to operational controls to poison water for public consumption. Expand this scenario to other municipal services, power suppliers, transport and information networks and the fallout can be catastrophic. 

Cybercriminals are becoming more opportunistic, and more ubiquitous as organisations move away from traditional perimeter-based networks in a remote working environment. Organisations must thus re-evaluate their risk profile as a priority.

There is no single solution to ensure protection across distributed networks, but taking a layered approach to cybersecurity can be an effective defence tactic in the complex threat landscape. This means using technology to protect separate entry points such as email gateways or password protection on devices, and not only relying solely on traditional perimeter defences and firewalls. Security controls need to be monitored, software updated and legacy systems upgraded constantly.

Deeper understanding

Implementing new technologies that use cloud hosting and artificial intelligence can assist IT resources in the rapid detection and mitigation of threats. But security technology alone is not sufficient. Integral to a layered security approach is the people factor, in which employees can be the first line of defence in reducing the risk of an attack. Organisations should put guidelines and processes in place to create a security culture. This includes better password management, introducing policies on managing sensitive data and training programmes on cybersecurity awareness.

Through this synergy between technology, people and processes it is apparent that cybersecurity is not just the remit of the chief information officer and IT department; everyone has a responsibility to prevent the risk of a cyberattack. While employees can be active threat defenders, at an executive level a deeper understanding of networks and systems and data protection can lead to effective investment and implementation of cybersecurity strategies across an entire organisation.

A trusted cybersecurity provider can help organisations understand the cybersecurity environment, advise on best practices, and offer solutions based on differing needs. In the threat landscape the question of a cyberattack taking place is not if but when.

The challenge for organisations is to improve their security awareness and engage with security technology and practices at all levels. Without doing this, a cyberattack may extend beyond business to society at large, with severe, irrevocable consequences.

• Peck is executive head for cloud security at Vodacom Business.