Malawi draws up new cyber security guidelines to protect finance

Batten down
the hatches

Malawi to better
protect finance sector.

Wednesday, Feb 19th

Cybercrime in 2020 – not a question of if, but when

Cybercrime in 2020 – not a question of if, but when

How do you prepare? Simeon Tassev, Managing Director and Qualified Security Assessor at Galix offers his perspective.

The year that was

According to Kaspersky Lab, there were an estimated 13,842 attempted cyberattacks every day in the first quarter of 2019 alone, which represents an increase of 22% over 2018. Hundreds of attacks are perpetrated every hour, and there were several high-profile successes this year.

One of the most publicised was the DDoS attack against the City of Johannesburg in October, which shut down online services. This was the second successful attack on the municipality in a matter of months. In July, Johannesburg City Power was hit by a ransomware attack that left many residents without electricity for several days.

Internet Service Providers (ISPs) AfriHost, Axxess and WebAfrica were also the victims of DDoS attacks in October which affected end-user connectivity, network performance and hosting environments. All of South Africa's big five banks also experienced disruptions in their service resulting from attempted cyberattacks.

What will the new year bring?

The year 2019 proved to be a highly lucrative year for the cybercrime industry, with businesses rather than individuals being the main targets. This is because businesses have large repositories of data and in many instances the means to pay the ransom demanded, so they are more likely to yield profits. In addition, many businesses are seen as soft targets because they have vulnerabilities in their security systems. We can expect that the trend of accelerating attacks that are increasing in sophistication will continue in 2020.

Be prepared - it's not a question of if, but when

While the impact of attacks vary depending on the business and the attack itself, the reality is that it has become a question of 'when' a business will be attacked, not 'if'. Expecting attacks ensures that businesses are more prepared and have adequate controls in place to detect them and stop them before they can cause major damage. A swift response can help to minimise the impact of an attack, and the longer it takes the more damage is done and revenue is lost.

It is imperative for businesses to understand how long it will take them to recover from a backup, the financial impact of this and what the best approach is to handle an attack. While some businesses decide that paying the ransom may be the less disruptive option, this is not typically advisable because it means a business will likely be the target of repeated attacks in future. Aside from the financial implications of recovering data, there are other impacts to consider, such as loss of customer trust.

Basic cybersecurity is critical, otherwise businesses are leaving themselves wide open. However, simply having systems to notify of an attack is not sufficient if you cannot do anything to stop it. Managed services providers can help organisations leverage the solutions and skills one needs to ensure their security posture is adequate for their business needs. It starts with defining a baseline and then shoring up any vulnerabilities to ensure security is maximised in the most cost-effective way. In the case of cybercrime, fortune will favour the prepared. The more difficult your organisation is to breach the less likely you will be to experience successful and repeated attacks.

* By Simeon Tassev, Managing Director and Qualified Security Assessor at Galix.

ALSO ON ITWEB AFRICA

Africa's chance to shine at UK-Africa Summit 2020 Published on 23 January 2020

Twenty-one heads of state from the continent are expected at the investment-focused event on 20 January 2020.

Online publishing platforms - local accounting journal provides a case in point Published on 14 February 2020

SAJAAR, the official scientific research journal of the Southern African Institute of Government Auditors, found a reliable and practical online publishing solution in Sabinet.

Zimbabwe launches first computer plant Published on 20 January 2020

Project is a joint venture between TelOne and Chinese firm Inspur.