The fresh ransomware attack of unprecedented proportions, estimated to have impacted at least 100 countries, and affecting massive global organisations such as FedEx, Britain’s national health and the German rail network has highlighted the severe implications of cybercrime attacks on businesses. As companies all over the world, including South Africa scramble to ensure their IT systems are robust enough to withstand an attack, Santam says that insuring against cybercrime is critical.
Celeste Buitendag – Cyber Underwriter at SHA Specialist Underwriters, a wholly owned subsidiary of Santam, says over the past 12 months, 38.5% of businesses surveyed by SHA have been struck by cybercrime. This statistic suggests a South African business is now far more likely to fall victim to cybercrime than to a more ‘conventional’ crime like robbery or theft.
Buitendag says that as the recent attacks show, cybercrime is rife and growing. “However, most of the businesses we surveyed still seem to feel relatively impervious to the looming threats. 66% of our sample of 200 still believes they are not at risk of such an attack. “This global attack was indiscriminate against country and business industry and could still directly impact South Africa. Any vulnerability in Microsoft windows in South Africa could have been penetrated.
“It is important to note that ransomware attacks are extremely prevalent in South Africa and we receive on a bi-weekly basis phone calls from businesses following an incident where their computers have been encrypted and a ransom requested in the form of bitcoin currency.”
According to a Security Intelligence article, if cybercrime continues to compound at its current rate, it could be worth $2 trillion by 2019, a threefold increase from 2015.
Buitendag says there is often a perception that cybercriminals only target really big organisations where there is the potential to extort millions. “In effect, the cybercrime world works much like the more ‘conventional’ crime like robbery or theft.. where criminals range from petty thieves through to large organised crime syndicates. Afreelancer who works off his or her laptop in a café is as much at risk of having data seized in a ransomware attack as a large corporate organisation. Ransomware is indiscriminate so long as there is a vulnerability in your computer, such as an update that has not been installed.
“And in fact the ‘one-man-shop’ is probably more likely to pay the ransom because they are less likely to have backed up their data as regularly as a larger company with a full time IT staff complement. This makes them an attractive target, and also explains why the average ransom amount has increased from around $350 to over $1000 (according to the latest report from Symantec).
Buitendag says what makes cybercrime such a complicated issue is that it is shifting moving target with creative and highly sophisticated cybercriminals constantly ‘reinventing the wheel’ to bypass firewalls, anti-virus software and outdated software in their attempts tobefuddle IT professionals.
“The types of crime are myriad. Ransomware attacks involve encrypting all the data on a company’s hard drives and servers, and demanding a ransom in exchange for returning the data. Phishing uses fake e-mail messages to get personal information which is then exploited, whereas hacking involves shutting down or misusing websites or networks, and the list goes on.
“In the US and Europe victims are legally obligated to report an attack and the statistics are staggering. In South Africa, we are not yet compelled to report when there is a date breach or a cyber-attack, so the statistics are likely to be grossly under reported. Even so, 2016 Norton Cybersecurity Insights Report, showed that over 8.8 million South Africans were the target of online or cybercrime in 2016.”
She says statistics are expected to rise when the Protection of Personal Information Act comes into effect , it is anticipated that the Regulator will have finalised the Regulations and processes by the end of 2017. “Once the true picture emerges, hopefully more businesses will start to take the threat more seriously.
“With the rise of the ‘internet of things’ more and more items in our business and private lives have become digitised. This translates to more and more areas of our world becoming vulnerable to cybercriminals. For instance, globally we are seeing an increase in attacks on the computers used to operate factory production lines. When production is shut down, the losses amass rapidly.”
She says according to Security Intelligence, spending on cyber insurance has swelled. In the US spending grew from $1 billion two years ago to $2.5 billion in 2016.
“SHA has been offering cybercrime insurance for three years. To date, the insurance is mostly being sought retrospectively after an initial cybercrime incident has caused losses to a company. We are hopeful more people will protect their business from an incident proactively before the damage is done.”
SHA’s cover is designed to cover the ‘lifespan’ of an attack, says Buitendag. “Our cover is designed to negate the losses to a business in terms of: reputation by covered fees for a public relations service, getting a network up and running by offering access to highly skilled IT professionals and covering the financial losses that the business has experienced. As a stand-alone policy or top-up on an existing policy, cyber cover is a strong pre-emptive strike to ensure a business is less vulnerable in this area.”
Buitendag suggests the following to protect a business or individual from a cyber-attack are:
- A robust back-up strategy that backs up your data daily
- Don’t skimp on IT support
- Get adequate insurance cover
- Update anti-virus software regularly
- Don’t open suspicious e-mails or attachments
- Block unnecessary ports
- Keep operating systems current
- Don’t only back up data, check how to restore this data too
- Ideally keep three copies of data, two locally (such as an external storage device) and one offsite