Time to push back as South Africa's cyber security threat gets serious
If there ever was a time for SA cyber security roleplayers to stand together and raise awareness against cybercrime, it's now, says Gerhard Conradie, Managing Director of Evolv Networks.
Globally, ransomware extortion attacks rose by 400% last year to an average of 4 000 per day. A staggering statistic, isn't it?
Staggering and alarming, if one bears in mind that these cyber attacks cost victims US$209m in the first three months of 2016, compared to US$24m for the whole of 2015 (US Justice Department data quoted by Grant Thornton).
South Africa certainly hasn't been spared the cybersecurity bloodshed. In November 2016, our country moved up a list featuring 117 countries sustaining the most ransomware attacks to No 31, from 58 in October - according to reported Check Point threat intelligence. It's said that SA suffered the most cyberattacks in Africa in 2014, facing losses of approximately R50bn, and was listed among the top 10 countries most vulnerable to cyberattacks by Rapid7 security experts in 2016, says Gerhard Conradie, Managing Director of Evolv Networks.
The message is clear: If there ever was a time for SA cyber security role-players to stand together, collaborate and raise cyber crime awareness among business, the public sector and consumers, it's now. Our national security threat is serious and fast-growing. The fight against cyber attacks should top agendas.
What are SA's cyber weak spots?
One real dilemma centres around perception. Just because one cannot see the person pointing the gun at you, demanding your money, many people and businesses don't realise the grave peril they're in and the disastrous consequences they're facing due to data theft or leaks. That's often why they don't alert the police, their insurers or protect themselves against cyber criminals with the same vigour.
Cyber attacks frequently go unreported as businesses are concerned about reputational damage, should presumed business downtime, productivity losses and compromised customer/client data become public knowledge. SA's other weaknesses include unsecured server ports, out-of-date e-mail encryption, a dire shortage of cybersecurity professionals and low levels of security threat awareness.
How can SA push back?
While we welcome SA's proposed Cybercrimes and Cybersecurity Bill and our cyber forensic experts' efforts to bring perpetrators to book, I firmly believe prevention is better than cure. Here the good old back-up remains key. Some SA companies that recently fell prey to ransomware attackers demanding online ransoms in exchange for an encryption key to access the data again, didn't have to cough up as they'd backed up their critical data.
Just as companies and individuals insure their physical assets, it's vital they secure their IT assets with simple but effective solutions and apply threat prevention techniques to networks and endpoints.
It only needs to happen to you or your company once to realise the devastating effects a malware attack can have. As the first line of defence, much of the resistance is in your hands and your responsibility. Push back. Invest in protective technologies and your staff's security training, have a disaster recovery plan in place, and don't be shy to share cyber security information with your peers.
As Justice and Constitutional Development Deputy Minister John Jeffery said: "Enhancing cyber security and protecting critical information infrastructures are essential to each nation's security and the economic wellbeing of a country."
Gerhard Conradie, a certified MCSE (Microsoft Certified Systems Engineer) and CNE (Certified Novell Engineer), is the MD of the Cape Town-based business IT solutions provider Evolv Networks.