Chris Norton, regional director: Africa at Veeam Software
The threat of cybercrime is back in the news as Interpol recently released its African Cyberthreat Assessment Report 2021 which breaks down the most prevalent threats on the continent so that organisations and consumers can better prepare and protect themselves.
It would be a mistake to relegate this report’s significance to the IT department. The C-suite is integral to the fight against cybercrime as it goes beyond theft or reputation – it presents an existential threat.
According to the Interpol Report, the top five threats in Africa are: online scams, digital extortion, business email compromise, ransomware and botnets. Before digging a little deeper into what each threat entails and how organisations should be protecting themselves, it is vital to understand how the criminals behind the scams work.
Most attacks are not conducted by one-off opportunists. Cybercriminals operate in highly organised criminal networks and spend a great deal of time and money on research and development arms, complete with the latest technology and social engineering, to make their attacks highly sophisticated.
Far from being alarmist, every organisation should start from the understanding that it’s not a matter of “if” an attack will happen, but “when”.
These attacks tend to target older generations who are less digitally savvy. Usually, they are more trusting and unfortunately often have more to lose.
Many of these scams tend to mimic communication from a bank to exploit the trust and respect older people hold towards bankers and the role they have played in their lives.
To make matters worse, the scams are becoming more elaborate, believable and to an untrained or inexperienced person, appear to be legitimate and plausible.
This one may have taken many people by surprise. By mere virtue of this being online, digital natives such as school goers or those in their early 20s may well be most at risk. This type of scam runs on the threat of extreme social and reputational damage.
While avoiding extortion is easy if one does not partake in dangerous activities such as sending compromising selfies, the younger age groups tend to find themselves in these situations more often.
Business email compromise
Better known as phishing, these scams involve sending emails purporting to be from reputable or well-known companies to trick people into revealing personal information such as passwords or PINs.
Remote working has exacerbated this phenomenon because many employees are not working within secure corporate networks, or not being given (or are ignoring) the cyber security training that could keep them safe, giving the criminals a far bigger attack surface.
This form of extortion has cost the world $20-billion in 2021 so far, and is set to increase by more than 10 times that amount by 2031. No wonder it gives many enterprise leaders sleepless nights as it can be very profitable for criminals and can inflict untold reputational harm on companies.
Ransomware becomes successful when organisations choose to pay the ransom rather than suffer public embarrassment of the debacle which would follow a complete loss of data.
The criminals behind ransomware attacks are organised and sophisticated and present arguably the single biggest threat to corporate Africa, with one company falling prey to such demands every 11 seconds.
The level of risk posed by ransomware is – to some degree – dependent on the core business. For example, a business that runs its core functions digitally, such as a bank, would suffer catastrophic losses if it were to lose its data, whereas a manufacturer would still be at significant risk, but it wouldn’t necessarily lose its ability to generate revenue.
However, reputational damage and loss of customer trust and confidence can be big enough to lead to the demise of a business regardless of sector. This means no industry can think they’re immune to the negative effects of ransomware.
This is typically how hackers hide – they use compromised corporate and personal computers to orchestrate and launch their attacks, which means the trail goes cold fairly quickly.
If an organisation does not run regular virus and malware scans, they run the risk of inadvertently helping hackers gain access to their network computers.
What can organisations do?
The C-suite plays a crucial role in the fight against cybercrime, with all executive decision makers playing their part in recognising collective ownership of corporate and customer data. All departments use data for business advantage and decision making. So, board members need to support the security and technology strategy, investment and policy being driven by their CIO/CISO colleagues.
Building an effective cyber resiliency strategy also requires the buy-in and commitment of all to departments to help communicate and monitor its ongoing progress.
Additionally, an effective cyber resiliency strategy must work in harmony across all divisions and layers of a business. Prevention should always be priority number one, but in the event of a breach or attack, the company must have a disaster recovery plan in place, which is understood and communicated. Any ransomware or cyber attack could be catastrophic and so there should never be a compromise on how threats are prepared for or treated.
While an enterprise is a large organism, its people are the front line of defence. This means organisations serious about improving their resilience should be ongoing education around how to identify suspicious emails or threats, and how to manage sensitive data so as to minimise phishing and botnet incursions.
These are avoidable, but they require strong mailbox management with junk folder mail deposit rules to isolate possible threats, and machine learning and artificial intelligence tools that are designed to minimise chances of the mails getting through to the user’s inbox.
Technology has advanced significantly in the past two years and so companies should consider deploying modern data protection toolsets and strategies to ensure data recoverability in the event of a serious breach.
Backup and recovery
Criminals have evolved, and so should businesses. It is no longer good enough to have an outdated 3-2-1 backup mindset – three copies, on two different media with one copy being offsite.
Today, and in an effort to protect data effectively against rapidly evolving threats, best practice adds two more layers to the old rule to become 3-2-1-1-0 – three copies of data, two on different media, one offsite and one copy that is air-gapped or immutable and restored with zero errors so that the vulnerability is not restored back into production.
As we can see, it is good to understand how cyber criminals are attacking consumers and businesses alike. However, that’s just one side of the resilience coin. The other requires using that understanding to develop a methodical preparedness and backup strategy that is driven from the C-suite down, and which is founded on best-practice, modern data management.