SA's cyber space gets more risky
South Africa has been ranked number nine in the world in the Global Threat Impact Index released for May 2017 by Check Point Software Technologies.
According to the Israeli-based cyber security firm, SA has jumped 13 places up the risk rankings in just one month.
The Global Threat Impact Index delivers threat data and attack trends from a global network of threat sensors. The Check Point ThreatCloud database holds over 250 million addresses analysed for bot discovery, more than 11 million malware signatures, over 5.5 million infected Web sites, and identifies millions of malware types daily.
Doros Hadjizenonos, country manager of Check Point SA, explains that one of the key contributing factors for SA's risk profile increasing was "definitely the massive worldwide WannaCry attack that impacted both local and international organisations".
"This amplified the reality of cyber attacks truly being an international operation and that it is not limited to specific countries, but an open playing field. Local organisations need to move away from thinking that this type of attack will never happen to them. This type of thinking just makes the organisation so much more vulnerable to attacks."
The top 10 list for May's threat index report are Zambia, Nigeria, Cambodia, Mongolia, Qatar, Macedonia, Uganda, Malawi, SA and Georgia.
Hadjizenonos points out that some of the biggest threats local organisations are facing at the moment is malware in its various forms, as well as the vulnerability of their employees.
"Seeing that cyber criminals can simply make minor adjustments to a known malware that will make it undetectable, it is extremely important to ensure organisations have a multi-layered, holistic protection system in place that can catch malicious activities on various layers as it tries to infect the organisation.
"Given that it only takes one employee to click on a malicious link to infect the organisations, cyber criminals can target these individuals directly in order to get to the larger organisation. Therefore, it is crucially important to ensure employees are continuously educated and made aware of the dangers of the current cyber security landscape."
The index also revealed more than one in four organisations globally was affected by the Fireball or WannaCry attacks during May.
Check Point notes two of the top three malware families that impacted networks globally were zero-day, previously unseen attacks.
It notes Fireball impacted one in five organisations worldwide, with second-placed RoughTed impacting 16% and third-placed WannaCry affecting nearly 8% of organisations globally. The two malware variants, Fireball and WannaCry, rapidly spread worldwide throughout the month of May.
According to the cyber security firm, the most prevalent malware highlights the wide range of attack vectors and targets cyber criminals are utilising, impacting all stages of the infection chain.
It explains that Fireball takes over target browsers and turns them into zombies, which it can then use for a wide range of actions, including dropping additional malware, or stealing valuable credentials. By contrast, RoughTed is a large-scale malvertising campaign, and WannaCry takes advantage of a Windows SMB exploit called EternalBlue in order to propagate within and between networks.
WannaCry was particularly high profile, bringing down a myriad of networks worldwide, says Check Point.
Manuel Corregedor, COO of information security company Telspace Systems, says the biggest security risk facing local companies is the lack of skills within information security.
He notes organisations are also not adapting quickly enough to the changing threats and are not getting the basics right, such as asset management, patch management and user account management.
"Organisations should not get caught up in the 'cyber security' hype. It is important for them to understand their risks and put the controls in place that are going to be the most effective given their risks or context."
Meanwhile, Jon Tullett, IDC's research manager for IT services for Africa, says ransomware, data theft and data loss in general, denial of service, and insider threats are some of the biggest risks facing South African organisations.
However, he points out the threats are similar in SA to the rest of the world. "The threat actors vary somewhat, but the broad spectrum of cyber risk and threat is not very different."
Tullett says WannaCry had limited local impact. "There were some locally affected organisations but nothing catastrophic. I haven't seen any local reports of Fireball yet - the estimates I've seen have mostly been extrapolations, and are probably exaggerated."