The ransomware industry is flourishing in South Africa, while business are largely unprepared for the business interruption and financial fall-out of a breach.
In a recent Carte Blanche episode, the investigative news programme revealed that South Africa had been ht by numerous major cyberattacks during 2019. State agencies were key targets: the Civil Aviation Authority was hit in July 2019; City Power was hit with ransomware twice in a matter of months. Both incidents occurred at the end of the month when most South Africans receive their salaries and do payments, highlighting the fact that ransomware attackers will exploit flaws in IT infrastructure at critical times to gain optimum leverage.
In July 2019, South Africa also experienced the longest running cyber-attack campaign among all the regions monitored by email and data security company Mimecast, according to its quarterly Threat Intelligence Report. Four major cyber-attack campaigns were detected in South Africa between July and September and several local financial services companies bore the brunt. According to Mimecast, it detected more than 116 000 attacks in SA over an eight-day period in July by an unknown actor or group, using various malware types.
The increasing frequency and voracity of cyber concerns are mirrored in Aon’s 2019 Global Risk Management Survey where participants ranked cyberattacks and data breaches as #6 in the top 10 risks facing organisations today. Startling figures are changing business and public perceptions of cyberattacks:
- Malware attacks in SA increased by 22% in the first quarter of 2019 compared to the first quarter of 2018, translating to around 13 842 attempted cyberattacks per day – Kaspersky Lab.
- A data breach in South Africa costs an average of R36.5 million, and the long tail costs of a data breach can be felt for years after the incident. SA ranked 7 out of 16 countries polled for the highest cost of a cyber breach. – IBM security study conducted by the Ponemon Institute.
- Alarmingly, in terms of the cost per record breached, SA ranks much higher at 11 on a scale of 16 polled countries, costing US$155 per record – the same as for the UK and not that far behind the US ($242 per record), which is alarming when you consider the size of the US economy compared to South Africa. – IBM security study conducted by the Ponemon Institute.
- In 2019 in South Africa, the average time to identity a breach was 175 days and 56 days to contain it. IBM security study conducted by the Ponemon Institute.
- Large businesses are not the only targets and hackers are indiscriminate. In fact 43% of cyber-attacks target small businesses according to the Verizon 2019 Data Breach Investigations Report (DBIR).
- Small businesses face disproportionately larger costs relative to larger organisations, which can hamper their ability to recover financially from the incident. IBM security study conducted by the Ponemon Institute.
- Lost business was the biggest contributor to data breach costs. The loss of customer trust had serious financial consequences for the companies studied, and lost business was the largest of four major cost categories that contributed to the total cost of a data breach. IBM security study conducted by the Ponemon Institute.
Visit the next page to read about why cybercrime has become so rampant, and how you can protect yourself.