“Were you a victim of cybercrime last year?” asks Anton Jacobsz, MD of Networks Unlimited. “It is a valid question to ask just about any business these days as technical sophistication and reasons for cybercrime have evolved significantly in the past 12 months.”
He adds that 2015 was possibly the year that changed the impact of cybercrime from being “bothersome” to being an “epidemic”.
“We are living in a new cyber reality now and the way we view cybercrime – that is who, what, where, when and how – needs to be understood and progress along with the rapid advancements we are witnessing in today’s attacks,” says Jacobsz.
“It will certainly be interesting to see what the repercussions for cyber criminals in our country will be in 2016, once the new Cybercrimes and Cyber Security Bill is passed into South African legislation.”
Jacobsz highlights stats from the latest ATLAS threat report, a collaborative project between Google Ideas and Arbor Networks, which observed over 2,000 denial of service (DoS) attacks per day.
Networks Unlimited distributes security and network solutions across 18 countries in Africa, and Jacobsz stresses that further cybercrime is “not only an issue for large financial or retail organisations in Europe or the US, but Africa is fast becoming a popular target for cybercrime”.
Amit Yoran, president of RSA, The Security Division of EMC, shares further emerging trends that the cyber security industry and organisations need to be ready for in 2016.
According to Yoran, organisations will during 2016 begin to realise that not only is their data being accessed inappropriately, but that it is being tampered with. “Data drives decision making for people and computer systems. When that data is unknowingly manipulated, those decisions will be made based on false data. Consider the potentially devastating consequences of misrepresented data on the mixing of compounds, control systems, and manufacturing processes,” he says. Furthermore, he emphasises that as organisations become more comfortable with the ‘as a Service’ model, many of their most sensitive applications and data will reside in the cloud. “The aggregation of this valuable data from many companies creates an incredibly lucrative target for cybercriminals and cyber espionage. A deeper appreciation of third party risk is needed.”
What’s more, Yoran says that relatively unsophisticated cyber vigilantes have joined sophisticated hacktivist collectives, such as Anonymous, and organisations need to realise that financial gain is no longer the only or even the biggest driver of some of their adversaries. “Security operations and risk managers should evolve their understanding not only of the threat, but also of what, why, where, and how they are being targeted,” he says.
Yoran also stresses that the growth in the use of cyber technology for terrorism, hacktivists and other actors, combined with the weakness of industrial control systems’ security generally, and with the potential impact of bringing down a power grid or water treatment plant, makes the critical breach of an ICS in 2016 extremely concerning and increasingly likely. Additionally, he adds that as organisations’ security programmes continue to mature, they are learning that claims of being able to prevent advanced threat breaches are nothing more than fantasy. “Expect to see a shake-out in the security industry as organisations maturing understanding of advanced threats increasingly drives their security investment decisions,” he says.
Concludes Jacobsz: “I can’t stress it enough – businesses operating in Africa need to be extremely aware of the rise and regular cyber attacks in our region. They are happening on both a small and a grand scale. In 2016, companies need to be prepared and make realistic decisions regarding their security. Data breaches are not longer bothersome but can cause damage to your reputation and bottom line. Most importantly, do not be ignorant this year – cybercrime can happen to you.”