Intel’s recent “Global Cost of Cyber-Crime Report” shows that the economic impact of cyber-crime in South Africa is equivalent to 0.14% of the country’s GDP. This is roughly R5.8 billion a year and growing.
According to security experts, neither government nor business are combatting cyber-crime correctly. This is mainly due to a shortage of skills and a lack of urgency in taking action against cybercriminals. Prevention is better than cure and South Africans must be made aware of these crimes and how to prevent them.
Industry reports indicate that South Africa has the third-highest number of cybercrime victims, after Russia and China. The most common cyber-attacks locally are related to phishing. “South Africa is the second most targeted country globally when it comes to Phishing attacks,” says Drew van Vuuren, CEO of information security and privacy practice, 4Di Privaca.
Phishing is a form of e-mail deception where cyber-criminals attempt to obtain sensitive information or cause disruption to an organisation’s business operations; it involves sending emails to users in order to steal their personal information such as bank account details, credit card information or any other information that could be useful.
Organisations can reduce potential risk to their businesses by improving on three key areas;
- Prevention – can be broken up into two critical elements;
i) Education – involves teaching employees and users, it is crucial to understand the risks involved in cyber-attacks and what they can do to assist in avoiding these attacks. Users and employees must also understand that information and data cannot be shared freely and verification is vital to ensure security. The most common hacking tactics involve staff members; phishing, social engineering or packet sniffing. By creating awareness within a company, firms can protect themselves against possible attacks.
ii) Network and end-user security –installing a business-class antivirus and making sure your computer is “properly patched and updated” is a necessary step towards being fully protected. Antivirus software protects data against malware and possible attacks. Network management solutions such as Panda Cloud Systems Management include features like patch management to help ensure all the machines are up-to-date. Most of today’s malware works by exploiting unpatched software vulnerabilities.
- Detection – is purely based on the security solution that the company has implemented, top vendors pride themselves on their detection rates. Corporate AV solutions also provide logs and reports that can indicate irregular patterns or unusual activity.
- Response – involves implementing a strategic plan as soon as evidence of an attack appears. If an attack occurs, an organisation should be able to isolate the targeted/affected area and disconnect it from the rest of the network to avoid further compromise. When developing a response/recovery plan, a company should treat the strategy as an ongoing solution and not just as a once-off tactic.
It is vital that individuals, businesses and governments arm themselves against the rising plague of cyber threats. Cybercrime is a growing issue in South Africans need to be more aware of the risks.