Liberty group CIO brings out top guns to fight extortionists
Benjamin Marais, group chief information officer (CIO) of under-fire financial services provider Liberty, says no resource has been spared by the company to deal with the hack.
On Sunday morning, Liberty clients woke up to the news that the insurer had been subjected to unauthorised access to its IT infrastructure by an external party.
On Monday, the firm said it was at an advanced stage of investigating the extent of the data breach, which, it said, seemed to largely centre on e-mails and possibly attachments.
"At this stage, there is no evidence that any customers or the group have suffered any financial losses," Liberty said in a statement.
Responding to ITWeb's questions via e-mail following the hacking incident, Marais, who served as MTN CIO from 2016 to 2017, said Liberty was alerted to the intrusion into its network late on Thursday evening by the external party who gained illegal and unauthorised access into the firm's IT infrastructure.
He said at this point, Liberty can't confirm the number of customers who have been affected, as the investigation is in an advanced stage to establish the extent of the data breach.
"Liberty will proactively inform any customers individually if and when it is discovered they have been impacted."
Earlier this week, Liberty CEO David Munro said the company did engage with the external parties involved to determine their intentions, but made no concessions in the face of this "attempted extortion".
Asked about the sort of demands the "extortionists" made, Marais said: "We are working with the authorities on this matter and cannot disclose this information at this point."
On how much the company has spent to address the hack, he responded: "No resource has been spared in responding to this situation by Liberty. Suffice to acknowledge that until the investigation is complete, we will not be able to quantify the cost at this point."
Liberty's share price on Monday morning opened at a high of R126.69 per share and by lunchtime, the share price had declined by 4.3% to R119 per share, wiping away an estimated R1.5 billion.
Nonetheless, Marais said, after the hack, Liberty's specialist teams immediately began investigating the incident, prioritising the protection of customer details and the security of the company's IT systems.
"No resource has been spared in responding to this situation by Liberty. We have assembled a huge team of technology and security specialists that have world-class skills specialising in incidents such as these.
"We immediately identified and addressed specific vulnerabilities that our IT infrastructure may have had, ensuring the integrity of our customer data. Our team of IT and security personnel have devoted all their efforts around the clock to ensure we live up to our duty of care to protect our customers and their details.
"We live in a world of highly sophisticated criminals, whose methods evolve at an equal pace as the technology built to protect data from them. We will continue to evolve our security systems to protect our customers."
According to Marais, Liberty is already working with a number of authorities, including the Information Regulator, on this matter. Liberty will meet with the regulator on Friday.
On Tuesday, the Information Regulator requested an urgent meeting with Liberty to get an understanding of how its data was breached by hackers at the weekend.
In a statement issued by the chairperson, advocate Pansy Tlakula, on Monday, the regular said it had written to Liberty CEO Munro to find out how the breach occurred, the extent and materiality of the data breach, as well as the interim measures put in place by Liberty to prevent any further compromises.
Commenting on the hack, Matt Boddy, security specialist at IT security company Sophos, says the story so far is that cyber criminals claim to have broken into Liberty, stolen some data, but for a suitable blackmail payment will keep it secret. If not, they'll leak it to the world.
"Liberty has refused to pay and good on them. After all, there's no guarantee that the crooks wouldn't leak the data anyway, or sell it to other crooks, or come back with bigger demands next month. In fact, now the crooks have this data, what if they get hacked, in turn, and the data stolen by someone else; the 'pay for silence' game could go on forever."
Boddy is of the view that this isn't like a ransomware attack where crooks demand money to get an organisation's computer system running again.
"We recommend not paying ransomware demands, but at least if you do, you can tell pretty quickly whether the data unscrambling tool you bought worked or not; you're essentially 'paying for a positive'.
"In an extortion attack of the sort against Liberty, you're 'paying for a negative', essentially trusting the crooks for ever more. The good news is that Liberty is being up-front about the attack, trying to find out just how much the crooks got hold of in order to make sure an attack of this sort doesn't happen again."
Kate Mollett, regional manager for South Africa at Veeam, notes the Liberty breach of e-mails and possibly attachments is extremely concerning.
"Security breaches are getting bigger and bigger. What started off as a few files or records is now being regularly measured in the millions of users. Businesses must understand and act fast to ensure the chain of trust between them and their customers is never broken; not just to retain a customer, but to attract new customers and avoid business-changing fines," says Mollett.
Meanwhile, in its latest communication to customers, Liberty said: "...we would like to inform you of the following to help you be vigilant in the protection of your data: 1. Liberty will not send you an e-mail or link for you to change any of your passwords. 2. It is always good practice to ensure you select strong passwords and change them on a regular basis."