Security Awareness Month 2021: Cyber criminals never sleep

Did you know that South Africa has the third-highest number of cyber attack incidents in the world and that the cost of recovering from these cyber attacks tops R2 billion per year, according to the Accenture Insight into the Cyber Threat landscape in South Africa[1] report of 2020?

The same report stated that South Africa is such a soft target mainly due to our low investment in cyber security and our immature cyber crime legislation.

The reality is that the bad guys never sleep. Cyber attacks are increasing alarmingly, and in 2021 some organisations like Transnet, SBSA, ABSA, COJ and DOJ have all suffered from catastrophic cyber attacks.

October is Global Cyber Security Awareness Month. AVeS Cyber Security will be hosting three webinars on everything you need to know about cyber security and how to create cyber security awareness within your working environment.

“The message in our webinars will be how to take ownership of cyber security in your company and how to avoid becoming a victim,” says Charl Ueckermann, group CEO of AVeS Cyber International.

Topics that will be covered:

• What is cyber security?
• Why and how do hackers hack?
• Phishing and other -ishings;
• Social engineering;
• Data leaks;
• How to prevent a cyber attack;
• A brief overview of how the POPI Act actually impacts cyber security awareness; and
• How to secure web browsing.

“We want to create cyber awareness and show how a company can build cyber awareness and security into the DNA of any company,” says Ueckermann.

“In the webinar, we will give you some helpful tools on how you can prevent a cyber attack, how to spot phishing e-mails, what you can do to increase your password security, and how to browse the web safely. We will also share very valuable social media tips.”

What is cyber security?

Cyber security is the practice of protecting data such as your systems, networks and programmes. Because we live in such an interactive world – connected and fully online all the time – we need to make sure that we are cyber aware.

With every click and every search, we are leaving behind a digital footprint that contains our data.

Most cyber breaches are caused by human error – we open compromising e-mails, browse insecure websites, fall for scams and have weak passwords.

Through human error, hackers can gain access to your company’s IT platforms, start stealing data or even encrypt the company’s information and devices, forcing the company to stop its operations.

Cyber criminals use this data to steal billions of rands, and because you are a human, you are a soft target.

Why do hackers hack?

Hackers want your data, especially your personal and confidential information. Often, they sell your information to other criminals on the dark web who then use it to get loans and credit cards in your name. This is called identity theft and increased by 337% in South Africa last year.

The reality of cyber attacks in South Africa is mortifying, but the statistics according to Statista's Research Department give a clear picture of why this is really happening:

• South Africa has a population of over 60.14 million;
• 38.13 million are internet users;
• 95% of the population uses mobile phones; and
• 25 million are social media users.[2]

Statista also notes that 41% of our population are active internet users, and we access social media at least twice a day.[2]

According to the IBM Cost of a Data Breach Report 2021[3] the global average total cost of a single cyber data breach for an organisation was R63.60 million (compared to R57.90 million in 2020). In South Africa, the cost was R48.15 million (compared to R47.85 million in 2020). The IBM report stated that the costliest industry for cyber attacks in 2021 was healthcare, whereas the industrial industry suffered most in 2020.

As only 25% of companies in South Africa have security automation deployed, the time to identify and contain a breach takes on average 287 days.[3] That means cyber criminals roam freely on company systems for almost 80% of the year before being discovered or stopped. This is a lot of time for cyber criminals to steal information, find systems' critical vulnerabilities, change system settings and hide their activities. It then makes sense that only 47% of companies reported a breach in the last 12 months.[3]

“It is not a question of if you are going to be attacked, but when. It is important to make sure you implement the right software and processes to prevent it and that your employees are aware of how to prevent a cyber attack,” says Ueckermann.

How do hackers hack?

According to the Verizon Data Breach Investigations Report 2021[4] 96% of social engineering attacks are delivered by e-mail, and 3% arrive through a website. Only 1% is associated with phone or SMS communications.

Cyber criminals use deception to manipulate individuals into divulging confidential or personal information to use for fraudulent purposes. This is called social engineering. Hackers use emotions like desire, anger, curiosity, empathy and greed to catch people off-guard.

“Cyber attacks can be prevented, and we specifically look at how phishing e-mails can be spotted, data and passwords can be protected, and how web browsing can be secured. No business should operate without such cyber survival knowledge.

“We also look at social media in particular. Remember: what goes online stays online, and you always leave a digital footprint when you go on social media. Certain information is very valuable to hackers,” says Ueckermann.

Total cost of a cyber attack

The damages done by a cyber attack can be immense.

The theft of your data often leads to cyber criminals asking for a ransom to give your data back to you or keeping it private, but paying the ransom doesn’t necessarily mean data recovery. Cyber attacks often lead to downtime where nobody can access their computers or data. In South Africa, the average downtime caused by an attack is six days.

Recently, the POPI Act has been put in place, and if a company breaches the Act, it can lead to harsh fines (R10 million or 10 years in jail). An attack can also lead to mistrust and fear among your clients when their data has been compromised, negatively impacting your business's reputation. When a staff member has fallen into the trap set by cyber criminals, the company also needs to consider operational and remedial actions, which might be costly.

The webinar series will offer valuable information for everyone who ever uses a cellphone, computer or tablet, not only at work but also for personal reasons. You really can’t afford to miss it. Cyber theft is very real and very part of our day-to-day life.

* The next in the series of webinars will take place on Thursday, 28 October. To join this important webinar, register at https://www.eventbrite.co.uk/e/cyber-awareness-as-part-of-your-company-dna-tickets-171831280987

References:

1. Accenture. (2020, May 27). Insight into the cyber threat landscape in South Africa. Retrieved from Accenture: https://www.accenture.com/za-en/insights/security/cyberthreat-south-africa
2. Statista. (2021, Jan). Digital population in South Africa as of January 2021. Retrieved from Statista: https://www.statista.com/statistics/685134/south-africa-digital-population/
3. IBM. (2021, Jul 28). How much does a data breach cost? Retrieved from IBM: https://www.ibm.com/security/data-breach
4. Verizon. (2021, May 13). 2021 Data Breach Investigations Report. Retrieved from Verizon: https://www.verizon.com/business/resources/reports/dbir/