In the past year alone, 47% of South African companies indicated that they’d been affected by ransomware, at an average cost of R6,4-million.
By Iniel Dreyer, MD of Data Management Professionals South Africa
A recent survey showed that 5% of local organisations indicated that they would pay a ransom, which incentivises cybercriminals. Interestingly, although more companies were affected by ransomware globally than in South Africa, local companies experienced more downtime as a result of cyber-attacks with the average downtime being seven days or more, compared to six in the rest of the world.
Such disruptions increased by 20% in 2020, with 88% of cyber breaches attributable to employee mistakes. While most businesses are getting on top of data management and disaster recovery and might recover from a ransomware attack that encrypted their data, there is a new version of ransomware that has hit the cyber threat landscape.
This attack involves cybercriminals stealing personal/sensitive data and demanding a ransom under the threat of publishing the stolen data online. So how can businesses prevent cyber-attacks and protect their data if cyber criminals are constantly pushing the envelope? It all boils down to preparation and vulnerability management.
The cyber threat landscape in South Africa
As many employees work from home, corporate network assets are increasingly vulnerable. The lifecycle of a ransomware attack is on average 280 days, with the average time to identify a breach being 220 days. This means that most organisations had their data compromised long before they realised it, with 58% of attacks remaining undetected for several months. It usually takes around 56 days to resolve an attack, and the types of cyber-attacks are constantly changing in order to optimise the return. Malware has evolved rapidly during the Covid-19 pandemic, with email dominating the delivery method of choice. Cyber criminals are using polymorphic malware to bypass traditional detection by constantly shapeshifting. Anti-malware tools, which usually focus on static files to detect malicious activity, are being fooled by file-less malware that exists in run-time memory only, leaving no footprint.
Shifting the focus to bypass humans entirely
The cost of cyber-attacks themselves is also rising with R18 billion in ransoms paid out in 2020, and although 53% of affected South African victim companies paid a ransom, only 40% got their data back. In 2022, it’s no longer going to be a case of ‘if’ it happens, but rather a matter of ‘when’, it happens. This is particularly true, as there has been a shift in focus for cyber attackers. With increased cyber security awareness training, it’s getting harder to trick people into compromising their credentials or handing over sensitive information. Now, instead of focusing on the user as the weakest link, cyber criminals are exploiting vulnerabilities in external-facing network structures directly. This means that anything with an IP address that touches the corporate network is a possible attack vector if not protected correctly.
Dynamic vulnerability management and incident response
Managing vulnerabilities and risk is critical with a process in place to mitigate and respond to data breaches. Once critical vulnerabilities are found, having an established process in place to close these as early as possible will mean that the company is less likely to be negatively impacted by the breach. Of those companies that were affected by a cyber-attack last year, at least 40% of them were aware of the vulnerability prior to breach, indicating that it’s not enough to detect an attack, it is also critical to have a process in place to close the risk through continuous vulnerability management.
Ultimately, data must be safeguarded
However, security isn’t just about stopping intruders from gaining access to the business network, and data protection is just as important. Here, to adequately protect data it will be necessary to:
- Identify what data there is, and where it is located (on-premise, cloud, hybrid, SaaS, etc.).
- Have a backup and recovery plan in place for all systems.
- Ensure data is stored off-site for long-term retention and Disaster Recovery.
Through this exercise, it is critical for companies to understand the data they have because not all data warrants the same level of protection. This involves assessing the costs associated with data, including an examination of the possible repercussions if that data was stolen and leaked publicly. Adequate data protection depends on answering two important questions: how often do we need to backup data and where do we keep this data? Due to increasing levels of digital warfare, it’s more important than ever to focus on business continuity and disaster recovery, both of which are now available to organisations under the ‘as a Service’ business model which gives companies the ability to bounce back faster after a disaster.
Data responsibility lies with the owner
Most importantly, businesses need to remember that no matter what cloud technologies they adopt or applications they use, as the customer, the data remains their responsibility. This means that businesses need to focus on the final security frontier: safeguarding their backups because attackers know that if they can encrypt backups, the company has less of a chance of recovering. The best way to do this? Multiple copies of data to ensure that access to it is never lost, while working with cyber security technologies to ensure a multi-pronged approach to protecting data and allowing people to access it.