The recent rise of cyber attacks has become a great concern for everybody across the globe.
In South Africa, global cybersecurity company, Kaspersky Lab reported that malware attacks in South Africa increased by 22% in the first quarter of 2019 compared to the first quarter of 2018.
It was reported that these cyber-attacks involved attacks on critical infrastructure systems like electricity facilities, nuclear facilities, dam control facilities and water treatment facilities.
But really what is the impact of cyber attacks on businesses?
Not only can an information security breach cost your business a ton of money, in many industries such as healthcare, education and financial institutions, data breaches need to be made public under state and federal compliance regulations.
Financial impacts – In June 2016, Standard Bank South Africa was attacked in a coordinated cyber fraud by a Japanese cyber-criminal. It was reported that the bank lost R300m through ATM fraud!
A business that’s suffered a severe cyberattack like the above will still need to spend money on fixing affected computer networks, devices and computer systems.
Reputational Damage – Cybercrime and secured data leaks can damage a company’s reputation. Your customers will lose trust in the company if their personal information is being made public.
Legal consequences of a cyber breach – The law requires that you manage the security of all personal data that you collect. You will definitely pay fines and face regulatory sanctions if this data is for whatever reason compromised by cyber attacks. Especially if the appropriate security measures were not taken.
As a business owner, you have to be very careful when giving your employees access to your network or database. It has been reported that many cyberattacks on companies have been perpetrated by some “inside men”.
This is the leading cause of cyberattacks. It’s common that many businesses that don’t have strict protocols for their employees to follow before opening emails or social media links. Phishing scams have been around for a long time, there’s this new form of phishing called “spear-phishing”. In this attack, the criminal sends an email from an address that appears to be from a trusted source, this tricks the receiver into clicking on the embedded link and, it lets dangerous malware enter the system.
This is a major cause of attacks. Small business owners are often under the impression that cybercriminals will not target them, and are often negligent when it comes to cybersecurity. A common indicator of lack of cybersecurity knowledge at a workplace is when employees choose very easy, predictable passwords to login to a secured company’s system. You can help prevent this with a bit of education and best practice procedures.
Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks
This attack overwhelms a system’s resources either temporarily or permanently, making a machine or computer network resource unavailable for intended users.
This is an attack on a system’s resources. The difference is that it’s launched from multiple systems of other host machines that are infected by malicious software and code and is controlled by the attacker(s).
Man-in-the-middle attack (MitM)
This attack occurs when cybercriminals insert themselves between the communications of the client and the server.
An example of this is the attack on Absa Bank back in 2013:
It started with a refund email from the South African Revenue Service (SARS). The email included login details, which once clicked, would take you to an insecure site hosted outside of the country. It then requested you to log in by entering your password and sending you a Random Verification Number (RVN), which for the transaction was highly unlikely.
It’s important to help your employees identify suspicious behaviour to avoid potential cyber threats for your business.
This the practice of collective sensitive information such as credit card details or a password by disguising oneself as a trusted source. It combines social engineering and technical trickery. They might attach a file with malware codes to an email. It could also be a link to an illegal website that will trick you to download malware or inputting your personal information.
This is when access to a person’s password can be obtained by looking around the person’s desk, ‘‘sniffing’’ the connection to the network to acquire unencrypted passwords.
In May of 2018, the personal data of nearly a million South African drivers who used the website ViewFines, which is used to look for traffic fines was leaked!
The leak included personal information such as ID numbers 😲
Cross-site scripting (XSS) attack
An XSS attack is a client-side code injection attack. This is where attackers use a web application to send malicious code in the form of client-side script to different users.
Be ready to act – your incident response team should identify any data breaches, take care of the damage and possibly recover any stolen data. You should have legal services that will provide advice on the legal implications of a cyber-attack.
Always have a backup – You need to have your backups ready in case you get attacked so that you won’t lose everything should that day arise.
Give employees cybersecurity training – You could consider making cybersecurity-related training a part of your hiring process, such as how to create a proper password, etc.
Clean up the affected systems – This is usually done by cybersecurity experts like us. We will spend time assessing the damage on all systems and networks and provide action items to move forward safely.
Report the incident to the relevant authorities – It’s absolutely essential to make sure you have reported any incident of intrusion to the authorities. This can allow for investigation and also highlight areas in which your security may need an update.
In conclusion, cybercrime is an evolution of traditional crime as we know it. It has a hugely negative impact on economic growth, investment and innovation.
As a business owner, you need to understand the full risk cyber attacks can have on your business from every angle. Cybersecurity should be a top business priority.
Are you ready to reduce your levels of digital risk? Why not schedule a call with us below to see how we can help you.