Have a strong backup plan in case ransomware hits, Finance Indaba expert warns

Only a few companies get all their data back when their system is hacked, says Pieter Nel.

Pieter Nel, regional head SADC at Sophos, said at the Finance Indaba Online that the number of cyber attacks has shot up since the introduction of the hybrid work model.

In his discussion about cybercrime and how it can affect any business’s balance sheet, Pieter said when companies get hacked, they have to make very difficult decisions, including whether to pay a ransom.

Pieter said cybercrime is a business for hackers (alternatively, the dark web). With Covid-19 having changed the way businesses operate, the risk of being hacked has increased, he said. “The more stuff you bring into the network, the more complex it gets. Sitting remotely, we have to secure the users, because they are the biggest risk for any business. The human element is the risk, because most of us are not trained to click on the entry points for ransom attacks.

He said a survey his company did on more than 5,000 businesses revealed that 66 percent of businesses were hacked last year.

“If you think about that, that is a lot of people,” he said, pointing out that ransomware doesn’t only affect the reputation of the business, but it is costly. When a business is hit by ransomware, it has to inform the market: “Imagine what that would do to your brand,” he said.

Pieter explained that the first thing hackers do is encrypt data and force the business to pay to get it back. “When that happens, it means your full network will be down.”

He warned that the hackers never give back 100 percent of the data they have retrieved from the company. “About four percent of people got all their data back. That’s the sad part,” he said, adding that “hackers always want to leave that door open for a secondary ransom”.

Techniques to counter cybercrime

“Make sure you have a strong backup process and make sure it is tested all the time,” Pieter said, warning that backups can also be corrupted with ransomware. “You have to test your backup as often as you can to make sure it is secure and safe,” he noted. According to Pieter, because of the complexity that comes with ransomware, people pay so they can get back to business.

“The more we pay ransoms, the more we feed the dark web. Make sure you have a human element and a technology element working together.”

He said the average payouts made for ransom in the past year were $812,000. And because not a lot of businesses, particularly SMMEs, can afford to save up to R15 million just so they can operate, they will be forced to close down if hit by ransomware.

He advised businesses to have a malware recovering plan. He said CFOs also need to ensure that their assistants know what to click when the system is under attack. “Be proactive. When you get hit, you are in such a panic. It is a messy time. You need to have a tested plan and test your backups.”

Finally, he recommended that businesses should always be training their users in dealing with cyber attacks. “Please spend money and time on training,” he said. “You must make sure every person who has access to your network is authenticated.”