Introduction
Cyber security is the coordinated efforts of a body of technologies and processes aimed at protecting hardware, software and data from unauthorized access, modification, damage and deletion. It is the digital data that is stored, transmitted and in use on servers, networks or computers/devices that ultimately requires protection. This can no longer be regarded as just an IT issue, and is increasingly being recognized to be a much broader business issue. Cyber security is relevant and necessary at all levels, to protect personal information in a private capacity and, largely at a Government level, to protect against cyber terrorism and the access of sensitive national information.
There is significant interest in the marketplace about business’ abilities to appropriately deal with cyberattacks and breaches. Businesses within certain sectors of the economy, such as the financial sector, generally have sophisticated teams dedicated to building threat intelligence agendas and infrastructures. In such businesses, the strength of their cyber security capabilities provides a competitive advantage within the market.
Quantifying cybersecurity breaches in South Africa
Why cybersecurity is so important
The sheer volume of threats is increasing rapidly. According to the report by McAfee, cybercrime stood at over $400 billion in 2019, while it was $250 billion two years ago. As demonstrated in the figures above, cyberattacks can be extremely expensive for businesses to endure. In addition to financial damage suffered by the business, a data breach can also inflict reputational damage. Cybercriminals are using increasingly sophisticated ways to initiate cyberattacks which are becoming progressively destructive. New regulations such as the Protection of Personal Information Act (POPIA), force business and governments to take better care of the personal information they hold.
The potential targets for cyberattacks
Any and all devices connected over the Internet or devices shared between users are potential targets for attackers.
Cybercriminals attack an individual user’s privacy, steal passwords, empty bank accounts or shop at the expense of the victim. The many connected devices used by individuals — including devices such as routers, tablets, CCTV cameras or PCs — if not appropriately secured, can be hijacked or attacked by cyber criminals.
Attackers try to steal business andpersonal secrets through infecting connected devices with viruses retrieving personal or business data and using this information to sabotage a business or access banking accounts or other information. In the case of attacking a state’s infrastructure, power grids (such as in Ukraine in 2015) and even the entire Internet of another country (as was the case in Estonia in 2007) have been crippled.
Types of Viruses
Cybercrime and cyber attackers are always changing their approach as systems change. There are a variety of approaches used by cybercriminals to infect and access your personal and business devices. Shown below are some of the more common types of cyberthreats:
Basic principles to protect yourself and your business
1) Antivirus software
Antivirus software is a program or set of programs that are designed to prevent, search for, detect, and remove software viruses, and other malicious software like worms, trojans, adware, and more. It is important that all computers and mobile devices have some sort of antivirus software installed and this is updated regularly. Without this basic level of protection, your computer may be infected within minutes of accessing the internet.
Antivirus software providers release regular updates to ensure that they can detect and protect you from any possible attacks. Businesses and individuals must ensure that antivirus software is constantly updated as cyber criminals continuously look for new ways of breaching these anti-viruses and accessing your information. There are some credible free antivirus packages, as well as paid / subscription services.
2) External devices
Attackers can use USB and external hard-drives to infect computers with malware that can detect when the USB/external drive is plugged into a computer. The malware then downloads a malicious code onto the drive. When the USB/external drive is plugged into another computer, the malware infects that computer as well.
Here are a few tips to protect your data:
3) Public WiFi
Along with the convenience of public WiFi hotspots be aware that they can also provide an easy way for identity thieves and cybercriminals to monitor what you’re doing online and to steal your passwords, your personal information, or both. Never assume that a public WiFi network is safe or secure.
Follow these simple steps to protect yourself when using public WiFi:
Password Protection
A strong password provides protection from fraud and identity theft. Breaking passwords could cause personal and financial complications to a business and individual. Guessing passwords is one of the most common ways hackers break into computers. It is critical that individuals use strong secure passwords on their personal and business devices, as well as on registered websites and apps i.e banking, email accounts etc.
Here are some suggestions to create a strong password:
The Golden Rule of cybersecurity
The Golden Rule of cybersecurity is to be ever-vigilant. Criminals are forever looking for new ways to separate you from your assets— money, data, identity and other. At each turn, pause to consider what information you are providing, who is asking for it, and how it is being sought.
Additional resources
As more people and businesses embrace and adopt digital technologies accelerated by the Fourth Industrial Revolution and most recently the COVID-19 pandemic, it is essential that cybersecurity risks are understood and mitigated. In support of this, please listen to the webinar on cybersecurity (https://www.westerncape.gov.za/site-page/godigital-webinars), brought to you by the Department of Economic Development and Tourism, Digital Economy team.
Many other resources are available to research and read online, alternatively contact a cybersecurity specialist or company to help you determine any potential security gaps in your business and how best to alleviate and prevent them.
References
https://enterprise.verizon.com/resources/reports/dbir/
https://www.malwarebytes.com/cybersecurity/