When we first engage with companies, many leadership teams believe their cybersecurity is adequate. It’s often only after a cyber event or breach that it becomes clear just how sophisticated cybercriminals are – and how quickly the landscape keeps changing.
Unfortunately, according to research conducted by Surfshark, South Africa is among the top 10 countries in the world to have experienced the most cybercrimes in 2021. In our own experience, 2022 has seen an uptick in cybercrimes locally and we expect this trend to continue.
So, why is cybercrime so prevalent and what can businesses do to increase their cybersecurity? Let’s start with why it’s so widespread.
Cybercrime is the organised crime of the digital age. First, it’s important to understand that cybercrime is a business. It’s predominantly run by a few organised cybercrime syndicates who hack into digital systems and networks themselves, as well as sell programs to other hackers. This means that anyone can purchase a sophisticated malware program on the dark web and hack into a system – they do not need to be hackers themselves, or even cyber experts. The ability for anyone to commit a cybercrime has resulted in the exponential growth of the industry in recent years.
Cybercrime is extremely lucrative. There are so many different ways for cybercriminals to make money – and in many cases, multiple ways to make money from one hack. For example, we’ve seen hacks that have shut large organisations down. Without access to their systems, they cannot operate. The cybercriminals hold the system and the company’s data to ransom and will only allow the business back online once the ransom has been paid. The average ransom in South Africa is around R20 million, although the highest ransom demand we saw in 2021 was for R78 million. However, even if the ransom is paid, most hackers will exfiltrate data and personal client information to either use themselves or sell on the dark web. This is used to defraud individuals and access bank accounts. The same information can be sold multiple times. We’ve all received a text message or emails from a Nigerian prince, right? In most cases, that’s data that was quietly stolen through a data breach.
The world is digital. Cybercrime isn’t new, but the fact that everything today is online means that cybercriminals have unlimited access to everything they need to defraud businesses and individuals – if they can get past cybersecurity defences. It’s an opportunity that is too good for cybercrime syndicates to ignore. Everything exists online somewhere – it’s just a case of finding it and using it.
Malicious software is sophisticated, but how data is used is straightforward. Most cyber scams are very straight forward. For example, if a hacker can gain access to a business’s systems, they can do something as simple as changing the banking details of a supplier to ensure that any funds get sent to their accounts. They can send fake invoices and pose as legitimate employees behind fake email accounts. If they gain access to personal client details, they can call or email individuals and convince them to share one time pins that give them access to personal bank accounts. Most scams are very similar to old-fashioned fraud – the only difference is that the digital world (and how easy it can be to access data) has made scams more prevalent than ever before.
This can all sound incredibly daunting. The good news is that there are a number of measures that businesses can take to keep themselves – and their clients – cybersecure.
Here are 5 ways to keep your business cybersecure
- Ensure your back-ups are up-to-date, offline and encrypted
The goal is always to first keep cybercriminals out of your network, but if the worst does happen, still having access to your data can mean the difference between keeping your business running or not. Back-up your data to a secure cloud server or offline (air-gapped) location and have a data recovery plan in place that works with a service provider to recover lost data.
- Update passwords and implement multi-factor authentication
Most of us don’t choose random, long strings of passwords that are difficult to remember because they’re just that – difficult to remember. Hackers love simple passwords that are repeated across different sites and that are never changed. You’re practically inviting them into your system, and once one device is breached, the entire network can be accessed without the right security settings in place. In the attacks that Cyanre has responded to over the past two years, in 43,5% of cases we found large occurrences of easily guessable passwords, even though clients had enforced complex password policies. This allowed extensive and easy lateral movement by the threat actors.
It’s also a good idea to require multi-factor authentication when an employee is trying to access sensitive network areas. This adds an additional layer of protection by asking them to take at least one extra step — such as providing a temporary code that is sent to their smartphones — to log in.
- Audit or assess your systems
Unused accounts are often used as a backdoor into a network by hackers and disgruntled employees. A full audit of your system will remove any unused accounts and pinpoint of there has been unusual activity associated with those accounts. An added bonus is that there are often monetary savings associated with removing duplicate and unnecessary accounts.
Any organisation should have a security assessment program. It is advisable to have a rolling program throughout the year rather than only relying on a once-off test every few years. The following assessments should form part of such a rolling program:
- Vulnerability assessments
- Compromise assessments
- Security policy review
- Cyber insurance readiness
- IR plan and procedure assessments
- Penetration testing:
- External penetration test
- Internal penetration test
- Wireless penetration test
- Web application penetration test
- Testing the human firewall
- Have a clear incident response plan in place
Incident response is a set of policies and procedures that IT teams use to identify, contain, and eliminate cyberattacks. The goal of incident response is to quickly detect and terminate cyberattacks, minimising damage and preventing future attacks. There are typically six steps to incident response: Preparation of systems and procedures; Identification of incidents (when they occur); Containment of attacks; Eradication of both attackers and re-entry routes; Recovery from incidents, including the restoration of systems; and lessons learned that can strengthen the organisation’s cybersecurity and future responses.
- Work with a service provider who can support your business
One of the biggest challenges organisations face during a cybersecurity crisis is not having a service provider already in place who is only a phone call away. This means that in the middle of a crisis situation, service terms are being negotiated and SLAs drafted, which is a waste of time when every second counts.
Having a service provider in place ensures that you have a team of experts actively monitoring your network who can immediately address a breach. It’s also important to ensure that your team knows who they should contact in the case of an emergency.