The impact of cybercrime on SA companies: are we better or WORSE off?
During the last year, the public became painfully aware of what cybersecurity experts have long been warning us about: That cybercrime is on the rise and that everyone is a potential target. The recent WannaCry and Petya attacks have revealed that hackers have adopted an increasingly financial focus, as they demand ransom (usually in cryptocurrencies like Bitcoin) in exchange for unlocking the affected users’ data. Companies throughout the globe have been affected in the latest attack this June, with South African companies being no exception.
But are South African companies at higher or lower risk compared to their peers?
Cybercrime on the rise both globally and in SA
The latest strain of Petya/NotPetya ransomware affected thousands in South Africa but yielded less than R26,000. However, the WannaCry attack produced higher revenue for the cybercriminals, while the lower impact of the Petya attack on South African users might be attributed to the fact that it was heavily Ukraine-oriented - so much that the country has alleged foreign government involvement and dubbed it an act of "cyberwarfare". Cybersecurity experts in the country warn that South Africa might soon fall victim to another cyber attack and that companies in particular need to prepare as many still use outdated systems and do not adequately protect sensitive data.
In fact, according to a report published on Business Media Mags, South Africa ranks as third worldwide in terms of the number of cyber crime victims. Meanwhile, internet fraud costs us millions every year and card fraud is on the rise, while the estimated losses of users affected by cybercrime rise to more than R2.2 billion annually. Smaller SA companies suffer from a lack of funds invested in coming up with proper protection, as statistics suggest they increasingly become targets for hackers going after sensitive data.
South African companies need to brace against cybercriminals
Yet, the impact of cyber crime across SA enterprises is uniformly severe; PwC's 2016 Global Economic Crime Survey reveals that criminal activity on the internet is the fourth most reported type of economic crime in South Africa, while it is the only area of economic crime that the country saw rise in the last couple of years, from 26 percent in 2014 to 32 percent last year. Almost one third of SA companies have fallen victim to hackers and 57 percent believe they will be affected in the next couple of years, yet only 35 percent of them have proper response strategies in place to avert incidents.
Properly educated staff seems to be key in effectively combating cyber-attacks, as data suggests that lack of employee training is a crucial factor; in fact, it is the second leading cause of ransomware infections globally. According to a study conducted in 2016, 36 percent of the success of all ransomware attacks is due to insufficient employee training. In addition to raising personnel awareness, SA companies are also advised to implement proper internal safeguards, update their software and encrypt sensitive data, as well as put in place cybersecurity tools, such as a web application firewall. A firewall essentially inserts multiple extra layers of protection between the website and malicious requests and will protect against the most popular and critical threats, such as SQL injections and cross-site scripting, while also allowing companies to comply with PCI certification requirements.
The new Cybercrimes and Cybersecurity Bill - currently in the process of being enacted after the public comments period - a revised version of which was introduced to Parliament earlier this year, will undoubtedly change the landscape, introducing new offences related to hacking and ransomware, as well as cyber extortion. It remains to be seen how the SA private sector will respond to both cybercrime challenges and the new legislation.