July 28, 2022
8 out of 10 enterprises have been targeted in cyber attacks
A staggering 80% of South African organisations reported a ransomware attack in the last two years. The country is increasingly falling victim to cyber crime with knock on effects for the economy in terms of lost productivity and revenue. South Africa had over 12 000 ransomware attacks in the first half of 2021 - an indication that enterprises need to take cyber protection seriously.
Despite the introduction of the South African Cybercrimes and Cybersecurity Act, criminalised cyber extortion continues to be a major issue in the country. In Africa, South Africa is the second most targeted country with ransomware among the top five cyber threats. Another major issue is business email compromise. In the past, cyber criminals focused on large, generic attacks, but these days attackers are targeting enterprises more directly. This has much greater potential for damage because advanced, targeted attacks are harder to recover from.
SEACOM Business has a range of cyber security solutions that are designed to prevent, detect and mitigate the effects of targeted cyber attacks. Through advanced filtering and encryption, businesses can keep their digital assets safe with an always-on connectivity and advanced cyber security.
SA enterprises targeted in cyber attacks
Large enterprises are attractive targets for cyber criminals and yet less than half of South African organisations have an effective back-up system or adequate cyber security measures in place. A recent report on email security revealed that businesses faced an average of 11 days of downtime after a ransomware attack. This has a massive impact on productivity. What’s more, there are huge reputational repercussions if customers can’t access the business website or apps for several days on end.
Only 36% of South African companies have a disaster recovery plan. Not only are businesses not investing in the right tools to ward off a cyber attack, but they don't have procedures in place should an attack happen.
Employees need to know how to respond if they suspect a cyber attack, who to report incidents to and how to isolate attacks so that malware and viruses don’t spread across the business network. Improved security controls and awareness training are key factors in fostering a healthy digital ecosystem.
Ransomware in cyber attacks
In the last couple of years, ransomware has affected a number of large South African enterprises both in the public and private sectors. This raises the big question of how to respond to a ransomware attack: to pay or not to pay?
The average ransom paid in South Africa is over R3 million, but this is only part of the cost for recovery. When we add up the cost of ransom with other recovery and remediation costs, the figure is closer to R6 million. The cost of recovery from a ransomware attack doubled from 2020 to 2021, and experts warn that it doesn’t always pay to pay the ransom.
It can take years to recover and rebuild systems when they have been infected with poorly written code. It is difficult to reverse engineer data that has been encrypted by ransomware. In some instances, data recovery is impossible, even when attackers hand over the decryption key. Many organisations believe it to be cheaper to pay ransom, but it is estimated that only 30% of South Africa companies get their data back after succumbing to the extortion demands.
Paying ransom serves to encourage threat actors and fund criminal organisations. Companies with ineffective data recovery strategies and cyber security may find themselves in negotiation with cyber crime gangsters.
Local enterprises targeted in cyber attacks
There have been a number of high profile cyber attacks on South African organisations in recent years. In 2019, Johannesburg’s electricity supplier, City Power, was involved in a ransomware attack. A quarter million residents were affected because the attack prevented customers from buying prepaid electricity.
A couple of years later in 2021, Transnet was debilitated by malware. The logistic company was brought to a halt by an attack, during which ships and trucks could not be processed and the supply chain was massively interrupted. Employees were instructed to shut down devices connected to the Transnet network. There was concern about a lateral spread of the malware into other essential services.
In another high profile attack, cyber criminals demanded R225 million in ransom from Transunion South Africa after compromising four terabytes of data. In this attack, 54 million records of personal data were breached in March 2022.
More recently, in June 2022, one of the largest supermarket chains in Southern Africa, Shoprite, was the target of a ransomware attack. The criminal gang claimed to have 600 gigs of data, including names and ID numbers and asked the supermarket chain to negotiate a ransom deal. In response to this, Shoprite launched an investigation to understand the scope of the incident, with the help of forensic experts and data security professionals.
Cyber security strategies for ransomware attacks
Given the current climate in cyber crime, organisations need to have both a prevention and recovery strategy in place. Prevention includes having secure, automated back-ups in the event that data is lost, tampered with or damaged beyond repair. There needs to be cyber security policies in place within the organisation so that employees are aware of the risks related to downloading attachments, sharing credentials or other ways they might inadvertently expose business networks to cyber crime activities.
Having a clear disaster recovery plan in place is essential so businesses know which law enforcement authorities to contact and how to respond to extortion demands. Increasing the IT spend on security not only gives enterprises access to better cyber security tools, but also enables them to recover in the event of a successful attack. For example, enlisting the services of third-party forensic investigators to understand the scope of the breach and how to address vulnerabilities within the business network.
Enterprises need to use advanced cyber security software from a reputable provider that includes the use of artificial intelligence and machine learning. SEACOM Business provides industry-leading cyber security solutions with world-class levels of threat prevention, detection and response. For more information or to get a quote for our cyber security solutions, email us at email@example.com or leave us a message.
SEACOM owns Africa’s most extensive network of information and communications technology (ICT) infrastructure, including subsea cables and secure internet connections. We offer a diverse range of flexible, scalable and high-quality solutions for businesses that meet world-class standards for connectivity.
SEACOM is privately owned and operated, making it agile and adaptable to the needs of the customer. This makes us the preferred ICT and internet connectivity partner for African businesses and peripheral service providers. We can guarantee high-speed, low-latency and secure internet connections to corporates and small enterprises.
For more information on our internet and voice solutions, follow us on LinkedIn, Facebook or Twitter. Keep an eye on our news section for insightful articles and relevant news stories on African ICT, internet connectivity and our leading cloud and security solutions.
Need internet for your home? Our subsidiary, WonderNet, brings fast and cost-effective broadband internet to all Africans with a fibre-to-the-home offering.