GRAND HEIST - JSE MAGAZINE

GRAND HEIST

Cybercrime attacks have become faster and more devastating than ever. How can companies keep up and ensure that they – and their customers – are safe?

GRAND HEIST

It’s a quick job. In and out in 17 minutes. Gone before you even know they’re there. They’ll take what they want, leaving no trace. In SA, that’s how long a typical cybercrime attack lasts: just 17 minutes, with the attackers accessing your data at a frightening rate of 9 GB per second.

According to the South African Banking Risk Information Centre (SABRIC), attacks like these cost SA more than R1 billion a year, with the cybercrime rate increasing by almost 30% since 2013.

‘When one looks at the cost implications, it’s difficult to differentiate between direct and indirect costs,’ Susan Potgieter, GM of SABRIC’s commercial crime office, told the SABC last year. ‘With regard to direct costs, it’s the money that you lose at the end of the day. But I’m more concerned about the indirect costs […] because at the end of the day, if you are hacked and your whole IT infrastructure is taken down and all your customer information is stolen, it’s almost impossible to put a number on that monetary damage.’

Three years ago, McAfee regional director for SA and sub-Saharan Africa Trevor Coetzee tried to put a number on it. ‘If cybercrime was a nation, it would have been 27th biggest in terms of GDP and cost the global economy $445 billion a year,’ he told HTXT. ‘In South Africa, cybercrime has an economic impact equal to 0.14% of the national GDP – about R5.8 billion a year.’ Again, that was three years ago.

‘The South African organisation has to assess its security footprint to ensure it is prepared for the worst. And the worst is here,’ says Ralph Berndt, sales and marketing director at internet service provider Syrex. The 2015 IBM Cost of Data Breach study found that the consolidated total cost of a data breach now sits at $3.8 million, with the price tag on lost business an expensive average of $1.57 million.

Add to this mix the fact that, according to the SANS Institute, many organisations do not have the staff required to perform 24/7 network, systems infrastructure and security monitoring. ‘The result is organisations that are battling to keep up with the threats on the horizon.’

Given the complexity and pace at which cybercrime is growing, it’s little surprise that businesses are struggling to keep up. Jason Dover, director at global application delivery control firm KEMP Technologies, says that attackers are becoming more sophisticated in their mission to access sensitive data. ‘The advanced persistent threat is not against a single piece of technology. Instead it looks for the weakest link, from the application software itself to computer, storage and networking stacks,’ he says. ‘Traditional techniques, such as firewalls and antivirus are no longer sufficient to protect the ever-expanding attack surface.

‘As such, when it comes to protecting the network, one could argue that a “defence in breadth” strategy is required to complement the traditional “defence in depth” approach.’ By this he means any application that is exposed to the internet must be protected from unauthorised users. However, Dover says it’s not only applications that are at risk.

‘Users are also at risk. And in turn, the network itself is at risk from users. Basic education on how to protect personal information and avoid common pitfalls such as phishing and malware can help, but the sophistication of assaults on users is increasing all the time. Simple passwords are no longer adequate and need to be replaced with more secure multi-factor authentication,’ he says.

‘Malware detection is then required both within the network and on the huge variety of end-user devices. Given the number of different operating system versions and rapid release cycles in the phone and tablet world, the topic of bring-your-own-device requires significant attention, especially when compliance to legislation – such as that found in healthcare and finance – is required.’

Kevin Hall, national sales manager at Johannesburg-based ICT firm Elingo, has a colourful way of explaining how – and why – cybersecurity has become such a key issue for African business.

‘In a global context, the security of information is becoming more and more difficult to manage and control. The increase of information, and the rapid creation of data then creates a need for storage, which in turn makes us vulnerable to security issues,’ he says.

‘Let’s liken the info to grain. As the population increases, people need more food, which means silos need to store more grain to feed this population. However, due to the dependence on these grain storage silos, the world needs to create more security to ensure food security is not affected.

‘The same rules apply to data and any other commodity. South Africa is becoming a hotspot for cybercrime as our internet usage and users start increasing. The very fact that mobile data is shooting into the stars is creating growth that will require planning and careful consideration.

‘In the African context, users prefer mobile devices and other wireless modes of connectivity. One would need to look at the users of these devices and understand how security concerns can be dealt with on mobile devices without affecting the usability and effectiveness of these applications,’ says Hall. ‘Business users will simply start turning off security features if they believe the devices are not performing. One needs to educate and explain the risks of data protection to these users, and suggest some alternatives if they are having a bad user experience.’

Cloud computing has only made things more complicated. Before the cloud, the main security focus of a company’s IT department would be on securing the internal network, making sure data was secured and backed up on internal servers. Now, with data being stored in the cloud, there is a whole new level of complexity and new issues need to be considered. What data should you back up to the cloud? What data should you encrypt? And when should you encrypt it?

‘Most IT professionals will say “when in doubt, encrypt”,’ says Hall. ‘And although this is sound advice, one needs to look at the information before making a decision. Just ask a simple question: what would happen if our competitors received this information?

‘In some cases, marketing material, company flyers and different company-specific information would almost have no value to anybody outside your company. In this situation, evaluate the risk and then we suggest create different risk profiles based on the data.’

Hall recommends encrypting files before uploading them to the cloud. ‘Most of the data theft will happen in the transmission of the data over the web. For the cybercriminal, it’s much easier to intercept traversing data,’ he says.

UK-based Redstor is one of the world’s leading cloud backup solutions providers. Phillip de Bruyn, customer experience manager at Redstor in SA, agrees that cloud computing has made data more complicated. He argues that a cloud backup strategy is more mental as opposed to technical.

‘The principles remain the same, with the environment being the key difference,’ he says. ‘Traditionally, backups were more physical and required less virtual thinking. Now it is all about looking at the possibilities without having to be concerned about the infrastructure.

‘In many respects, using the cloud is becoming the “new traditional” way of backing up. We are moving beyond relying on a physical environment to one that is more out-of-the-box and requires less infrastructure,’ he says.

The way De Bruyn sees it, the issue isn’t just about where the data is stored. It’s also about how that data is accessed – and how frequently. ‘Users want access to information in real time, and they expect a similar experience from backups,’ he says.

‘It’s no longer good enough to restore information in a couple of hours’ time – the connected business demands a response time of 15 minutes or less.’

Fifteen minutes to access even the most obscure archived data. It sounds like a short space of time, until you consider the number we began with. Seventeen minutes to execute a cyberattack, with your organisation’s information stolen, lost or compromised in less time than it took you to read this article.

By Mark van Dijk
Image: Andreas Eiselen/HMimages