Organisations should harden security, educate their workforce and shore up their last line of defence, writes Ian Engelbrecht, Africa lead and systems engineer at Veeam.
Cybercrime is on the rise and South African C-suites would do well to ensure that they have up-to-date and appropriately resourced strategies to deal with its threat. The pandemic showed us that while land and sea borders can be shut, in the digital village this is not possible, and more importantly, in many instances it is unclear where these attacks originate.
The definition of cybercrime perhaps holds the key to who should take it seriously. Cybercrime is defined as criminal activities that are carried out by means of a computer or the internet. Anyone who uses a computer that is connected to the internet should have a cybercrime strategy in place. No matter where you are in the world, if you let your guard down you are at risk. Everyone needs to be responsible for keeping data safe.
Ageing infrastructure and reduced budgets in South Africa and the rest of the continent make these shores rich hunting grounds for unscrupulous networks of cybercriminals.
These reduced budgets, compounded by economic shocks caused by the pandemic, have in many instances in our experience made it more difficult for Chief Information Security Officers (CISOs) and Information Security managers to fully implement their strategies, leaving weak points in their defence.
However, despite this and the increase in sophisticated cyberattacks, the Veeam Data Protection Report 2021 shows that the top global challenge facing organisations is economic uncertainty, surpassing cyber threats which was the top threat last year.
Similarly, the top challenges anticipated by African organizations in the next 12 months is industry disruption (35%), economic uncertainty (32%) and meeting changing customer needs (32%). The threat landscape is continuing to evolve and prioritising a solid cybercrime strategy can never be overemphasised.
One of the fastest growing trends is phishing emails, where the user is tricked into clicking on a link to a fake login page which shares credentials with the attacker. The problem with these attacks is that the culprits are becoming very good at making the emails appear authentic and as if they come from a legitimate source.
Another growing trend we encounter is ransomware, where a business’s critical data is encrypted and rendered unusable until a ransom is paid, which is when an encryption key is provided. In many cases ransomware attacks are very well coordinated and some target specific entry points using phishing.
To bring this point home, City Power in Johannesburg suffered a high-profile attack with a ransomware virus that impacted most of its IT systems. The ransomware affected their primary website, which is used by citizens to log complaints and purchase prepaid electricity.
It’s not as if these two trends are not well-known, yet the sophistication of these attacks often surprises companies. We have encountered instances where the attackers find security flaws and exploits in perimeter hardware and software before the vendor is even aware or has rolled out global patches or updates.
The pandemic has no-doubt compounded matters because of the large uptake of remote working. Home networks can be less secure than those one would typically find in a corporate office, if regular security updates and processes are not followed. This has exponentially increased the attack surface for criminals. Many of these criminals work in networks that are sophisticated, with research arms continually finding new and innovative ways to exploit companies and gain access to sensitive business data.
Everyone is at risk, whether they are in the financial sector or even government – wherever there is data that can be used against them, there is an opportunity for cybercriminals.
Yet basic data protection needs are unmet with almost three quarters (69%) of African organizations reporting a “protection gap” between how frequently data is backed-up versus how much data they can afford to lose after an outage.
Cyber criminals will exploit any weaknesses and one vulnerable entry-point can expose the business to crippling attacks. For example, criminals intercept payments through fake accounting or render duplicate invoices from compromised finance department email addresses, and redirect the money to different bank accounts.
What should companies do?
First, businesses need to recognise that cybersecurity is a business issue, and any downtime is not just an IT problem.
According to the Veeam Data Protection Report 2021, over two in five (62%) of African organizations said that a loss of customer confidence was most concerning potential impact of application downtime. More than half (57%) fear damage to brand integrity and almost one-third (30%) think this could result in a loss of employee confidence.
C-suites should ensure IT departments have the resources required to harden security and to ensure that pen testing is done on a regular basis – this could be as often as monthly, or in some instances once a quarter. The point is that the latest known exploits are being tested against the infrastructure.
Education is vital. Companies should spend time and money continuously educating users on security best practices and processes. These campaigns should make them aware of what to look out for, what to do and what not to do. Simple phishing exploits can be avoided by educating the workforce – but it must stay top of mind and share regular best practice that addresses the latest cybercriminal tactics.
A company can have the latest, state-of-the-art perimeter security but it will be worth little if a user within that protected network accidently opens a door (or an email) that lets criminals in.
Finally, and most importantly, every organisation must have a last line of defence because it is challenging to always be a step ahead of the criminals. Organisations should follow what Veeam calls the 3-2-1 rule: three copies of data, two of which are on separate storage mediums and one is stored offsite. These copies should be agnostic to hardware, software, hypervisor and public-cloud platforms.
If your data centre is compromised, you should be able to use these copies and have various options of where to deploy as a temporary measure, to get your business back up and running should the worst happen.
These additional copies must be tested on a regular basis as they, too, are rendered useless if they cannot be restored. The final checkbox with your data copies is to ensure they are encrypted and protected from theft and are immutable in some way that they cannot be compromised or deleted.
It is imperative that organisations prioritise strategies to mitigate and prevent cyberattacks as part of their modern data protection initiatives. As more organisations invest in robust plans of action to defend themselves, it places those that haven’t kept pace at heightened risk as cybercriminals look for new targets.