October is International Cyber Security Awareness month, aimed at raising awareness of cyber risks for businesses of all sizes. And for good reason, a study by US cybersecurity firm, Varonis, found that global data breaches exposed 36 billion records in the first half of 2020. The same study found that over a fifth of cyber breaches were caused by phishing attacks and that 95% of cybersecurity breaches are caused by human error. According to Accenture South Africa has the third-highest number of cybercrime victims worldwide and loses around R2.2 billion to cyberattacks every year.
Sizwe Cakwebe, Cyber Risk Manager at SHA Risk Specialists explains that the human element has always been the biggest flaw within any organisation’s computer system or cyber security controls. “Phishing attacks are specifically designed to take advantage of human nature and employee mistakes. Cyber security control mechanisms will always do what they are configured to do, it is the misconfigurations by humans that bring about vulnerabilities. Furthermore, suspicious emails with download instructions and phone calls aimed at getting vital information from employees are still very effective gateways for cyber criminals to gain access to companies’ data.”
He asserts that this is why, over and above a cyber insurance policy, risk management measures such as taking out a professional indemnity policy for professional services, and educating employees and contractors on cyber security risks and preventative measures, as well as their role in protecting the organisations assets and information assets, is crucial.
One of the most significant cyber risks to consider according to Cakwebe, is ransomware. “This is once again something that is affected by the human element. It encompasses elements of data exfiltration and data encryption, and how those seem to play out within the market.”
Furthermore, he says that South African businesses have most definitely seen an uptick in such cases over the past 12 to 18 months. “SHA’s Annual Risk Review, found that 19% of respondents suffered some kind of a ransomware attack, and on average, each ransom was about R50 000. Most of the respondents in this survey were SME’s, hence the fairy low ransom amount, but multiple high-value ransom cases have been well documented in the media in recent months.”
Regarding what businesses should be doing to adapt to the changing risk landscape, Cakwebe says that the answer lies in better technological solutions. “With companies starting to move systems and applications into the cloud and going ever more digital and technological, cyber security is bound to become a critical business risk, more so than it is now. But even more important, businesses have to ensure that their workforce is sufficiently skilled to handle potential cyber threats.”
He recommends that companies begin by looking closely at their basic cyber security measures. “This includes doing regular backups, performing regular security patching, data encryption, anti-virus software, and use of firewalls. Focusing on the human element, ensure that proper passwords are used, and that all employees clearly understand what to do in any situation where they suspect they may been targeted by a phishing attack.”
Cakwebe emphasises that the cyber risk landscape is only gaining momentum. “The one thing that we know for sure is that no company is immune to cybercrime anymore, no matter how big or small, or how much they invest in their IT systems. However, making sure that the human side of your operation is unassailable, can go a long way towards preventing an attack. That’s why it’s vitally important for businesses to educate their employees on the most common risks and how to avoid them,” Cakwebe concludes.