South Africa, like the rest of the world, is facing unprecedented cyber-attacks which have resulted in the crime being the fourth most reported economic crime in the country. In the past year alone, over R3 billion has been lost to cybercrime in South Africa. The country’s vulnerability to cyberattacks has led to South Africa being named third on the list of most cyber attacked countries in the world, and first in Africa.
In the past year, one in every three companies in South Africa reported having experienced cybercrime in one way or the other. As companies continue to bleed billions of Rands due to cybercrime, there is still not enough being done by South African companies to ensure they are not the next victims. No company - from the largest banks to the smallest coffee shop – is invulnerable to cybercrime, and a more proactive approach is needed if companies are to avoid falling victim to the next attack.
Graham Croock, Director: IT Audit and BDO Cyber Lab at BDO SA, says whilst companies continue to invest heavily on their IT, not enough of that money is being channelled towards IT security. He has called for a balance in IT spend and IT security. “People never think their business will be the next to fall victim to cybercrime. Companies need to be ready for any attempt of cyberattack against them.”
Croock explains that the battle against cybercrime is not going to be an easy one, as technology continues to advance, the more sophisticated the criminals are becoming. In fact, today’s smartphone has more computing power than NASA used to send three men to the moon during their first expedition. Imagine how advanced the technology is that hackers have at their disposal.
“The criminals that are carrying out these attacks are constantly re-engineering their technology and are on the prowl for their next victim. They operate from coffee shops or even their garages. The software they use to carry out these cyberattacks costs them very little, and at times, they just download the malware for free from the internet and modify it. We are dealing with a big challenge that can be avoided, if companies proactively put systems in place that will prevent them from being the next victim,” says Croock.
Croock states that there is also a misconception that cybercriminals are only out to attack major institutions such as banks and not smaller organisations. “SMEs are far more vulnerable to cyberattacks than bigger institutions. Unfortunately, it is only attacks that happen to major institutions that are publicised, yet SMEs are being attacked far more frequently”. According to a CareersinAudit.com survey, nine in ten SMEs are vulnerable to cyberattacks and other IT threats.
“In terms of good governance, boards of directors need to make a call whether they should make the attacks they have suffered public. There is an unfounded fear that businesses run the risk of reputational damage if they reveal that they have suffered a cyberattack or even an attempt. We believe disclosing such information will not cause any reputational damage, but can help all companies in the long run,” says Croock.
BDO’s Cyber and Forensic Laboratory has found that attacks on traditional IT systems can be devastating, resulting in massive loss of money, privacy and intellectual property for a company. Attacks on the Internet of Things (IoT) potentially threaten business safety and sustainability, and just one attack can have catastrophic consequences for your business. With the number of attacks taking place, it has no longer become a question of whether you will be attacked, but rather when you will be attacked. BDO’s comprehensive cyberattack laboratory is able to tailor-make a unique system that can stop attackers from making you the next victim.