As the volume of successful cybercrime breaches and hacks increase, cyber security has become an urgent priority for businesses and individuals everywhere.
Web and network attackers constantly strive to undermine the protection of company and personal data, making it more of a challenge than ever before for people and organisations to stay secure.
Potential cyber threats
Cybercrimes are becoming more frequent and more damaging on a global scale. According to the Cyber Exposure Index, South Africa is the sixth most targeted country internationally for cybercrime.
CEOs and corporate leaders at this year’s World Economic Forum in Davos, Switzerland, ranked cyber attacks as the second most concerning risk of doing business globally in the next 10 years.
Brett Kilpatrick, head of the Institute of Advanced Cyber Defence, told a GIBS forum that utilities and essential services are at risk of attack. Companies and nations should strengthen their cyber defences as cyber warfare and traditional warfare merge.
According to reports, 58% of cyber attacks target small to medium businesses that are not able to defend themselves due to their lack of budget and staff to implement sophisticated security solutions. Hackers spend on average 191 days inside company networks before they are discovered, Kilpatrick said.
The travel industry has recently become the most targeted sector, due to the sheer amount of personal data travellers provide when booking flights and trips, including their passport numbers, banking details and home addresses.
Kilpatrick, who works with businesses and individuals to advance their knowledge in the domain of cyber intelligence and security, said a company’s cyber security rating is likely to become as important as its credit rating for doing business internationally in the future.
He explained that cyber attacks in the form of malware, or malicious software, breaches through mobile devices and through the cloud, are becoming increasingly common.
Malware attacks are the most prevalent cyber breaches in South Africa.
“Malware is at crisis levels and needs to be addressed,” Kilpatrick said.
Data breaches and ransomware threats follow.
There has been an increase in cloud-based threats as more companies migrate their data. Mobile breaches have also increased with the increasing popularity of bring your own device policies at many organisations.
“Each device that enters the organisation needs to be protected as it is an entry point to the company,” Kilpatrick said.
There is a need for an estimated 3 million additional cyber security professionals globally, which is anticipated to increase to 3.5 million by next year. At least 70% of companies report a cyber security skills shortage, Kilpatrick said, with security-related skills and data protection the most in-demand IT capabilities in South Africa at present.
How can businesses equip themselves to prepare for cyber threats?
While previously, cyber security was considered IT’s responsibility, it is now becoming a much broader company-wide issue.
“Cyber security is an organisational responsibility, something the entire company must be aware of and prepared for,” Henry Denner, information security officer for the Gautrain Management Agency, said.
Denner has first-hand knowledge and experience of dealing with a data breach, after a disgruntled employee hacked the Gautrain’s systems in 2014 in an attempt to access funds in excess of R800 million.
He explained that 80% of successful cyber attacks exploit the human element: “Any breach of the organisation will follow the path of least resistance, which is often humans,” he explained.
Email is a particular vulnerability, and phishing emails are still the most successful delivery mechanism for malware.
“Cyber criminals will attack you in your private capacity in order to access company information,” Denner said, adding that there was a need for greater individual awareness of the cyber security threat.
A breach of an organisation’s IT system can often inflict emotional and reputational damage and have financial implications.
Denner estimated that the Gautrain breach had cost the company in excess of R11 million to date due to lost productivity, forensic investigation fees, security upgrades and ongoing legal fees.
Artificial intelligence and machine learning technologies offer new solutions for threat detection, and will accelerate the identification of new threats and offer automated responses as manual security management becomes simply impossible.
However, Denner cautioned that there was no single simple technical solution to cyber security: “Any vendor trying to sell a ‘silver bullet’ for detecting hacking threats isn’t being honest. You can only track what people do on their computers, but not monitor their human behaviour.”
In order to prevent cyber security breaches, IT staff have to understand how hackers or cyber criminals think and how they will enter your organisation. “Your incident response team must understand where your systems can be breached and where your pain points and vulnerabilities are.”
He cautioned that compliance with IT security guidelines was not real security, and that IT needed to protect the business and not only tech assets. “You need to protect the supply chain, your people and business processes, not just your hardware and IT assets.”
This mindset change is part of seeing security as an essential part of the business. “Try and embed a ‘firewall mentality’ among your employees, as technology won’t be able to protect you against all threats,” Denner said.
.City Press is a media partner of the GIBS Forums
Get in touch
|Rise above the clutter | Choose your news | City Press in your inbox|
|City Press is an agenda-setting South African news brand that publishes across platforms. Its flagship print edition is distributed on a Sunday.|