Page 59 - IRMSA Risk Report 2021
P. 59
MANAGING DIRECTOR
WOLFPACK INFORMATION RISK (PTY) LTD
CRAIG
ROSEWARNE
EXPERT OPINION
Every company, whether big or small, needs to have a
level of cyber security in place: the probability of being In addition to the challenges highlighted above, organisations
attacked is high and constantly increasing. Ransomware, also need to consider the following:
extortion/denial of service, loss of sensitive data impacts • Lack of cyber skills and added to this is the high churn
all organisations, big or small, public or private. Apart from rate of skills.
the financial losses, cyber-attacks can and will result in • Although cyber tools are in place, these are not always
irreparable reputation damage. deployed and managed effectively.
• Senior Executives do not always understand the risk
To fully appreciate the level and extent of the risks, a three- even though they are aware that something has to be
dimensional model, where country risk, organisational risk done.
and individual risk are totally interconnected, needs to be • There is often a disconnect between business and IT. As
adopted. Individuals work for companies and companies organisations become more dependent on technology,
operate within a country. Countries have the added IT risk/cyber risk will become far more important in
responsibility of cyber safety over critical infrastructure terms of guaranteeing availability.
which supports, for example, the banking sector, • Companies at times adopt a “tick the box” attitude
telecommunications, utilities – all of which are open to towards compliance rather than doing things for the
cyber-attacks. Such attacks can have dire economic and right reason.
social impacts at country level. • Most companies currently perform a technical IT risk
analysis but do not always appreciate or understand the
Cyber-crime in South Africa is perpetrated by threat agents business impact and relationship between IT assets and
using the following methods in order of preference: business risks. Consider how the following scenarios
• Professional cyber criminals employing cyber methods would impact your business:
such as financial theft, extortion (business disruption/ • Sensitive customer information is accidentally shared by
information leakage), collusion and scams. These a third party,
organisations are becoming increasingly sophisticated. • Key systems are hacked and information & backups
They operate as large corporations with specialised are encrypted/held ransom
divisions. They are further expanding their operations by • An employee leaks sensitive salary/racial information
identifying channel partners to distribute their malware to the public via social media,
for a share of the proceeds. • Cybercriminals hack the finance department and
• Insiders (hacktivists, disgruntled employees, reckless steal money to fund terrorist activity.
employees, unaware employees and 3 parties)
rd
employing cyber methods such as information Notwithstanding the above challenges, Covid-19 has
leaks (accidental/intentional), fraud, collusion, created a new normal. The increase in working-from-home
social engineering, extortion, dark-web activity and arrangements has expanded the use of potentially vulnerable
ransomware. What is disturbing is the increase in IP services, such as virtual private networks (VPNs) that lack
(Intellectual Property) theft by executives who leave an adequate safeguards, amplifying the threat to individuals and
organisation due to retrenchment. There has been a organisations. A blurring of the line separating corporate and
steady increase in Anton Pillar orders related to IP theft. personal systems heightens the risk of exposing sensitive
• Black-ops (government sponsored attacks, (military/ information not appropriately secured and monitored on
intelligence)) mercenary/black hat hackers, terror personal devices. Organisations cannot merely focus on
groups and hacktivists employing cyber methods such company security; they need to also focus on the people and
as intelligence gathering, intellectual property theft, home aspect of security during and outside working hours.
propaganda and misinformation, critical infrastructure Risk prevention measures should include cyber awareness
damage, terror funding and distributed denial of service. and training, an incident response team, war gaming sessions,
testing from a phishing perspective, improved reporting of
Ransomware in South African is a major issue. A high- suspected weaknesses, users being more aware to check
profile government department with extremely sensitive before clicking on links and improved corporate culture.
information recently experienced a very serious ransomware In other words, a team effort is required in counteracting
attack. A powerful strain of ransomware was used where the cyber-attacks.
modus operandi is to steal the data first and then encrypt.
This means that the cyber victim can be extorted twice; one In conclusion, all organisations need to identify appropriate
to pay for the ransom, and the second to keep quiet and/ technology and process interventions in order to ensure that
or not publish the sensitive data. In this case the sensitive preventive, detective and investigative controls are in place.
'
!"#"$%&"'(#)$&%*
information could severely impact the state’s ability to Spend allocated budgets in the right areas. At a human
! prosecute criminals and impede the fight against corruption resource level, ensure that appropriate cyber-security skill
thus affecting the entire country. sets are put in place.
Sources: Wolfpack Advisory – www.wolfpackrisk.com; Alert Africa (www.alertafrica.com); Sabric - https://www.sabric.co.za/; SonicWall Capture Labs Threat Research; Communi-
cation and Digital Technologies Notice-591
59
