Sophos and the Itec Group have announced a partnership to help South African organisations combat cyberattacks.

Due to ongoing work-from-home transitions, a lack of cybersecurity best practices in SMBs, and absence of stringent cyberlaws at this point of time, regional organisations need to prioritize defences against ransomware and other types of cyberattacks.

Ransomware has become one of the most significant cyber threats facing companies of all sizes, regardless of industry segment. According to the Sophos State of Ransomware 2021 report, 37% of global respondents were hit by ransomware last year, and 54% of those admitted that cybercriminals had succeeded in encrypting their data.

“Most significantly, the average cost of recovering from a ransomware attack was more than R 6,8-million. Very few companies in South Africa have access to these kinds of funds, even to remain operational. We have also seen attackers targeting local financial services and ICT sectors with ransomware. And, as more schools and other education institutions embrace online learning due to the COVID-19 pandemic, the educational sector has also become an appealing target,” says Pieter Nel, regional head for SADC (The Southern African Development Community) at Sophos.

Nel says that of the 200 local companies that participated in the Sophos survey, 24% were hit by ransomware in 2020, with 44% of those attacks being successful. Simply put, there are more entry points into the organisational network than ever before resulting in new opportunities for attack. Some companies might use a firewall from one vendor and an endpoint solution from another, with no integration taking place, which results in more risk of compromise.

“Factor in a growing remote workforce with very few people actually having full firewalls at their homes, non-standard configurations of Wi-Fi networks, and the myriad personal devices connecting to a home router. Best security practices should be a concern,” Nel adds.

According to Ria Mey, product manager for network security at Itec SA, this reflects a broader challenge in the South African cybersecurity market.
“When it comes to cybersecurity strategies, best practices are virtually non-existent, especially amongst the smaller businesses. Often, there is a lack of investment in cybersecurity with many SMEs opting for either the cheapest product available or the plethora of free-antivirus solutions available for download. Exacerbating this is South Africa’s cybercrime laws which still needs ramping up. All combined, companies and consumers here are likely targets. Just think of how few companies have some form of cyber insurance in place. And if ransomware is successful, do they go to the closest police station to open a case or what is the process?” she says.

While, all of these factors help enable cybercriminals, the implementation of the Protection of Personal Information Act (POPIA) has made more companies aware of the importance of protecting their data and what the regulatory risks are for non-compliance.

“Even so, there is still room for more education. Continual cybersecurity awareness training is essential for any employee working in a distributed environment. Employees need to be aware that cyberattacks often start with people opening a compromised email attachment, clicking a malicious link, or putting in an infected flash drive into their laptops,” says Nel.

Mey says that social engineering remains a significant concern in the South African market.

“We have seen an increase in phishing attacks that spoof internal emails impersonating CEOs and CFOs. User education in this regard is more important than ever. Companies should consider investing in a cybersecurity ecosystem that can automatically react to threats to minimize their attack surface,” she says.

Additionally, the complexity of the threat landscape and the widening of the cybersecurity skills gap in the country means businesses need to stay in touch with the latest trends and technologies to safeguard employees, data and systems.

“Cybersecurity resellers must evolve to become managed services providers and even provide Security Operations Centre (SOC) offerings capable of monitoring customers around the clock. Invariably, vendors will also start to invest more in South Africa as the threat landscape becomes more severe and more ransomware attacks are successfully promulgated,” says Nel.

“From a customer perspective, implementing the likes of a SOC is still prohibitively expensive for most small businesses,” says Mey.

“Smaller companies are looking for more affordable, integrated cybersecurity solutions. This allows them to remain focused on their business priorities while the security aspects are managed automatically in a professional environment. If local companies are to futureproof their environments for a digital world, they must begin with a cybersecurity-first approach. Sophos and its next generation cybersecurity solutions, such Intercept X and Sophos Firewall, provide the layered security needed to better protect regional organizations,” says Mey.