Pay up or we keep your data locked or expose it on the Internet – either way you are held at ransom, with the result of the entire company being unable to be productive until you have a solution.
The new criminals are faceless and have no discrimination on who they attack. They are in it for the money irrespective of who you are. For most this is a career.
In a study by IBM and the Ponemon Institute in 2017 called the Cost of a Data breach, they identified that the target was Government and Financial services – although these Hackers will take what they can get from any weak IT Security within any organisation irrespective of size. Smaller organisations fall prey as they tend to spend little to no money on Cyber Security.
With these stats – it is not surprising why the Cyber Crime industry is worth $1.5 trillion and growing. The more devices that connect to the Internet, either at the office or at home – the more risk is created.
Internet of Things (IoT) has also recently come under the microscope, where SMART homes and offices that now have IP addresses and connect to the Internet are left unprotected – just waiting for a cyber attack.
The Ponemon report of 2017, also suggested that South Africa, South America and India were the likeliest targets in the coming years. Shortly after the report was released, the Department of Education was hacked, followed by Liberty Life and most recently the City of Johannesburg.
The attackers demand a hefty ransom in the most untraceable manner – Crypto Currency in the form of bitcoins.
Most often organisations are able to recover from tapes and/or or cloud backups and end up not paying the ransom, however small businesses do not always have the knowledge and/or funds to spend on backups, or their backups reside on the same file server and thus also gets encrypted and end up having to pay the ransom in order to obtain decryption keys.
PREVENTION IS BETTER THAN CURE
While the average cost of a data breach in South Africa is between R30 million and R 50 million, it is estimated to grow to double these costs by 2024. No organisation wants to bear the costs of a data breach.
There are some preventative steps that an organisation can take to reduce the risk of an attack and improve the overall Cyber Resilience.
- Deploy an Anti-Virus software on all workstations. Ensure regular updates are done.
- Ensure that all file servers have operating and other system security patches and fixes installed.
- Ensure that your network environment (Firewalls, routers and switches) have updated firmware and also relevant security patches.
- Educate users on Phishing emails and other spam that may infiltrate your system via Malware and ultimately Ransomware.
- Ensure backupss are done,and in the scenario of tapes, that they are stored off-site or in the cloud.
- In the home, ensure your computer has a personal firewall and Anti-Virus software.
- Most homes these days have Wifi – ensure that you have an alpha-numeric password set.
- When using your mobile devices and laptops in public places, be cautious with using free Wifi – these hotspots often have little to no security. Look out for Wifi that has complex passwords and offer security that offers login pages with the Https: at the start of the URL (web site address).
Forvis Mazars has a team of experts who are ready to assist any organisation to improve their Cyber Resilience, Including IT Governance and Data Protection in the form of POPIA and GDPR compliance.
We would be happy to assess your environment and provide a report on how resilient you are.