Cyber Risk – New normal increases vulnerability

Posted on

A recent study indicates that South Africa has emerged as one of the countries that would embrace fully remote work, with 44 percent saying they want to work fully remotely compared to a global average of 24 percent. What risks does this contain for employers?

The Institute of Risk Management (IRMSA) points out the following in their latest Risk Report: “As the digital age accelerates, cybersecurity is more critical than ever.  New working patterns raise concerns about the security of networked technologies and increase the risk of cyber-attacks and data fraud. Cyber risk is no longer just an IT problem, it is an extremely serious threat to the well-being of the country, organisation and the individual.”

According to the Risk Report cyber-attacks and data breaches are on the increase. “Covid-19 has been the catalyst forcing countries, organisations and individuals to embrace digitisation to a far greater extent in a short time frame, thus making us more dependent on technology and far more susceptible to cyber-crime. Rapid rollouts and dramatic surges in the use of technological solutions increase risks of cybercrime, infrastructure overload and breakdown, privacy violations and inequality.”

The fact and figures

Overall, global fraud rates have hit a near-20-year high, with 47% of companies reported to have experienced fraud over the past two years.

Key findings of SonicWall Capture Labs Threat Researchers indicate:

  • 39% decline in malware (4.4 billion YTD); volume down for third consecutive quarter.
  • 40% surge in global ransomware (199.7 million).
  • 19% increase in intrusion attempts (3.5 trillion).
  • 30% rise in IOT malware (32.4 million).
  • 3% growth of encrypted threats (3.2 million).
  • 2% increase in crypto jacking (57.9 million).

Attackers sit on a network for 60-130 days without being detected.

The Alert Africa team has assisted over 100 victims of cybercrime and harassment to date.

The top scams reported are:

  • Internet fraud: sextortion, threats of sharing sensitive photos and scamming via online ads & other services.
  • Hacking/computer-intrusion scams: business emails compromised, social engineering and hacked PC accounts.

Craig Rosewarne, Managing Director of Wolfpack Information Risk (Pty) Ltd agrees that the increase in working-from-home arrangements has expanded the use of potentially vulnerable services, such as virtual private networks (VPNs) that lack adequate safeguards, amplifying the threat to individuals and organisations. “A blurring of the line separating corporate and personal systems heightens the risk of exposing sensitive information not appropriately secured and monitored on personal devices. Organisations cannot merely focus on company security; they need to also focus on the people and home aspect of security during and outside working hours,” he advises.

“Risk prevention measures should include cyber awareness and training, an incident response team, war gaming sessions, testing from a phishing perspective, improved reporting of suspected weaknesses, users being more aware to check before clicking on links and improved corporate culture. In other words, a team effort is required in counteracting cyber-attacks.”

Click here to download a snapshot of Cyber Risks, one of SA’s top identified risks.