Even if you have great cybersecurity measures in place and don’t think that you’re vulnerable to attack, it’s a hard fact that you may find yourself in a vulnerable position. Everyone can.
As you will see, some of the most famous brands around the world and locally have come under attack, sometimes via third-party providers with less stringent security measures.
And they’ve suffered heavily – in terms of lost revenue and information, remedial costs and reputational damage.
What is cybersecurity?
Cybersecurity is the protection of Internet-connected systems, including hardware, software and data, from cyber-attacks. The goal of cybersecurity is to limit risk and protect IT assets from attackers with malicious intent.
Cybersecurity best practices can, and should, be implemented by large and small organisations, employees and individuals.
What can cybersecurity prevent?
Cybersecurity helps prevent data breaches, identity theft and ransomware attacks, as well as aiding in risk management. When an organisation has a strong sense of network security and an effective incident response plan, it is better able to prevent and mitigate cyber-attacks.
Types of cybersecurity threats
- Malware: a form of malicious software in which any file or program can be used to harm a computer user, such as worms, computer viruses, Trojan horses and spyware
- Ransomware: a type of malware that involves an attacker locking the victim’s computer system files – typically through encryption – and demanding a payment to decrypt and unlock them
- Social engineering: an attack that relies on human interaction to trick users into breaking security procedures to gain sensitive information that is typically protected
- Phishing: a form of fraud in which falsified emails are sent that resemble emails from reputable sources; however, the intention of these emails is to steal sensitive data, such as credit card or login information
Ransomware attacks are rampant in South Africa and becoming more sophisticated, as hackers try to encrypt both production and back-up environments – and the value of ransom demands is climbing. There has also been a spike in incidents where business emails are compromised to enable fund transfers into incorrect accounts.
Recent cyber attacks
These are just a few of the cyber-related incidents that took place in 2019 and early 2020:
- Hackers stole 1.7-million Nedbank in February) by breaching the systems of a third-party service provider that sends SMS and email marketing information for the bank
- The City of Johannesburg estimates it lost R50-million in October last year when it fell victim to a ransomware attack (see the video embedded in our previous communication about cybersecurity)
- Three months before that, Johannesburg electricity utility City Power also fell victim to a ransomware attack, which briefly encrypted its databases and prevented customers from accessing its website and buying power units
- Insurance giant Liberty is still investigating a ransomware attack that happened in June 2018. The hackers claimed to have accessed 40TB of data, including customer and financial data – but never made good on their threat to release it
- The UK Labour Party’s computer systems were brought down by a major dedicated denial of service (DDoS) attack
- Staff at money transfer service Travelex, and the UK’s Redcar and Cleveland Borough Council, had to resort to using old-fashioned pen and paper after they suffered ransomware attacks
- Four subcontractors of aircraft manufacturer Airbus were attacked by hackers seeking commercial secrets
- Chinese tech company Huawei accused the US government of hacking into its systems to disrupt its operations
- In turn, China was accused of distributing malware to its Uighur minority population using exploits for Apple, Google and Windows phones
- Suspected state-sponsored and non-state hackers from countries such as China, Russia, the US, Iran, Vietnam and North Korea were accused in 2019 of a plethora of attacks on government, military, energy, university, health, financial services, retail, corporate, dissident and media targets in other countries, mainly to steal information or demand ransoms
- An Israeli cybersecurity firm sold spyware that exploited a vulnerability in WhatsApp, which was apparently used to target human rights activists, and government and military officials in at least 20 countries
Let’s work together with Itoo (Hollard) to become cyber-savvy!