The South African 2014 cybercrime losses are estimated at R5,8-billion, and statistics show it takes on average 200 days for an organisation to identify a breach, writes Candice Sutherland: business development consultant at SHA Specialist Underwriters.
In light of this and with the recent report that the Afrikaans singer, Steve Hofmeyr’s, Web site was brought down by a Distributed Denial of Service (DDoS attack), allegedly implemented by hacktivist group Anonymous Africa, businesses and individuals must take heed and protect themselves from the possible consequences of a breach.
Following the attack on Hofmeyr’s Web site, the group tweeted: “You will be happy to know we are currently running ‘miniop’ (mini operation) against the racist @steve_hofmeyer.”
Anonymous Africa was reportedly also behind the cyber-attacks on the ANC’s Web site and Zimbabwe’s state-run newspaper, The Herald, in 2013. The ANC confirmed the attack in a statement saying: “The African National Congress has noted that someone calling themselves Anonymous and claiming to be the legitimate representative of the people of Zimbabwe has flooded the Web site of our organisation.” A Twitter account allegedly belonging to the hacker behind the attack tweeted minutes before the ANC Web site was shut down: “tick tock tick tock, your site will stop working in 40 minutes.”
Later targets of the world-wide hacktivist group Anonymous included government agencies of the US, Israel, Tunisia, Uganda, and others; child pornography sites; copyright protection agencies; the Westboro Baptist Church; and corporations such as PayPal, MasterCard, Visa, Sony and Independent Newspapers’ Independent Online (IOL) in South Africa.
Most recently, the group has vowed to attack terrorist Web sites and social media accounts in revenge for the killing of Charlie Hebdo journalists too. The announcement stated: “We, Anonymous around the world, have decided to declare war on you, the terrorists” and promises to avenge the killings by “shut(ting) down your accounts on all social networks.”
“We Are Legion: The Story of the Hacktivists” is a documentary that takes us inside the world of Anonymous, the radical “hacktivist” collective that has redefined civil disobedience for the digital age. Related groups LulzSec and Operation AntiSec carried out cyber-attacks on government agencies, media, video game companies, military contractors, military personnel, and police officers which resulted in the attention of law enforcement agencies being drawn to these groups and their activities.
If caught in South Africa the hacktavists could be charged under the Electronic Communications and Transactions Act (ECT) – Act 25 of 2002 – which states: A person convicted of an offence could be liable for a fine or imprisonment for a period not exceeding five years .
The risks an individual and/or company are exposed to include:
* System unavailability and downtime
* Starting from scratch – rebuilding entire Web site
* Business being held to ransom
* Loss of revenue
* Loss of data
* Reputational damage and costs associated with looking to reduce the impact of a breach
* Loss of competitive advantage
* Industry and regulatory fines and penalties (PoPI)
* Litigation arising from compromised data.
What a cyber-insurance policy should cover
* First Party Expenses (actual costs to restore, re-collect or replace data, costs and expenses of specialists, investigators, forensic auditors or loss adjusters, costs and expenses for the use of rented, leased or hired external equipment, services, labour, premises or additional operating costs including staff overtime);
* Loss of Business Income (net income which would have been earned had the breach not occurred);
* Notification Expenses (expenses incurred to comply with privacy legislation such as legal expenses and communication expenses through mail, call centres, Web site and customer support expenses);
* Crisis Management Expenses (services of a public relations consultant, related advertising or communication expenses); and
* Associated regulatory fines and penalties to the extent insurable by law.
We live in a digital world where it has become far more lucrative to steal online than on the street.