What we’ve learned from cybersecurity in 2021

The intensity and frequency of cyberattacks, rather than the exposure to new vulnerabilities, is what business leaders should prepare for in today’s hybrid work environment. Cybercriminals are fully aware of the time that industries take to identify and remediate – it could take days, weeks, and even months to patch vulnerabilities if organisations don’t have the proper security policies and infrastructure. The bottom line is the hybrid workplace is now very much a part of our everyday life, and IT professionals and employees need to step up in ensuring each endpoint is secured.

Check Point Research (CPR) highlights the growing scale of the problem, recently reporting that cyberattacks on organisations worldwide surged by 40% this year, compared to the previous year, with one in every 61 organisations impacted by ransomware each week. In South Africa, the frequency of cyberattacks is far worse, with an organisation being attacked 1 737 times a week, compared to 819 times a week per organisation globally.

South Africa’s government is heeding the call for better prevention, with President Ramaphosa signing the Cybercrimes Bill into law at the end of May. While there’s still no commencement date for when this bill will come into force, the signing shows cybersecurity – protecting against crimes spanning hacking and ransomware to cyber forgery, extortion and more – is being taken seriously.

Organisations must keep cybersecurity top of mind when planning for the year ahead. Let’s take a look at four key cyber incidents from 2021 to offer learnings that will help organisations better secure and protect their businesses, assets, and people from potential threats…

1. Attacks on critical infrastructure: Across the globe, cybercriminal organisations increased attacks on essential services and governmental bodies, such as transport, education, and the like. One local example of the negative impact such crimes can have on the economy, is the Transnet cyberattack that occurred in July, bringing activity to a halt for a number of days. Looking at the economic fallout of this cyberattack, Investec mentioned lost sales and cash-flow issues for importers and exporters, noting that, at the time of the attack, Durban’s port was only handling 10% of our country’s trade – a figure that usually sits at 60%.   The incident served as an important call-out for government to proactively increase critical infrastructure security because the recovery process is complicated and can be lengthy. We now live in an age where critical infrastructure can easily be disrupted in any corner of the world. What’s most concerning is that, in the majority of cases, these incidents can be prevented. Private organisations, too, must ensure that they have an effective disaster-recovery plan in place and that their security systems are up to date. Leveraging third-party software to protect against such threats and other attack vectors is advisable.
2. Triple-extortion ransomware attacks: In Check Point Software Technologies’ 2021 mid-year report, we identified a new type of threat – Triple Extortion attacks, an evolution of the already trending ransomware crime. In a traditional ransomeware attack, sensitive company data is stolen, with criminals threatening public release unless a payment is made. In a Triple Extortion, the attack follows the same path, but with the added element of the hacked organisation’s customers and/or business partners being targeted too, with criminals demanding ransoms from them as well. The July cyberattacks affecting IT management software made by Kaseya, which put some South African companies in the criminals’ line of sight, is an example of this.
3. Supply chain attacks: Increased cyber incidents have triggered organisations to realise that they are only as strong as their weakest link due to multiple high-profile supply chain disruptions across industries, most notably the recent SolarWinds attack. Researchers looking into this attack identified security flaws in Atlassian, an Australian-founded software platform with more than 180 000 customers worldwide. With just one click, an attacker could have used the flaws to gain access to the Atlassian Jira bug system and obtain sensitive information. CPR responsibly disclosed the research findings to Atlassian, who deployed a fix for potential account takeover. Distributed workforces and remote technologies have exacerbated the trend in supply chain attacks, making it imperative to ensure these technologies have the best defences against malicious data extraction.
4. Cyber fraud around Covid-19 vaccination certificates: Vaccine mandate policies are being applied as more countries emerge out of lockdown, driving the demand for fake vaccination certificates. While this trend hasn’t been reported in African countries yet, in international markets, the demand for fake certificates has exploded in recent weeks, with CPR revealing that the number of sellers increased 10-fold from August to September this year. Cybercriminals are capitalising on these pandemic-related developments for personal gain, as evidenced by reports of fake certificates previously sold for as low as AUD 110 (roughly R1 230) on the dark web – and now, even on the clear web. 

If there is one thing we learned this last year, it is that no one is immune. Cybercriminals will seek to take advantage of organisations and individuals. To stay ahead of threats, organisations need to adopt a proactive approach to cybersecurity, and individuals must educate themselves on how to keep safe online. An unprotected surface or endpoint is a weak point – leading to potential attacks and threats.