Worldwide, cybercrime is reaching astronomical proportions, from threats such as cyber-espionage and industrial espionage, to the chronic problem of malware and phishing. In the past year, there has been a spate of attacks on companies in the USA, including gas companies and military Web sites.
Certainly, it’s a known fact that systematic attacks to gather sensitive trade secrets and passwords have been on-going for years. It’s just becoming more prevalent. And, South Africa is by no means immune, says Dries Morris, operations director at IT security specialist at local IT security services provider, Securicom.
“Cybercrime syndicates are after sensitive trade secrets; patents and intellectual properties not only limited to financial information that they can use or sell. Considering the nature of information they want, South African companies and individuals are at as much of a risk here,” he says.
“As anywhere else in the world. Thousands of South Africans have fallen victim to phishing and other types of cyber fraud, and financial institutions have lost in excess of R80-million and continue to lose money every day as a result. The threat however is not confined to certain types of companies but rather driven by commercial and political gains.
“While the US will spend US$3-billion annually to combat cybercrime and espionage, it is common knowledge that South Africa lacks the budgets and convictions to compete at this level. If countries like the USA aren’t able to stop attacks from happening, where does South Africa stand?” Morris asks.
He says the type of information attackers want to steal is determined by their motivation. For some stealing the CRM database of a company to sell to a competitor or to gain access to the financial systems will be the motivation. For others, just gaining access or altering a Web site is enough.
The loss of sensitive or confidential information can lead to financial losses, penalties and reputational damage. If a data breach results in identity theft or a violation of government or industry compliance regulations, a business could face fines or other civil or criminal prosecution.
In South Africa, the main cybercrime threats are criminal and primarily related to fraud. Phishing is the most common form of attack, with the distribution of malware, such as worms, being the second-biggest problem.
Nevertheless, Morris says both private and public sector companies shouldn’t be blind to the risk of cyber-espionage.
“The mindset that ‘it won’t happen to us’ is actually the greatest threat to companies. Instead of underestimating cyber-related threats, organisations both in the public and private sector should be considering the security measures they have in place to prevent unauthorised access to their information and data leaks.
“Have external professionals probe your defences and point you to where you are falling short; understand the risks associated with mobile devices. We have risk managers from a number of companies buying into the understanding of what the threats are and engaging us to assist in assessing their environments and consulting on best practises. It’s a step in the right direction but it’s still a drop in the ocean.
“More organisations need to mobilise strategies, resources and technologies to address cybercrime because criminal syndicates are becoming increasingly sophisticated and more organised. At the moment, most businesses are extremely vulnerable to attack. Research by one of the world’s top IT security vendors shows that a significant 70% of South African businesses fell prey to some kind of cyber fraud in 2011.
