A massive 66% of South African organisations have experienced technology downtime after a cyber security incident, with 85% of those confirming that these incidents happened during their busiest operational periods.
This is against the backdrop of nearly half of South African companies anticipating an increased demand for their online products and services over the 2021 festive season.
One-third of affected businesses confirm that they had lost at least R800 000 during operational downtime caused by cybercrime, with 80% of organisations adding that they find it very difficult to maintain a fully staffed security operations centre (SOC) during peak holiday periods.
It’s not just financial losses that impact these businesses: 46% of cybercrime victims lost between one and seven days of operations – which could have even longer-term repercussions for stock, viability of raw materials (such as foodstuffs), and service delivery contracts with clients.
The findings were revealed when McAfee Enterprise and FireEye released research titled “Cybercrime in a Pandemic World: The Impact of Covid-19”, which highlighted gaps in organisations’ approaches to cyber security in the face of increasing cyber threats.
“With McAfee research highlighting that data breaches, phishing scams, and malware attacks are the greatest threats to South African businesses, we have already seen an uptick in ransomware and data breaches as the local festive season begins,” says Carlo Bolzonello, country manager for McAfee Enterprise in South Africa.
“While many of the businesses surveyed quantified their losses in the survey, we suspect that their responses included only the operational losses of being hobbled by cybercrime, and do not account for the additional costs of threat identification, tracing, and implementing remedial action,” he says.
“These processes are made even more complex when organisations have multiple layers of security products and platforms within their environments, each with differing strengths and weaknesses, and each requiring a different skill set to navigate.”
Businesses that are aware of the potential damages that could be caused by a cybercrime attack are adopting a multi-pronged strategy to protect their operations over the festive season and beyond.
Seventy-one percent are investing in employee training, while 69% are implementing new software solutions, 73% are promoting software updates, and 69% have increased their internal communications strategies to boost awareness around information technology issues.
“These efforts are all extremely important, with communication with all employees being vital, particularly in the current pandemic world of work, where half of South Africa’s IT professionals expect at least half of the colleagues they support to be working remotely in the future,” Bolzonello says. “Few home networks are as secure as those in office environments, and remote workers do tend to postpone security updates until they’re less busy – too often, until it’s too late.
“Reminding workers about the tell-tale signs that could signal a ransomware or data breach attack is vital, as is providing a plan of action, including contact details for key security personnel, to use if their security is breached. Even the most devious of cyber-attacks can be foiled simply by someone responding wisely to a threat, using information that’s already been shared with them,” he adds. “After that, it’s up to the cyber security team to trace and identify the threat, and take appropriate action.”