Cyber Security is non-negotiable! Cyber-attacks can affect businesses and individuals in a professional, or personal capacity, with disastrous consequences. While October is National Cyber Security Awareness Month, the seriousness of cyber-crime should always take precedence; particularly in companies where a ‘work-from-anywhere’ culture is the order of the day.

Did you know?

Malware – It has been estimated, that South African businesses suffer 577 malware attacks every hour via online communications. Malware is malicious software such as a virus, worm, spyware, ransomware etc., which are designed to steal information and disrupt or damage a network.
Phishing & Social Engineering – A Mimecast report found that social engineering tactics through phishing increased by 64% in 2020. Phishing is fraudulent emails aimed at getting the receiver to click on a link or download malware. Social engineering refers to the communication tactics a hacker uses to interact with a cyber victim (via telephone, email or social media) and persuades the person into sharing sensitive information, clicking on a link or downloading a file.
Ransomware – The same Mimecast report found that 6 out of every 10 companies experienced a ransomware attack last year. Ransomware is malware that gains access to sensitive information, encrypts it and then sets a ransom amount for the release of said information.
South Africa is a hacker hotspot – Hackers focus a lot of their attention on South Africa, taking advantage of internet users who have a lack of online security awareness. We experience the third highest number of attacks in the world, losing R2.2-billion every year.
The Protection of Personal Information Act (POPIA) holds you accountable – Companies have a responsibility towards their online customers and are required to follow certain protocols to ensure the protection of their personal information. When a company is successfully hacked the business not only suffers financial losses and a tarnished reputation but will also be liable to legal action.

The biggest treat

Securing a company’s network is only part of the solution. Due to cyber-attacks becoming more highly organised and sophisticated, and working-from-home (WFH) on the increase, employees have become a company’s weakest and biggest cyber security risk. According to the 2021 Data Breach Investigations Report (DBIR) 85% of data breaches involve a human element such as phishing, stolen credentials or human error.

Lastpass, an encrypted password manager recently released research done on the password habits of 3750 professionals across seven countries. The Psychology of Passwords research results found that:

65% of respondents use the same or a variation of their password for most accounts;
only 8% think it’s not a good idea to use a password that’s personal to them; and
20% share pictures of their pets with their names on social media even though they use their pet names as passwords.

Even more alarming is that since working remotely, 47% did not change their online security habits whatsoever.

All it takes is one employee’s bad judgement to bring an entire organisation’s defence to its knees. Employees’ online behaviour is therefore a notable threat to businesses, and ongoing cyber security awareness is a must.

Domains.co.za takes cyber security seriously

“It is essential to appoint a cyber security officer that will help set-up and drive your company’s cyber security strategy,” says Laura Kruger, head of client operations at Domains.co.za

“We believe that the best way to combat this threat is to implement on-going training sessions and using practical, real-world examples. An employee who knows what to look out for will be more prepared when suspicious activity occurs. The best and most sophisticated software and scanners are useless if a company neglects to educate its employees. You are only as strong as your weakest link,” she adds.

Next week we will share practical tips for businesses and employees to better prepare against this growing concern.

Follow us on Facebook, Instagram and LinkedIn to receive helpful cyber security tips during our 10 Days of Cyber Security Awareness social media campaign.

Domains.co.za is a domain name and website hosting company based in Johannesburg. We offer various value-added solutions to help our customers succeed online. Our domain validated and organisation validated SSL certificates can help your business secure its website and our ESET Anti-Virus solutions provide device protection.

Learn more about our products and services, here.

Securing corporate perimeter is one of the basic measures a company should take to make sure that nothing threatens its workflow. Although many enterprises are not successful at keeping their network intact. Some organisations

• think of safety instruments only after an incident occurs
• are simply not aware of all the risks
• have been using or are going to use services which might expose them to additional risks
• focus their attention on hackers neglecting internal threats
• are worried about compliance violations and forget about other less relevant but by no means less detrimental breaches

And some happen to trip on almost each of the steps. Computer systems of Johannesburg-Lewiston Area Schools were affected by a ransomware. The insurance provider covered the financial damage although the school wasn’t prepared to deal with the issue and the Superintendent appeared to be unaware of basic cyber incidents that might happen to any organisation.

About a month ago a school technology consultant informed the administrator of a problem impeding file opening. The investigation determined that the attack was coming from Germany.

The school doesn’t store employees’ and students’ data on the servers so personal details weren’t compromised. The school network isn’t fully backed up and corporate devices were impacted significantly making staff members bring their own computers and gadgets — a decision fraught with peril.

Some measures were taken after the violation occurred. The school is going to upgrade antiviruses, create a cloud-based storage securing its protection and focusing their concern on being resistant to ransomware attacks. Anyway, using a Google doc system might keep offenders from harming the server but online storages pose some risks which demand as much attention.

Cloud, antivirus, MSSP, interdicting data transfer

As we can see the organisation:

• reacted to the necessity of improving the risk management mechanisms after a violation had occurred
• claimed to be not prepared to the incident not only due to being insufficiently equipped but also due to being simply unaware of what might happen to their servers
• decided to update its antivirus and relocate the information to online storages overlooking such risks as cloud misconfiguration and data leak as well as the fact that antivirus is only one of many ways to fight cyber attacks
• put all the efforts to ensuring perimeter protection from hackers and didn’t think of securing their environment from insider threats

Besides online storage and antivirus, there are tools and technologies which

- protect you from incidents while compromise your confidentiality or undermine strategic risk assessment

MSSP provides you with an experienced staff aware of every detail about recent threats and regulations and using most relevant tools to safeguard your workflow. But third party consultants know little about your corporate culture, your employees and business processes which have been tuned and customized to fit your needs. Opting for MSSP you should keep in mind that you delegate network monitoring to an intermediary who you are not familiar with and that everything is going to be displayed to the service provider bringing your privacy to zero.

Tools interdicting data transfer, preventing information from being printed or uploaded to a flash drive keep sensitive details within the company’s limits but don’t make you more knowledgeable about your corporate environment and staff members’ communication. Behavior risk management includes possibility of seamless monitoring which facilitates in-depth investigation.

- are nearly inefficient when not integrated as a bundle which comprises a comprehensive solution for both external and internal safety

If you implement a one-sided approach to risk management and address only external threat preventive measures you might flatten your security fortification you have been working on to ensure that your company can fight any offender. Internal control systems are indispensable — they allow you to cover any kind of inside violation thus making you prepared to regulate incidents the source of which is within the company’s perimeter. Employee monitoring software increases significance of that shield which took you efforts to defend your organisation from external attacks.

The core issue many organisations have to recognise is that they are healing symptoms instead of trying to cure provoking factors. A breach occurs, a company fixes it, a problem is solved — a common security misconception. Such a short-sighted tactic keeps you exposed to multiple yet undiscovered threats and makes your efforts look like masking whereas they should be about securing. While you are covering a gap there might appear another one which requires mending with the help of a different instrument.

Tools shielding your perimeter from external attacks will not ensure that your data is intact within the corporate network. Access delimitation will not help when information gets lost, stolen or deliberately leaked. Cryptography will make you theft- or lossproof although it doesn’t guarantee the safety of your documents if someone is willing to disclose their details. The most recent automated compliance management software will put you at the needed level of conformity but focusing on preventive measures that allow you to avoid the biggest penalty will make you let your guard down regarding some latent internal threats.

{pp}Hampton Solutions, the South African distributor of Quick Heal has announced that PC2Mobile Scan now supports more mobile phones in the Quick Heal Total Security product.