Simon Colman, Business Head of Digital and Financial Lines at SHA Risk Specialists (a division of Santam)
Covid-19 has changed the cybercrime landscape. With more people working remotely, employees are inadvertently creating opportunities for hackers to forge tunnels into company networks through often unsecured connectivity. It can be expected that this trend will continue as businesses adopt hybrid work from home/office strategies. Last year, South Africa had the third highest number of cybercrime victims globally, according to Accenture. Phishing remains a significant trend. And we’re seeing more state-owned entities, banks, law firms, SMEs and healthcare providers get hit. It should be a business imperative to proactively mitigate cybercrime risks.
How SA tracks globally
In 2020, South Africa suffered 577 malware attacks every hour, with fraud via mobile banking apps doubling within a year. Cyber-attack losses totalled R2.2 billion. Due to
less robust cybersecurity systems, Accenture speculates South Africa might be a testing ground for malware. Globally, the country ranks 59th out of 182 countries for cybersecurity, and it comes eighth on the continent.
A slew of recently reported attacks have seen some of the biggest names in banking, insurance, transport and the public sector affected. Most recently, the justice department also announced that it was a victim of a cybercrime this year, demonstrating that no system is safe.
Over the past two years, (SHA Risk Specialists) – a division of Santam – conducted surveys of almost 1600 randomly selected business owners, the vast majority of which were in the SME sector. We found that 30% of these had experienced a cyber-attack within the last 24 months. Another 25% had fallen victim to a ransomware attack. Astonishingly, however, almost 50% of businesses still didn’t believe they were at risk.
This lack of awareness and worrying level of complacency may render South Africans particularly vulnerable. One of the problems might be that the country is so exposed to crime, that incidents that don’t involve violence don’t make the news. So, there’s less awareness of the prevalence of this kind of activity. Many SME business owners also incorrectly assume that the data they hold has no value to hackers and they therefore will not be targeted. The vast majority of SME incidents involve ransomware which is often a completely random attack.
Cybercrime in the current COVID-19 landscape and what to look out for
We are seeing a cybercrime spike. Currently, more people are working from home and connecting back to the office without using VPNs. It’s tricky to detect when data has been compromised – gone are the days of a virus showing up as a blue screen with a smiley face. Now, a trojan or piece of malware lurks unseen in the system, ‘sleeping’ or actively extracting data for an external source.
- Phishing – when a person is targeted via email, phone or text by someone posing as a legitimate (and often known) institution or individual to extract personal information like credit card details or passwords – remains a top trend over this time. Just think about how many emails you receive in a day. Would you be able to spot a cleverly worded request from your ‘boss’ asking for the password for your company site to do some very creditable-seeming updates?
- Ransomware – involves encrypting all the data on a company’s hard drives and servers and demanding a ransom in exchange for its return. This type of cyber- attack is also rife at the moment.
Local banks and the online retail, healthcare and legal sectors are currently being hit hard. Healthcare has always been a big target overseas, so it’s unsurprising this trend is coming to South African shores.
What can be done to mitigate cybercrime?
It starts with awareness training for an entire team, irrespective of company size. Interactive training tools should be explored, as it’s imperative to understand the current cybercrime landscape and trends.
Then it’s about putting proactive mitigation measures in place. Do regular backups and invest in antivirus protection. Our survey found that 25% of SME businesses ended up paying ransoms that averaged about R25 000. Out of the 25% that paid, a further 20% got hit a second time. The first time, hackers attack randomly. The second time, you’re a ‘paying client’ to them. It stands to reason that if regular backups of critical data are not maintained, that the business owner may think the only solution is to pay the ransom.
Those numbers were dwarfed by the cost of business interruption and downtime. About 12% of the victims of cybercrime in our survey experienced business interruption that cost them in excess of a million rand in downtime. Losses can stack up faster than you can imagine.
The important role of the intermediary
It’s crucial to have the right cover in place that combines risk management services and insurance to cover business interruption costs, ransomware, forensic costs and more. We believe that intermediaries will be key in driving broader and sustained awareness around cybercrime. They have an important role to play in educating their clients about the benefits of cyber insurance and explaining how the cover works. Intermediaries add the most value where knowledge and expertise is required to identify risks and find solutions that match client needs. Such knowledge and expertise will, undoubtedly, be required in the case of a complex, emerging and as-yet relatively unfamiliar risk like cybercrime.
Visit www.santam.co.za for more information about Santam’s cybercrime insurance.