For the past five years, cyber risks have been rated as one of the top risks that global businesses face.
On 26 July, it was reported that cyber criminals targeted City Power in Johannesburg and caused a major blackout in the city. The attack caused blackouts across the city as cyber criminals took control of the City’s power servers which prevented residents from purchasing electricity.
CityPower Johannesburg successfully restored its encrypted servers within hours of the security breach being identified.
In an exclusive interview with FAnews, John McLoughlin, MD J2 Software, and Candice Sutherland, a Cyber Insurance Underwriter at iTOO Special Risks, pointed out why this is attack was so significant.
Major risk
In the past, cyber criminals were targeting companies which had specific information that criminals wanted. As a result, the impact of the criminal activity affected a specific number of people.
While the motive has not changed, the attack on City Power is one of the first of its kind on a service provider where the impact of the criminal activity would be indiscriminate and far reaching. This is very scary.
McLoughlin points out that companies need to be aware of the risks they face and how they can counteract them.
“Businesses and individuals share information on a daily basis. If you are not visible online, you are not visible. In the same way your customer will find you online, the attackers do their research this way too. Online information often includes details of customers and successes. The more successful the company and the greater the online activity, the bigger a target they become. Once a company is identified it is easy to target specific individuals at the business. This is initially done through social media sites,” says McLoughlin.
He adds that once this is done, the attacker interacts through email and even by phone. This way, when they deliver an email with a link or malicious attachment, the user is very likely to open it.
Necessary protection
When the threat of cybercrime first came to light, companies were very much of the opinion that they would deal with the issue if they became a victim. However, in the current landscape, it is more a case of when they become a victim. This can be catastrophic if they don’t have the necessary protection in place.
“Attackers first look to gain access. Once they have established access, they are essentially inside the network and can easily find vulnerabilities to exploit. In cases where there is cyber hygiene was not undertaken, this can be a very easy task. The more time attackers spend on the inside, the greater their chances of success. I always recommend that the basics are done without fail. This includes patching machines, devices and applications. Deploying modern end-point protection, internet security and active monitoring. With the basics in place, you need to ensure there is user awareness. The entire system can fall on its face if the people operating it do not know what they need to look out for and what the risks are,” says McLoughlin.
He adds that businesses need to understand that compromise will happen; live with the fact that it is a matter of time until there is an issue. A security layer will fail. “This is why it is critical that each business has a cyber resilience strategy in place. Cyber resilience, when correctly implemented, will ensure that a single failure may lead to a compromise, but this can be identified and stopped before it becomes a full-blown breach,” says McLoughlin.
A booming industry
Cybercrime is a booming industry. Sutherland points out that:
“Traditional liability policies were not designed to respond to intangible losses, so it is imperative to acquire a policy specifically designed to respond to a network breach or privacy breach. Cyber insurance policies were created to cover both events as well as allow access to the correct service providers needed to recover fully from a cyber incident,” says Sutherland.
She adds that a cyber insurance policy extends to cover numerous incidents including but not limited to:
Important questions
Before making any decisions on the physical measures that need to be put into place to combat cyber crime, companies need to assess their business model and establish certain parameters.
Sutherland says that companies need to ask questions like what is the company’s level of dependency on your IT systems? How long would it take the company to recover operations following criminal activity? And what is the company’s daily business interruption exposure?
Editor’s Thoughts:
The attack on City Power is a sobering reminder about the potential havoc cybercrime can cause. Imagine cyber criminals turned their sights on a bigger target, like an SOE that is barely treading water and is dealing with so many other problems that cyber resilience is not a top priority. Please comment below, interact with us on Twitter at @fanews_online or email me your thoughts jonathan@fanews.co.za.
Comment on this post