R166 trillion threat to business – including in South Africa
Cybercrimes are on the rise and cost the economy billions every year, which means that it is more important than ever for South African businesses to know how to prevent these threats.
This was explained by Investec’s head of information security and governance in South Africa, Noma Hlazo, and her UK counterpart, Tash van den Heever, on the No Ordinary Wednesday podcast.
“When you look at it, in my opinion, they’re definitely increasing,” Hlazo said about this year’s rising number of cybercrimes.
According to Cybersecurity Ventures, cybercrime is predicted to cost the world $9.5 trillion (about R166 trillion) in 2024. In South Africa, the oft-quoted impact of cyber attacks is around R2.2 billion.
“There’s a lot of research that talks about the increase in cyberattacks, and this is not just globally.” She explained that Africa has seen a lot of data breaches and cyber-attacks that have been effective, “and it just continues to increase.”
“So we should be concerned and remain vigilant. It’s a very important part of increasing our cybersecurity in South Africa.”
The landscape of cybercrimes in South Africa is continuously evolving as the technology becomes more sophisticated and the number of potential victims increases yearly.
“Ransomware, for me, still remains a top priority. It continues to be a growing threat with a number of successful ransomware and data breaches related to extortion attacks being reported,” Hlazo said.
“What’s changing now is that the victim profile is actually getting wider. More small non-profit organisations, schools, and legal firms are also getting targeted. So it’s still a big focus area for us.”
The advent of AI has also transformed the space and made cyberattacks more advanced.
“When you look at the trends that are happening now, we also do have a lot of advanced phishing attacks that are leveraging AI capabilities to become more convincing and target people.”
“We have a lot of advanced malware, which is leveraging AI as well to attempt to evade detection.”
Another big issue is business email compromise, where attackers impersonate legitimate contacts to commit fraud.
Supply chain attacks are increasing as well, affecting software and tech providers both globally and in South Africa.
“This is happening globally, but it is impacting South Africa directly and indirectly,” Hlazo said.
Van der Heever explained that the majority of threat actors are actually financially motivated, saying, “Cybercrime is an extremely lucrative business.”
However, while this may be the biggest driving factor behind cybercrimes, cybercriminals may also be motivated by other reasons, like political or social gains, or causing reputational harm.
“What we’re also seeing is the pace, and volume can be attributed to the era we are in at the moment. Today, we’re in an information age where data is available to everyone.”
“It’s been driven by this digital era burst that’s enabled our world to be so interconnected. So, the more information we ourselves make available online, the easier it becomes to target corporate and individuals with real-world context.”
Fortunately, there are steps businesses can take to prevent these attacks.
Hlazo explained that cybercriminals tend to follow the path of least resistance. By ensuring that security measures are in place and that businesses know how to address data breaches, they can make themselves less attractive to attackers.
“Another critical element of ensuring that fishing is not as successful is security awareness,” Van der Heever said.
Phishing prevention is essential, as phishing often serves as a gateway for larger attacks. Businesses should invest in tools to detect phishing attempts and improve their incident response plans.
Another crucial step is security awareness training for employees, which she said companies do not do nearly as often as they should. Educating staff on how to spot phishing emails and how to respond is essential.
Also, informing customers about ongoing phishing threats can help them better protect themselves.
“Another important element is threat-based risk assessments. This helps organisations understand the type of threats and allows them to bring in appropriate security controls for that business and that industry sector.”
“It’s important to know the maturity of the controls and identify the gaps, and this will help you understand what to implement to manage the risks.”
Van der Heever said that understanding the gaps is vital in ensuring businesses know what to implement and how to manage the risks.
Loading ...
