South Africa remains a hot target for cyber criminals, with 78% of organisations hit by ransomware in the past year, according to a report released by IT security company Sophos. The State of Ransomware in South Africa 2023’ report is based on a survey of 200 IT professionals in mid-sized organisations in South Africa between January and March 2023. The percentage of organisations targeted is higher than last year’s figure of 51%. Globally, 66% of respondents said their organisation had experienced a ransomware attack in the last twelve months.Exploitation of vulnerabilities was identified as the most common root cause of attack for South African organisations, used in 49% of incidents. Compromised credentials were the second most frequent attack vector, used in 24% of attacks. Moreover, 89% of attacks resulted in data being encrypted. This is higher than the global average of 76%, and a considerable increase from the 45% reported by South African respondents in last year’s survey. Data was also stolen in 35% of attacks where data was encrypted, higher than the global average of 30% , while 100% of South African organisations whose data was encrypted got data back, slightly above the global average of 97%. The survey found that 45% of those that had data encrypted in South Africa paid the ransom, slightly down from both last year’s rate of 49% and the 2023 global average of 47%.
Ransomware as a service
Sophos believes ransomware will remain a serious threat in the foreseeable future, spurred on by growth of the ransomware-as-a-service cyber crime business model. According to this model, operators develop software that is then sold to affiliates who then use it to launch attacks. John Shier, Field CTO, Sophos, says: “The rate of ransomware attacks has levelled off this year and is expected to remain steady for the foreseeable future.” He advises South African businesses to invest in security technologies that will not only make them more resilient to attack but also improve their ability to detect and remediate threats faster.
The company believes cyber security insurance can improve the security posture of an organisation. “This is due to the increased requirements for obtaining a policy,” explains Shier. “Anything that improves the ability to detect, investigate and remediate a cyber attack should be seen as a net positive. However, this is offset by the fact that organisations with a standalone cyber insurance policy are 43% more likely to pay the ransom than organisations with no coverage. While there have been reported cases of cyber criminals using a cyber policy as leverage, it should not deter organisations from obtaining one as it can help with recovery costs.”
Sophos advises businesses to strengthen their defensive shields with:
- Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and zero trust network access (ZTNA) to thwart the abuse of compromised credentials.
- Adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond.
- 24/7 threat detection, investigation, and response, whether delivered in-house or in partnership with a specialist managed detection and response (MDR) service provider.
It also emphasises the need to maintain good security hygiene, including timely patching and regularly reviewing security tool configurations.