Protecting your practice from cyberattacks

Praleena Mudley

On 27 October 2023, we hosted the sixth and final Morningstar South Africa Adviser 2.0 webinar series for the year with a discussion on how to protect your practice and personal information from a potential cyberattack.

During Cyber Security Awareness Month, our guest speaker Brian Pinnock, President of Sales Engineering for EMEA at Mimecast, spoke about the alarming increase in sophisticated cyberattacks in South Africa, the channels criminals are targeting and how to plan your response to these threats.

Cyberattacks and cybercrime have increased exponentially both globally and in South Africa. All sectors have come under attack with the government, finance and banking sectors most publicly affected.

According to Interpol’s African Cyberthreat Assessment Report 2022, a total of 230 million cyber threats were detected in South Africa, 95% of which were e-mail-based attacks.
Online scams, digital extortion, business email compromise, ransomware, phishing and spoofing are just some of the ways criminals infiltrate secure systems for financial gain.

A lack of education and awareness is seen as a key contributing factor to the fragility and susceptibility of the South African market to cybercrime, as most incidents occur due to human error.

South Africa as a cybercrime target

Globally, cybercrime is currently estimated to be worth $8 trillion annually, and South Africa has seen a steady rise in ransomware incidents over the past five years.

“The country’s sophisticated financial system and internet services, and its relatively unsophisticated security defences and legal system mean South Africa does seem to be disproportionately targeted for cybercrime,” Pinnock said.

Employees of local companies receive an attempted attack by email every seven hours. When these attacks do succeed, it takes an average of seven months to detect, and a further two to three months to contain.

Email and collaboration tools as cybercrime channels

While email is often used as the first step in cyber-attacks, there has been a shift to phishing, spoofing and ransomware attacks targeting collaboration tools and social media.

The mass consolidation of users onto cloud platforms such as Microsoft Teams, Zoom, Slack and G Suite, has created systemic risk, and malicious actors target these channels relentlessly, Pinnock explained.

Users aren't as well protected on these channels as they aren't expecting to be attacked, and employees demonstrate measurably riskier behaviour when using these tools, which they assume to be secure.

Simple errors in human behaviour often provide attackers with the opportunity to initiate a cyber-attack. 65% of users click on links sent by their manager and 24% don't check links that are sent via familiar channels and chats. This gives attackers multiple ways to impersonate and continue to execute an attack.

Multi-stage phishing attacks include fake login pages or a link sent via WhatsApp. What often feels like a normal login journey on a collaboration tool is then used to bypass all normal cybersecurity tools and scanners, with the ultimate intention to draw the user past the point where any security tools can protect them, Pinnock said.

Once attackers have compromised an account, their objectives range from credential harvesting, ransomware and data theft to using the organisation as a delivery site to attack other organisations.

Best practice response to an attack

Securing your business against cyber threats is no different to securing your house against intruders, with an electric fence around the perimeter, followed by layers of controls like alarm beams in the garden, burglar bars and armed response.

Like securing your house, it is imperative to understand your risk profile and the critical data your business can't afford to lose.

Security tools to combat attacks, including artificial intelligence and machine learning, are available and used extensively by third-party cybersecurity providers. Data backups and firewalls are also effective tools to overcome data loss or a cyber breach.

Pinnock emphasised the importance of a thorough plan to thwart cyber-attacks: “Everything in cybersecurity is a risk, there are no guarantees.”

When quantifying the cost of a potential cyber-attack, he advised organisations to consider the recovery costs caused by a loss of business as well as brand damage and potential regulatory fines.

Some best practice responses to potential attacks could include the following:

- Practice good cyber hygiene, such as using up-to-date software and appropriate antivirus technology.
- Hold regular security awareness training sessions for your users to avoid high-volume low sophistication attacks.
- Patch all vulnerable software to the latest levels.
- Eliminate any unnecessary access to your system.
- Encrypt sensitive data.
- Maximise the security tools you already have before buying new ones.
- Prioritise email security.
- Prioritise identity and cloud protection.
- Use multi-factor authentication where possible.
- Don't store passwords in browsers and use different passwords for different systems.
- Make everyone in your organisation aware of cybersecurity.
- Consider outsourcing some or all of your cybersecurity to a third-party provider.

“Ultimately, aim for an approach where you have trusted communications channels, savvy people and safe data,” Pinnock concluded.

If you missed this session and would like to view the webinar, all the sessions in the Adviser 2.0 webinar series are hosted on our on-demand page. Simply visit https://mp-morningstar.com/Adviser20OnDemand.