Page 58 - IRMSA Risk Report 2021

P. 58

3.11

CYBER RISK

As the digital age accelerates, cybersecurity is more critical than ever. New working patterns raise concerns about the security of
networked technologies and increase the risk of cyberattacks and data fraud. Cyber risk is no longer just an IT problem; it is an
extremely serious threat to the well-being of a country, organisation and the individual.

SCENARIOS FLAGS SUCCESS STORIES
COUNTRY FLAGS C F
OWNING OUR FUTURE
1. LEADERSHIP The South African Banking Risk
Information Centre (SABRIC), a Non-Profit
2. INSTITUTIONAL CAPACITY Company formed by major SA Banks to
3. POLITICS initially assist the Banking and Cash in
transit industries combat organised bank-
4. SOCIAL COHESION related crimes. They have adapted to
5. NATIONAL POLICY become Africa’s trusted financial crime
risk information centre leveraging on
6. SERVICE DELIVERY strategic partnerships.
It was no small feat to bring financial
7. INEQUALITY
competitors together to share sensitive
8. ECONOMY incident information in the spirit of
PERPETUAL FAKE IT UNTIL WE collaboration. While there have been
HANGOVER MAKE IT, OR NOT 9. GLOBAL TRENDS challenges along the way, I believe the
10. CLIMATE benefits are now realised by the financial
sector and the country as a whole.
C – CURRENT (2020/21) F – FUTURE (2030)
Cyber-attacks and data breaches are on the increase. Covid-19 has been the catalyst forcing countries, organisations and individuals to
embrace digitisation to a far greater extent in a short time frame, thus making us more dependent on technology and far more susceptible
to cyber-crime. Rapid rollouts and dramatic surges in the use of technological solutions increase risks of cybercrime, infrastructure overload
and breakdown, privacy violations and inequality.

TOP 5 CHALLENGES TO ACHIEVING TOP 5 RISK TREATMENT OPTIONS AND
TARGETS OPPORTUNITIES
1. Vulnerable Services: Expanded use of potentially
vulnerable services, such as virtual private networks 1. Identify appropriate technology and process interventions
(VPNs) that lack adequate safeguards due to increased in order to optimise preventive, detective and investigative
controls in your environment.
working from home.
2. Allocate adequate funds and resources to implement
2. Legislation: Ineffective legislative and regulatory much needed legal and regulatory reform measures and
processes, as well as poor and often delayed reduce bureaucracy to ensure that critical legislation is
implemented timeously. Introduce legislation in South
implementation.
Africa compelling organisations to declare cyber attacks/
incidents
3. Sophisticated cyber-criminal operations run like 3. Public and private organisations will need specialised
large corporates, with specialised divisions targeting
governments, companies, NGOs and individuals for skills dealing with cybersecurity. Not just an IT
considerable amounts of money. responsibility. It is much wider.
4. Monitor and report cyber-attacks and breaches at senior
4. Poor cyber security awareness and implementation, levels rather than just being an IT incident and an IT
problem. Set up an incident response team. Invest in
specifically exposing sensitive information.
detective controls detect and remove attackers from
networks and systems as soon as possible.
5. Increased complexity, dependency and larger footprint, 5. Holistic approach to security, which includes due diligence
as more organisations make use of third-party service on third party contractual obligations, accountability and
and shadow IT (cloud services). liability.

FACTS AND FIGURES
Overall, global fraud rates have hit a near-20-year high, with 47% of companies reported to have experienced fraud
over the past two years.
SonicWall Capture Labs Threat Researchers’ key findings:
39% decline in malware (4.4 billion YTD); volume down for third consecutive quarter.
• 40% surge in global ransomware (199.7 million).
• 19% increase in intrusion attempts (3.5 trillion).
• 30% rise in IOT malware (32.4 million).
• 3% growth of encrypted threats (3.2 million).
• 2% increase in crypto jacking (57.9 million).
Attackers sit on a network for 60-130 days without being detected.
The Alert Africa team has assisted over 100 victims of cybercrime and harassment to date. The top scams reported are:
Internet fraud: sextortion, threats of sharing sensitive photos and scamming via online ads & other services.
Hacking/computer-intrusion scams: business emails compromised, social engineering and hacked PC accounts.
Source: Alert Africa (www.alertafrica.com), SonicWall Capture Labs Threat Research

53 54 55 56 57 58 59 60 61 62 63