News has emerged that Tracker SA Systems were hacked over the weekend in the form of a ransomware attack.
Heino Gevers, cybersecurity expert at Mimecast, comments: “South African organisations are likely to continue being targeted by cybercriminals until they enhance their security efforts with a comprehensive cyber resilience plan that provides multi-layered security cover and effective business continuity and data recovery capabilities.”
A ransomware attack involves a breach of a company’s IT systems, usually by compromising security systems through an email-distributed threat, with the attackers encrypting and ‘holding hostage’ critical business data until a ransom is paid.
According to Mimecast’s most recent global research, more than 15% of South African organisations reported significant business impact from a successful ransomware attack in the past 12 months, with a further 27% reporting some impact.
Alarmingly, 76% of South African organisations experienced downtime of two to five days following a successful ransomware attack. And for more than 10%, a whole week went by before they returned to a recovered state following a successful email-based attack.
Gevers says from information available in the public domain, the attack disrupted customer access to certain Tracker services.
“Although the extent of the breach still needs to be determined, it is vital that companies that fall victim to cyberattacks disclose this to customers,” he says.
“While there is likely to be some reputational damage – which is usually the case with successful data breaches – customers need to be able to take steps to prevent their personal information from being used for further targeted cyberattacks.”
Gevers adds that under the POPI Act, companies are required to disclose a data breach if there is a loss of personal data. “The Information Regulator can investigate cases retroactively, so even though POPIA is not yet fully in effect, the onus is on companies to maintain a culture of open communication with customers.”
He advises companies to implement a cyber resilience strategy that protects the three zones of email security (at the email perimeter, inside the network and organisation, and beyond the perimeter).
“Companies should have effective security controls in place to detect and protect against a cyberattack, have advanced archiving and business continuity tools that ensure business productivity during an attack, and have the ability to quickly recover data and restore business systems in the wake of a successful cyberattack.”
Gevers adds that ransomware is becoming increasingly sophisticated and cybercriminals are concentrating their efforts on developing this attack method.
“In previous years South African ransomware statistics were lower than global statistics, but it appears that cybercriminals are turning their attention to what they perceive to be soft targets in South Africa. The indications suggest that we can expect an increase in these kinds of attacks in 2020.”
Photo by Markus Spiske on Unsplash / Article by www.it-online.co.za