SA a 'big target' for cyber crime

Cyber crime poses the biggest risk to local business, with elements like mobile and cloud exacerbating the threat.

Bonnie Tubbs
By Bonnie Tubbs, ITWeb telecoms editor.
Johannesburg, 11 Apr 2013
If you think your data is safe, think again, says Andrew Kirkland, country manager of international security firm Trustwave.
If you think your data is safe, think again, says Andrew Kirkland, country manager of international security firm Trustwave.

SA is a major target for data breaches and, while local businesses on the whole have certain measures in place, these are insufficient until companies understand and appreciate the value of their unique data.

This is according to Andrew Kirkland, country manager for security firm Trustwave, which found 90% of organisations experienced the loss of sensitive or confidential documents over the past year - either through security breaches or careless employees.

Cyber crime, says Kirkland, is the biggest threat to South African businesses, and depends on the type of information that is being looked for and the specific industry businesses operate in. "The more sensitive/valuable the data is to the perpetrator, the higher the threat. Financial data (credit cards, bank accounts, etc) - this is valuable information that can easily be converted into cash and could be accessible remotely or via internal sources."

He says security threats are compounded by the fact that malware has now extended into the mobile space. "We have seen an increase [in malware] of 400% from 2011 and there are now more than 200 000 malware applications designed for Android-based mobile phones - and this is growing."

In light of this, says Kirkland, the managed security services industry has seen "phenomenal growth" in SA, with many service providers offering various services in this space. He says the focus given to cloud-based services is also fuelling demand.

Recent research by Trustwave involving forensic investigations and penetration tests for companies worldwide, including SA, reveals what Kirkland says is a clear message, applicable to businesses worldwide. "The message in the statistics is clear - if you think your data is safe, think again. No matter where you are in the world you could be a target. Currently, Africa, in particular SA, is a big target and we need to be vigilant with our data."

Scary statistics

Here are some of Trustwave's main findings:

* 19% of all malware gets missed by anti-virus systems;
* 56% of exploits blocked in 2012 used Java vulnerabilities;
* Out of 80 new viruses studied last year, none were detected by 40 leading anti-virus vendors;
* In 2012, there were 91.9 million URLs serving malicious code;
* 75% of insiders who stole material from their employers had authorised access to that material;
* 90% of organisations experienced the loss of documents last year;
* 54% of insider IP thieves used a network - e-mail, a remote network access channel or network file transfer to remove the stolen data;
* Interception of executable files via e-mail has almost doubled every year since 2008;
* Trade secrets were stolen in 52% of insider theft cases; and
* 68% of organisations say employees frequently or very frequently attach and send confidential documents in clear text using Web-based e-mail accounts.

Types of data exposed include customer records (89%), trade secrets (6%), electronic-protected health information (3%), business financial account numbers (1%) and authentication credentials (1%)

Growing threat

Kirkland says recent studies reveal a real sense of the threat landscape SA faces today. "Malware is a real risk to all businesses - not only for its malicious intent, but also for the capabilities it has to infiltrate sensitive/targeted data - and it is evolving daily and becoming more intelligent in the way it functions.

Work through it

Targeted attacks and malware will be discussed at the ITWeb Security Summit 2013. A practical survival workshop on security incident response with be run by Dan Crisp, acting chief information security officer: information risk management, BNY Mellon, co-presenting with Lynn Terwoerds, founding member, Cloud Security Alliance. The Security Summit will be held from 7 to 9 May, at the Sandton Convention Centre. For more information about this event, click here.

"Since the source of this malware could be from an international location, the chances that it makes its way into a South African business network, is very high. Most employees cannot identify malware and due to the increasing intelligence of malware, not even IT security systems are detecting them fast enough. Some remain undetected inside an organisation's network for days or months, and in 5% of the cases we investigated - years. This detection trend is increasing (210 days average, 35 days longer than 2011)."

Kirkland puts this drastic increase down to the following reasons:

* Companies do not have the correct technologies in place or they have legacy systems not geared to pick up threats. This may be due to lack of available budget;
* Skills may be lacking;
* Malware is becoming more intelligent and is harder to detect - now spreading to mobile devices (in particular Android);
* Complacency; and
* Security is not always a priority and often viewed as a grudge or necessary evil type purchase.