The concept of a crisis and how to manage it isn’t foreign to anyone running a business. Something untoward happens, it affects the business and then there are a host of effects ranging from revenue loss, reputation management and compliance questions.
There is no doubt that doing everything possible to prevent the crisis in the first place and then having a very carefully drafted playbook to activate an appropriate crisis response places a business in a far more favourable position than if it had no plans in place and is reacting in the heat of the moment.
The very idea can give CEOs sleepless nights. Now, consider that we live in times where cyber-attacks are increasing at breakneck speed and that everyone is a potential target. It is plain as day that every business needs a cybersecurity playbook.
Typically, a playbook relates to things you want to standardise and in this instance, it refers to how a business prepares and shores up its defences, as well as how it standardised its incident response procedure according to best practice in a way that results in the least amount of damage to the business.
Some of the most well-known businesses in the world, including in South Africa, have fallen victim to breaches.
Even if the data damage was minor in the greater scheme of things, they have suffered immense reputational and regulatory damage in the form of fines.
Just who are these threat actors? There are those who are in it for the money alone, others who are state-sponsored, some are driven by ideology and some may even be disgruntled staff in your own organisation. In some of the most malicious attacks, competition businesses pay threat actors to bring down a business’s systems to benefit their own.
How do they achieve their goals? If you pay them a ransom, they make money. If you don’t, they will make money selling your data.
They become vindictive and will widely publicise the extent of your data breach. Of course, if you did pay a ransom you will be attacked again because the threat actor knows you pay.
Often, as Armata, when we are called in to do an assessment of an environment after a breach we find that the threat actors have built a backdoor for another attack at a future date. Most times, we find many more areas of vulnerability that no doubt sophisticated hackers would also have spotted.
With this in mind, let’s take a closer look at what a cybersecurity playbook entails. It is a blueprint on how to react to the crisis with a clearly defined procedure. The incident response team is only one aspect.
A proper computer security incident response team (CSIRT) process will include the C-suite and other vital team members, such as those who are responsible for the day-to-day operations, dealing with stakeholders and customers, someone from the legal department, the heads of IT and people who look after the various systems, and marketing and communications. The playbook has clearly defined functions and responsibilities for each of these people.
By way of example, suppose there has been a ransomware attack. The response may look like this:
The attack has only locked us out of our systems, and we can concur that no data has been stolen. The only impact is that it has affected the running of the business and so we either need to restore our systems or pay a ransom.
Legal says, yes we have not lost data so we do not need to report to the regulator about a POPIA breach, but it is advisable to let them know that we have had a ransomware attack and that we are looking at bolstering our security to stop it from happening again.
The CEO asks what would happen if an employee lets the news out and the story gains legs of its own, and so suggests that the business announces the attack publicly, and frames it as a business-impacting event where no customer data was stolen and that it is business as usual pending the restoring of systems.
The communications and PR team drafts the statement and reactive holding statements and manage potential media enquiries.
The business then engages a cybersecurity expert business to come in and run pen tests, analyse the system, and make recommendations on beefing up security and fixing vulnerabilities, or to take over the duties of a managed services arrangement.
The above is only surface-level for illustrative processes but it is useful in explaining the scope of a cybersecurity playbook.
Every organisation should take a moment to look into its own cybersecurity strategy and incident playbook and make sure that it has invested the type of attention it deserves.
Consider that if an organisation is attacked and the regulator finds that it did not take all reasonable steps to protect its systems, it could fall foul of compliance and be liable for massive fines and reputational damage.
Whereas, if the business had been working with an expert partner, those questions would have already been dealt with and the incident response would have been managed correctly.
Always seek out a partner that has experience, across industries and organisation sizes, so that you can get the best possible advice and service to protect your organisation and your customers’ data.
After many years of hearing about the Protection of Personal Information (POPI) Act and the effect it would have on businesses in terms of their responsibility to protect personal data, businesses have finally seen the warning shot fired by the Information Regulator – “Get your house in order or you could easily be next to fall foul of POPI and pay a fine, suffer reputational damage, and even possible criminal liability.”
The Information Regulator dishing out a R5-million (about ₦222,369,208.43) fine to the Department of Justice and Constitutional Development (“Department”) should cause pause for thought for all businesses that process personal information.
Fines can go up to R10-million and there can even be jail time if it is found that there was malicious intent leading to a data breach.
In this instance, the Department was fined over a data breach that occurred about two years ago. Despite receiving an enforcement order, the Department did not comply, leading to the country’s first fine under the POPI Act.
Perhaps the lesson in this is how easily this could have been averted, as it was found that the Department had not renewed licences for cyber security software – something seemingly so simple but which proved to open the door to the hackers.
The obligation in the event of a data breach is to prove that you did everything in your power to prevent the data breach.
In other words, the Information Regulator needs a business to prove that it had put in its best effort to prevent a breach of personal data, and in the case of the Department, it was required to demonstrate the steps it had taken to rectify the problems.
Not renewing licences for cyber security software may seem small, but the consequences can be huge.
There absolutely have to be contingencies in place for businesses of all sizes. For example, a monitoring tool may not necessarily give you protection, but it will point you to where there is unusual activity, which could be the site of a data breach.
The Information Regulator has been informed of thousands upon thousands of data breaches and so this fine is most certainly a warning shot for businesses across industries.
In the modern digital world, cross-border movement of data is not unusual, and the European Regulator has issued very big fines to household names for flouting obligations related to the General Data Protection Regulation (GDPR).
Factoring in exchange rates a fine from that body would be difficult for any organisation to stomach.
As an absolute starting point, businesses should ensure all their software licences are up to date. Just because they don’t see it affecting their business does not mean it shouldn’t be a priority.
It’s important to understand that you need the correct software for your type of business, because not all firewalls or virus protection software are identical, and some are not suitable for certain types of organisations.
This means that there must be a proper assessment of a business’s environment so that it can know exactly what protection is needed.
It may be easy to simply use Google to find tools, but these may not be right for certain environments and may require specialised skills to use.
The prudent thing to do would be to engage with industry experts who can immerse themselves into an environment and advise on exactly what the business needs, from systems to processes and tools.
In the event of a data breach, a business needs to have peace of mind that not only can it recover important data and continue its operations, but it must also be confident that it can prove to the Information Regulator that it did everything reasonably possible to prevent a data breach, while also having the capability and skills to mitigate against future attacks.
Failing to do this turns a business into a sitting duck in an environment where the Information Regulator has shown its teeth.
38% of “Fast” Ransomware Attacks in Report Occurred within 5 Days of Initial Access
“Fast” Ransomware Attacks Hinder Fast Defender Response
Sophos, a global leader in innovating and delivering cybersecurity as a service, has released its Active Adversary Report for Security Practitioners, which found that telemetry logs were missing in nearly 42% of the attack cases studied.
In 82% of these cases, cybercriminals disabled or wiped out the telemetry to hide their tracks.
The report covers Incident Response (IR) cases that Sophos analyzed from January 2022 through the first half of 2023.
Gaps in telemetry decrease much-needed visibility into organizations’ networks and systems, especially since attacker dwell time (the time from initial access to detection) continues to decline, shortening the time defenders have to effectively respond to an incident.
“Time is critical when responding to an active threat; the time between spotting the initial access event and full threat mitigation should be as short as possible. The farther along in the attack chain an attacker makes it, the bigger the headache for responders. Missing telemetry only adds time to remediations that most organizations can’t afford. This is why complete and accurate logging is essential, but we’re seeing that, all too frequently, organizations don’t have the data they need,” said John Shier, field CTO, Sophos.
In the report, Sophos classifies ransomware attacks with a dwell time of less than or equal to five days as “fast attacks,” which accounted for 38% of the cases studied. “Slow” ransomware attacks are those with a dwell time greater than five days, which accounted for 62% of the cases.
When examining these “fast” and “slow” ransomware attacks at a granular level, there was not much variation in the tools, techniques, and living-off-the-land binaries (LOLBins) that attackers deployed, suggesting defenders don’t need to reinvent their defensive strategies as dwell time shrinks. However, defenders do need to be aware that fast attacks and the lack of telemetry can hinder fast response times, leading to more destruction.
“Cybercriminals only innovate when they must, and only to the extent that it gets them to their target. Attackers aren’t going to change what’s working, even if they’re moving faster from access to detection. This is good news for organizations because they don’t have to radically change their defensive strategy as attackers speed up their timelines. The same defenses that detect fast attacks will apply to all attacks, regardless of speed. This includes complete telemetry, robust protections across everything, and ubiquitous monitoring,” said Shier. “The key is increasing friction whenever possible—if you make the attackers’ job harder, then you can add valuable time to respond, stretching out each stage of an attack.
“For example, in the case of a ransomware attack, if you have more friction, then you can delay the time until exfiltration; exfiltration often occurs just before detection and is often the costliest part of the attack. We saw this happen in two incidents of Cuba ransomware. One company (Company A) had continuous monitoring in place with MDR, so we were able to spot the malicious activity and halt the attack within hours to prevent any data from being stolen. Another company (Company B) didn’t have this friction; they didn’t spot the attack until a few weeks after initial access and after Cuba had already successfully exfiltrated 75 gigabytes of sensitive data. They then called in our IR team, and a month later, they were still trying to get back to business as usual.”
The Sophos Active Adversary Report for Security Practitioners is based on 232 Sophos Incident response (IR) cases across 25 sectors from Jan. 1, 2022, to June 30, 2023. Targeted organizations were located in 34 different countries across six continents. Eighty-three percent of cases came from organizations with fewer than 1,000 employees.
The Sophos Active Adversary Report for Security Practitioners provides actionable intelligence on how security practitioners should best shape their defensive strategy.
“Cybervergent is Locally Relevant and Global Competitive” – Omotosho
Cybervergent has rejigged its operations to focus on cybersecurity landscape in Africa and beyond.
With the latest development, Cybervergent has become a locally relevant and global Competitive company that provides automated, AI-powered cybersecurity solutions, to some of the biggest organisations you can ever think about.
Cybervergent logo
Speaking during a media parley at Cybervergent’s headquarters in Lagos, Adetokunbo Omotosho, the Co-founder and Chief Executive Officer, said they have enormous investments as part of their quest to meet the clients’ cybersecurity needs.
Cybervergent recently pivoted from cto Cybervergent, a pioneering technology company dedicated to revolutionising the cybersecurity landscape in Africa.
“This strategic shift marks a significant milestone in our unwavering commitment to pioneer the Africa’s cybersecurity through innovation, automation, and all-encompassing scaled solutions”, said Omotosho.
“For us, Cybervergent represents not just a name change; it embodies the convergence of cutting-edge technology, visionary leadership, and our resolute commitment to safeguarding businesses in the digital age on the continent, starting from Nigeria, Africa’s largest economy.
He said that Cybervergent’s intervention will help to curtail losses incurred by businesses in Nigeria, Africa and beyond as they presently offer services to organisations in three continents.
Meanwhile, this report indicates that in 2018 alone, commercial banks in Nigeria lost a cumulative N15 billion ($39 million) to electronic fraud and cybercrime.
This was a 537 per cent increase on the N2.37 billion loss recorded in 2017. In the same period in 2018, over 25,043 bank customers and depositors lost N1.9 billion to cyber fraud, rising by 55 per cent from the previous year’s 17,600.
“With our refreshed brand identity, we are poised to evolve the cybersecurity landscape, offering a comprehensive suite of solutions designed to thwart cyber threats, streamline security operations, and enhance overall business resilience”.
L-r: Bamidele Obende, Business Lead, Platform Solutions, Cybervergent; Gbemisola Osunrinde, Customer Success Executive, Cybervergent; Ade Bajomo, President, FintechNGR; Adetokunbo Omotosho, Chief Executive Officer/Co-Founder, Cybervergent, and Gbolabo Awelewa, Chief Technology Officer, Cybervergent after the unveiling of Cybervergent, a pioneering technology company revolutionising the cybersecurity landscape in Africa, at the Nigeria Fintech Week 2023 , in Lagos, recently.
The CEO said that they are setting a new standard in the cybersecurity space with the advanced automated platform leveraging artificial intelligence and machine learning algorithms.
This innovative approach, Omotosho said, empowers businesses to fortify their digital assets, detect real-time threats, and respond swiftly to evolving cyber breaches.
Through its proprietary technology, the company ensures seamless integration, allowing organisations to proactively protect their networks, data, and applications from malicious intrusions.
“Our rebranding to Cybervergent signifies a transformative journey from advisory services to a technology powerhouse. Now, our specialised focus on cybersecurity enhances our capabilities to provide tailored, automated solutions addressing the unique challenges faced by modern businesses.
“Cybervergent’s team of seasoned experts and engineers is dedicated to staying ahead of cyber threats, ensuring that businesses are shielded from the ever-evolving digital risk landscape”, he added.
Recently, Cybervergent was certified in the Platinum category by the Great Place to Work Institute following the completion of a full assessment of our work environment and outstanding employee experience.
The award, which is a measurement of an organisation’s Trust Index score, underscores the company’s commitment to the employees as they remain a key driver of its successes.
We all know that public WiFi networks are less secure because you have no idea who else is using them or who set them up.
But how secure is your home WiFi network? Have you taken the time to check that the necessary security protocols are in place to keep your home network secure or do you just rely on the fact that the person from your service provider who set everything up did so with security in mind?
This is an important question to answer when you consider how many different devices we connect to our home WiFi every single day.
From smartphones to security cameras – devices that criminals can use to check if you’re home or that could allow the wrong people to access your credit card information or online banking credentials. And if you work from home, WiFi-related security vulnerabilities can also be a threat to confidential corporate data. But where do the risks lie?
Well, if you freely dish out your WiFi password when different people visit your home, you’re only increasing the likelihood that a hacker could gain access to your network or that one of these visitors clicks on a sinister link and opens you up to greater security-related risks. Similarly, if you live in an environment where homes are very close together – be it a townhouse complex, an estate or block of flats – you could be vulnerable to bandwidth theft if your WiFi network isn’t secured properly. In this scenario, your tech savvy next-door neighbour might be able to access your WiFi and start using your network without your consent.
Prevention is better than cure
We often approach security, be it online or physical, by only ramping things up after an incident because this event highlights its importance.
But this is not the right approach. If you think it’s too much hassle to change your WiFi password or put one or two additional layers of security in place, just imagine the hassle you’ll have to endure to recover stolen funds or to explain to your boss why sensitive company information was leaked. Below are a few simple things you can do to up your WiFi security game right now.
Set up guest WiFi
Today, one of the first things family and friends ask when visiting your home is: “what’s the WiFi password?” But allowing everyone to connect to your network can be a problem.
By setting up a guest WiFi network,separate to your primary network – you’re making sure that visitors can connect without compromising the safety of your home devices.
Consider a VPN
Customers looking for an extra layer of protection might consider a virtual private network or VPN. A VPN protects your online activity by redirecting your Internet connection through a secure server so that your IP address and online activity is hidden.
The benefit of this is that anyone trying to spy on you or access your private data won’t be able to move beyond the VPN’s encryption protocols.
Choose a strong WiFi password
Most WiFi routers come with a default password. If a hacker knows your router manufacturer, guessing the default password is easy enough.
This is why it is so important to change your password and, when you do, make sure that your new wireless network password includes numbers, letters and special characters so that it’s harder for hackers to crack.
You’ve probably heard this story about the importance of choosing a strong password before but it really is one of the simplest things you can do to secure your network in a matter of minutes.
It’s all about making sure that your network is harder to break into than your neighbour’s because hackers will always take the route of least resistance.
In April 2023, Acora conducted a survey that revealed insights into the changing responsibilities of Chief Information Officers (CIOs), focusing on mid-market companies in the UK.
The research included 126 decision-makers from UK-based financial services companies and aimed to identify the difficulties and modifications that resulted from the transition to a hybrid work model after the pandemic.
The survey findings revealed that 65% of IT leaders believe that hybrid working has elevated their role within their respective organisations, and 61% reported additional responsibilities such as direct involvement in due diligence activities.
The study underscores the vital position of cybersecurity within organisations, with 67% of respondents listing it as their top focus area.
This signifies the continued significance of cybersecurity, an issue that previous reports have highlighted as the “big, scary cybersecurity monster”.
Investment in cybersecurity
IT budgets are another focal point in the survey. While 55% of IT leaders predict an increase in their budgets in the coming year, this marks a significant drop from last year’s prediction of 77%.
The use of Managed Service Providers (MSPs) is also on the rise, with 92% of respondents planning to work with them this year. However, there are concerns about MSPs’ ability to support their company’s growth strategy, with 48% expressing apprehension.
Integrated cyber security and IT operations
The role of Managed Service Providers (MSPs) is also projected to increase, with 92% planning to collaborate with MSPs.
However, there is some concern about these providers’ ability to support the company’s growth strategy, with 40% expressing concern and 8% certain they will need to look for other providers.
Diverse patterns are emerging in the management of cybersecurity operations across different organisations.
50% of respondents noted that Cybersecurity Operations and IT operations are managed together as a single in-house department.
32% reported that Cybersecurity operations function as a separate, standalone department within their organisation.
10% have chosen to outsource Cybersecurity and IT operations, which a third-party provider collectively manages.
8% have outsourced Cybersecurity operations to a third-party provider that operates separately.
Interestingly, one in five (20%) respondents indicated that although cybersecurity operations are not an immediate priority, they plan to look into it in the future.
These outsourcing organisations face two significant challenges. Firstly, they need to identify a trusted partner with the right capabilities and reputation that aligns with their current business needs and future growth plans. Secondly, they must navigate the complexities of managing multiple third-party providers. Finding a single partner that can address IT and cybersecurity operations could allow these companies to reap the same benefits as those that control these functions as a single in-house team.
Focus areas for cyber security
Cybersecurity threats are becoming increasingly sophisticated, with attackers using targeted methods to inflict reputational and operational damage. While technology tools are helpful, the complexity of threats necessitates skilled professionals.
However, maintaining an in-house team with the required specialities is often neither practical nor affordable, leading organisations to work with external experts.
The unfolding AI narrative adds to the current climate of uncertainty, requiring IT leaders to step up and guide organisations about its implications and opportunities.
“AI isn’t ‘difficult’ technically,” Lee Ganly Chief Information Officer explains. “The challenges are around intellectual property, security, and policy issues. It’s hard to predict where AI will sit in the wider IT landscape, even this time next year. All we can say for certain is it’s going to be a fascinating journey.”
In 2022, people over the age of 60 lost a combined total of $3.1B to fraudsters and other criminals, the highest amount recorded by far.
103,000 crimes (across 30 categories) were reported and almost 60% of them (accounting for 12 out of the 30 categories) were likely facilitated or made worse by criminals having access to people’s personal data.
Investment scams, a data-enabled crime, affected 4,700 elders in 2022, contributing the loss of almost $1B ($990M) to criminals.
Investment scams were the fastest-growing type of elder fraud after cryptocurrency scams.
Researchers found almost 8,000 people over 60 years old who were affected by a personal data breach.
California was the most affected state, with the average victim losing over $54,000.
Since 2020, the numbers of reported victims have been dropping slightly year-on-year, but total losses have continued to skyrocket regardless.
As information technology advances at a rapid pace, senior citizens are finding themselves increasingly vulnerable to a wave of cybercrimes, especially those involving phishing and fraud.
Despite improvements in digital literacy among the elderly, their limited data security knowledge makes them easy targets for criminals exploiting personal information.
In the latest study conducted by Incogni, it has been revealed that crimes targeting people over 60 have reached alarming levels, with a total loss of $3.1 billion in 2022 alone.
More concerning is the fact that almost 60% of these crimes were facilitated or exacerbated by criminals having access to victims’ personal data.
The research highlights that 12 out of 30 identified crime types, including identity fraud, depend on the availability of victims’ personal information.
Some crimes captured under the elder fraud umbrella, like identity fraud, depend entirely on such data availability.
Key findings from Incogni’s research shed light on the severity of the issue. Investment scams emerged as a significant threat, leading to nearly $1 billion in losses in 2022.
Criminals exploit victims’ income, savings, and asset information, making these scams highly successful and financially devastating for the elderly population.
Tech support scams affected 18,000 individuals over 60 in 2022, highlighting the vulnerability of older adults when it comes to modern technologies.
These scams resulted in total losses of $590 million, emphasizing the urgent need for enhanced digital security measures.
Business Email Compromise (BEC), primarily targeting businesses, also impacted individuals over 60, causing $477 million in losses.
This indicates that older individuals in positions of authority or entrepreneurship are particularly at risk due to their business-related online activities.
Confidence and romance scams, on the other hand, were exacerbated by the loneliness that older individuals too often experience, underlining the need for increased awareness and protection.
These types of scams led to losses of $420 million in 2022, affecting 7,200 elders.
Incogni’s previous study revealed that Americans may benefit significantly from data protection laws, such as the California Consumer Protection Act (CCPA), which restrict the activities of data brokers and might mitigate the risks associated with elder fraud crimes.
“Protecting senior citizens from the rising tide of elder fraud crimes enabled by personal data vulnerabilities is extremely important today – said Darius Belejevas, Head of Incogni. – We encourage lawmakers, businesses, and individuals to come together and implement effective data protection measures to safeguard the elderly population from these harmful scams”.
Incogni’s researchers examined the Annual Reports and Elder Fraud Reports published by the Internet Crime Complaint Center (IC3), a division of the FBI, investigating numbers regarding internet crimes against people over 60.
This information was collected from people reporting such crimes to the IC3. The researchers aggregated yearly losses and victim counts per crime type from these reports with additional supplementation with 2022 data concerning state-level information.
Using the information gathered, Incogni’s researchers explored trends in victim counts and amounts lost per crime type.
They noted crimes exacerbated by private information being made available through data brokers, people search sites and other sources.
The General Data Protection Regulation (GDPR), an EU privacy regulation, has not only redefined the way organizations handle personal data but has also established a framework for enforcing compliance, including the imposition of fines.
This week, Surfshark’s study looked at the 10 most popular social media platforms by monthly active users and whether they’ve been issued any fines for GDPR violations since the regulation came into effect in 2018.
Additionally, the team investigates how many of these fines relate to inadequate protection of children’s data.
Key insights
Out of the top 10 investigated social media platforms, half were fined by European data protection authorities.
In total, there have been 13 fines levied on these platforms (Facebook, Instagram, TikTok, Whatsapp, and X, formerly Twitter), totaling €2.9B.
The remaining 5 social media platforms (YouTube, Snapchat, Pinterest, Reddit, and LinkedIn) did not receive any fines.
Meta-owned social media products (Facebook, Instagram, Whatsapp) feature prominently amongst platforms that have received fines under GDPR, adding up to €2.6 billion.
TikTok received the third highest amount in fines (€360 million), while X (formerly Twitter) received the lowest and only one fine in late 2020, totaling €450k.
Notably, a third (4 out of 13) of all fines handed out to social media platforms are related to mishandling children’s data.
Three of these were given to TikTok (€360M), and one was received by Instagram (€405M). The fines add up to €765M or more than a quarter of the total amount fined to the social media platforms over the 5 years of GDPR.
The first fine related to mishandling children’s data was issued to TikTok in 2021 for failing to have an understandable privacy policy in Dutch.
It was followed by a fine to Instagram in 2022, when business accounts made by children were set to public by default, exposing children’s information without informed consent.
The remaining two fines were issued to TikTok in 2023. The first was for failure to enforce its own policy prohibiting children under 13 from using the platform.
The second — for setting accounts to public by default, exposing children’s data without consent, and for allowing adults to register as parents of child TikTok users without verifying legal guardianship.
Only 24% of Healthcare Organizations Were Able to Disrupt a Ransomware Attack Before Attackers Encrypted Their Data
This is the Lowest Rate of Disruption in 3 Years
Sophos survey
Sophos, a global leader in innovating and delivering cybersecurity as a service, today shared its sector survey report, “The State of Ransomware in Healthcare 2023,” which revealed that, among those organizations surveyed, cybercriminals successfully encrypted data in nearly 75% of ransomware attacks.
This is the highest rate of encryption in the past three years and a significant increase from the 61% of healthcare organizations that reported having their data encrypted last year.
In addition, only 24% of healthcare organizations were able to disrupt a ransomware attack before the attackers encrypted their data—down from 34% in 2022; this is the lowest rate of disruption reported by the sector over the past three years.
Chester Wisniewski, director, field CTO, Sophos
“To me, the percentage of organizations that successfully stop an attack before encryption is a strong indicator of security maturity. For the healthcare sector, however, this number is quite low—only 24%. What’s more, this number is declining, which suggests the sector is actively losing ground against cyberattackers and is increasingly unable to detect and stop an attack in progress.
“Part of the problem is that ransomware attacks continue to grow in sophistication, and the attackers are speeding up their attack timelines. In the latest Active Adversary Report for Tech Leaders, we found that the median time from the start of a ransomware attack to detection was only five days. We also found that 90% of ransomware attacks took place after regular business hours. The ransomware threat has simply become too complex for most companies to go at it alone. All organizations, especially those in healthcare, need to modernize their defensive approach to cybercrime, moving from being solely preventative to actively monitoring and investigating alerts 24/7 and securing outside help in the form of services like managed detection and response (MDR),” said Chester Wisniewski, director, field CTO, Sophos.
Additional key findings from the report include:
In 37% of ransomware attacks where data was successfully encrypted, data was also stolen, suggesting a rise in the “double dip” method
Healthcare organizations are now taking longer to recover, with 47% recovering in a week, compared to 54% last year
The overall number of ransomware attacks against healthcare organizations surveyed declined from 66% in 2022 to 60% this year
Compromised credentials were the number one root cause of ransomware attacks against healthcare organizations, followed by exploits
The number of healthcare organizations surveyed that paid ransom payments declined from 61% last year to 42% this year. This is lower than the cross-sector average of 46%
Sophos survey
“In 2016, the Red Cross Hospital of Córdoba in Spain suffered a ransomware attack that reached servers and encrypted hundreds of files, medical records and other important patient information. It was a major disruption to our operations and interfered with our ability to care for our patients. The stakes are high in ransomware attacks against healthcare organizations—and attackers know that—meaning we’ll always be a target. After this ransomware attack, we worked hard with Tekpyme to bolster our defenses, and now we have reduced our incident response time by 80%. I think the industry as a whole is making improvements, but there is still work to do, because of the constantly changing nature of cybercrime. Hopefully healthcare organizations can leverage the help that is available from security vendors such as Sophos to prevent a very real ‘threat to life’ if systems go offline due to a ransomware attack,” said José Antonio Alcaraz Pérez, head of information systems and communications at Cruz Red Andalusia in Spain.
“Cyberspace today is ripe with technically sophisticated actors looking for vulnerabilities to exploit. What all this translates to is a multidimensional cyberthreat of actors who have the tools to paralyze entire hospitals. Partnering with the private sector is critical to our mission. The information [they] share has real-world impacts and can save real businesses and real lives,” said Christopher Wray, FBI Director.
Sophos recommends the following best practices to help defend against ransomware and other cyberattacks:
Strengthen defensive shields with:
Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-ransomware and anti-exploit capabilities
Adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond
24/7 threat detection, investigation and response, whether delivered in-house or by a specialized Managed Detection and Response (MDR) provider
Optimize attack preparation, including regularly backing up, practicing recovering data from backups and maintaining an up-to-date incident response plan
Maintain security hygiene, including timely patching and regularly reviewing security tool configurations
To learn more about the State of Ransomware in Healthcare 2023, download the full report from Sophos.com.
*The State of Ransomware 2023 survey polled 3,000 IT/cybersecurity leaders in organizations with between 100 and 5,000 employees, including 233 from the healthcare sector, across 14 countries in the Americas, EMEA and Asia Pacific.
The only way to combat the increasing cost of cyberattacks, and the reputational threat that comes with them, is to have solid, internationally accredited, security measures in place as well as going above and beyond these requirements, writes BERNARD van DER MERWE, Information Security Officer at Ecentric Payment Systems.
Depending on who you believe, there are anywhere between 2,000 and 4,000 cyberattacks each day across the globe.
Breaches are not only costly, but also put your reputation at risk. In the payments industry, ensuring integrity and security of consumer data is a critical factor for South African businesses.
International accreditation is key to keeping your data and payments safe ahead of the retail shopping season.
Thankfully, there are improved security standards that will help keep consumers’ money secure, if payment solution providers adhere to them.
A Verizon survey, the Payment Security Report from last year, found that only 27.9% of those companies surveyed were in full compliance with an international payment security standard that is mandatory for the payments industry.
The Payment Card Industry (PCI) Security Standards Council (PCI SSC) has released what is being seen as the biggest update to DSS compliance since DSS was released 18 years ago; Version 4.0. It’s a tough ask to comply though, and companies that transfer money in the payments space need to have it implemented by March next year.
Version 4.0 adds another 63 obligations for accreditation to the current requirements than under the current 3.2.1.
Simply put, without these standards and yearly accreditation, there is a level of risk when transacting. We go through a PCI audit once a year to ensure that we remain qualified so we stay ahead of cyberattacks as much as possible.
This is important when processing 20% of card transactions in South Africa and providing offerings to 65% of the JSE-listed retailers, serving their in-store, online, mobile and omnichannel payment requirements.
Given that we operate in 17 African countries, we have also developed bank-specific as well as business-to-business security measures.
Peer-to-peer payment growth
However, where there is a weak link is when it comes to peer-to-peer (P2P) payments.
Precedence Research states the P2P payment market was worth $2.21 trillion globally and is expected to reach $11.62 trillion by 2032, growing at 10.12% on a compound annual growth rate.
With any advancement comes increased risk. A huge differentiator in trust comes in when banks, for example, can offer this decryption offering, an area in which we specialise.
Driven by the increasing uptake in smartphones and increased broadband penetration, more people are sending money to each other, especially across South Africa’s borders to their families at home.
However, these transactions cannot easily be reversed, meaning that once money has gone to a fraudster, it’s gone.
Yet, not many companies can currently boast P2P security measures, which are absolutely vital considering that this service, allowing people to transfer money to each other, such as via eWallets, is growing rapidly.
A good example is when people buy leather belts or fake rugby jerseys from the side of the road. This is an area in which inhouse software, such as what we have developed, can close the gap.
A costly event
Failure to protect information when money is transferred is not only a reputational risk, but also comes with a fine, if those affected are not notified.
In terms of the Protection of Information Act, companies need to tell those who have been affected by a data breach that their information – specifying the type of data – has been stolen.
While the level of detail varies on a case-by-case basis and is also informed by the measures the company needs to take as well as any action by law enforcement, failure to tell customers means a R10 million fine.
There is a large amount of due diligence to be done when it comes to choosing a payment solutions or gateway provider.
Most may look at the system’s ability to integrate with that of the client, which doesn’t go nearly deep enough. The most important aspect is the level of security, international accreditations, and in-house security developments that are tracking ahead of the rest of the industry.
In the build up to Black Friday and the peak season for South Africa’s retail industry, ensure that security is top of mind when implementing any system, or using one to transfer one, especially one that affects people’s money in a tough socio-economic environment.
Ecobank Nigeria has advised its customers and stakeholders to stay safe online and boost their cybersecurity initiatives against the rising activities of cyber criminals.
In a message to customers via email, as part of the Cybersecurity Awareness Month, the bank enjoined customers to integrate four key measures into their online practices to safeguard their personal data from digital threats.
These include, using strong passwords and/or a password manager, turning on multifactor authentication, recognizing and reporting phishing and regular update of their phone or computer software.
The National Cybersecurity Awareness Month is usually celebrated in October annually. It is a month-long effort dedicated to promoting cybersecurity awareness and education.
It aims to empower individuals and organizations to take proactive steps in safeguarding their digital lives, assets, and sensitive information.
According to Ecobank, customers should be risk aware enough to recognize and report phishing, describing phishing as an attack that attempts to steal money, or identity, by getting bank customers to reveal personal information, such as credit card numbers, bank information, or passwords – via a phishing website or link that poses to be legitimate.
“Cybercriminals typically pretend to be reputable companies, friends, or relatives in a fake message. Be careful if you receive an email or message asking for personal information. If you get this type of message, don’t provide the requested information without confirming that it is legitimate. Also, we advise customers to always use multi-factor authentication to protect their bank accounts and confidential information. Multi-factor authentication acts as an additional layer of security that helps prevent unauthorised users from accessing your accounts, even when the password has been stolen. Multi-factor authentication is a multi-step account login process that requires users to enter more information than just a password. For example, along with the password, users might be asked to enter a code sent to their mobile or email, answer a secret question, or scan a fingerprint”, the bank stated.
Further, Ecobank stressed the need for a strong password, “Your PIN, OTP and passwords should always be kept confidential. For strong passwords, consider using three random words, a mixture of capital letters, special characters and even numbers.” In addition, “You should update your apps and your device’s software as soon as they are available. Updates include protection from viruses and other kinds of malware and often improvements as well as new features.”
The Pan African Bank noted that it continually runs awareness programmes to ensure employees and customers understand the various forms of cybercrime and how to prevent them, stressing that with digital banking being a key pillar of its strategy,
“we must ensure our platforms are well secured to safeguard the integrity of our data. The Bank has heavily invested in training and various forms of capacity building to ensure staff understand cyber related challenges and address them promptly,” the statement added.
The internet has become an integral part of our personal and professional lives, offering numerous advantages while exposing us to various online threats.
Scammers and hackers are relentlessly targeting websites, but why the high interest rate and what can you do to protect it?
Let’s delve into the motives behind these cyber threats and explore proactive measures to safeguard your online presence.
The Digital Goldmine: Your Website
Your website is more than just an online brochure; it’s a digital gateway to your business or personal brand. This virtual space houses valuable information, customer data, and financial transactions. As such, it’s akin to a treasure chest for cybercriminals, making it an enticing target. Here’s why they’re after it:
1. Financial Gain
Money is often the primary motivator for scammers and hackers. They know that your website could hold the key to financial success.
By infiltrating your site, they may gain access to sensitive customer information, payment details, or even the ability to execute fraudulent transactions.
These ill-gotten gains can be lucrative, providing a strong incentive for their malicious activities.
2. Data Theft
In an age where data is more valuable than ever, your website is a data mine waiting to be exploited. Whether personal information, login credentials, or confidential business data, scammers and hackers see your website as a potential goldmine.
Once they have access, they can use this data for identity theft, blackmail, or selling it on the dark web.
3. Reputation Damage
Your website is often the face of your brand or organisation. A successful cyberattack can tarnish your reputation and erode the trust your customers have in you. Hackers may deface your website, post malicious content, or spread false information, causing substantial damage to your image and credibility.
4. Hosting Malicious Content
Some hackers use compromised websites as a platform to host and distribute malicious content. This can include malware, phishing pages, or scams that target unsuspecting visitors. By doing so, they can infect the devices of those who visit your site, furthering their criminal agenda.
5. Ransom Attacks
Ransomware attacks have become increasingly prevalent, with hackers encrypting a website’s data and demanding a ransom for its release.
Falling victim to such an attack can result in significant financial losses and operational disruptions. Businesses often face a dilemma: pay the ransom or suffer the consequences of losing vital data.
How Do They Do It?
Understanding why scammers and hackers target your website is just the first step. It’s equally important to grasp how they go about their nefarious activities. Here are some common tactics they employ:
1. Exploiting Vulnerabilities
Hackers search for weaknesses in your website’s security infrastructure. Outdated software, unpatched plugins, or misconfigured server settings can be entry points for cyberattacks.
Regularly updating and securing your website is crucial to prevent these vulnerabilities from being exploited.
2. Phishing Attacks
Phishing emails or messages can trick you or your staff into revealing login credentials or sensitive information. Once hackers have these details, they can quickly gain unauthorised access to your website.
3. Brute Force Attacks
Hackers may employ automated tools to guess login credentials until they crack the code repeatedly. Weak passwords make this process easier, so using strong, unique passwords and enabling two-factor authentication whenever possible is essential.
4. SQL Injection
SQL injection attacks involve injecting malicious SQL code into forms or URLs to manipulate your website’s database. This can give hackers access to your data or allow them to modify content on your site.
Protecting Your Digital Fortress
Now that we’ve explored why scammers and hackers are after your website and how they operate let’s discuss what you can do to safeguard your digital fortress:
1. Keep Software Updated
Regularly update your website’s content management system, plugins, and themes to patch security vulnerabilities. Enable automatic updates when possible to stay protected against emerging threats.
2. Implement Strong Passwords
Encourage the use of strong, unique passwords for all user accounts. Consider using a password manager to generate and store complex passwords securely. Enable two-factor authentication wherever available.
3. Regular Backups
Frequent backups of your website’s data are crucial. In a cyberattack, you can restore your site to its previous state without paying a ransom. Ensure backups are stored securely, separate from your web server.
4. Web Application Firewall (WAF)
Consider implementing a Web Application Firewall to filter and block malicious traffic. A WAF can identify and block common attack patterns, providing additional protection.
Conclusion
Scammers and hackers target websites for various reasons, ranging from financial gain to reputation damage. Understanding their motives and tactics is crucial for protecting your digital presence.
By implementing robust security measures and staying vigilant, you can fortify your website against these relentless threats and ensure it remains a safe and trustworthy space for your visitors.
As the digitalization era prevails globally, Information Technology (IT) has never been more significant and as such, a top important element for aspiring and successful businesses.
Essentially, it is of great importance now as it continues to excel even at no time than it is today.
As the world slowly responding, particularly, the global south nations, to issues like the existential threat of Artificial intelligence (AI) to humanity, and the question of owning the data within the contextual usage of AI and Data Analytics, for instance, so also and even in a greater proportionality are new threats emerging in the post-digitalization era (PDE).
The Elastic global threat most recently released report that came up with a dreadful outcome. Such remains an apt indicativeness that Linux-based signature events proceeded with an increase from 54.5% last year to 91.2% of all signature telemetry.
The highest investigation as of late noticed 104 remarkable marks by Elastic Security Lab showing that most of the malware was made out of a few exceptionally predominant ransomware families, Gafgyt, Frp, Meterpreter, and BlackCat.
Additionally, more than 33% of all malware tests conveyed to endpoints were related to monetarily spurred dangers.
Ransomware families will generally bunch around the result of a particular gathering or set of noxious thespians that use an unmistakable example of techniques, tactics, and procedures (TTPs). Recognizing these families with explicit names or codenames is significant for following the development of Ransomware families over the long haul and for attribution purposes.
In other words, to get ready for Ransomware, security groups need to find out more about the most dynamic families.
All realized marks related to Ransomware families have abilities, which have been recorded widely by security scientists all around the world, and tirelessly hazardously to most huge IT infrastructural footings.
Trending, the correlation with this is the attainableness, which has more to do with the overall performance and or adoption of Linux-based infrastructure than the threat priorities.
It may also exploit experts’ visibility of Linux-based malware infections, which has been estimated to have risen to about 59.8%. In other words, the conscious effects of new threats also require an urgent response to those introduced new threats.
Ransomware is one such threat – it’s growing and it threatens the very existence of corporations within the digital spaces.
A rolling of economic solutions via digitalization particularly in the global south nations could not but join in the global 20th celebration of Cyber Security Awareness month and thus the modest intervention to examine Ransomware from an awareness perspective as things stand.
Essentially, October 2023 is the 20th Cybersecurity Awareness Month! If playback doesn’t begin pithily, you may have to ensure restarting your gadget, concentrating on security solutions to secure your IT and business technological infrastructures.
With the nature of landscape threats, much has been expounded on solidifying ventures against the danger of Ransomware, yet what might be said about safeguarding supply chains of highly yielding business enterprises?
In a perfect world, each provider has a vigorous security agenda, solid Ransomware protection, and bold strength estimates set up. Sadly, as we have learned despite different dangers, this isn’t true.
Dreadfully, the rise in cybersecurity incidents is accurately evident among African countries with appreciable breaches peculiarities and even experientially advancing in the global north nations.
In the second quarter of 2023, Africa experienced the highest average number of cyberattacks per week per organization, with a 23% increase compared to the same period in 2022. Ransomware contributed over 85% to such cyberattacks triggering data.
Quickly, permit me to say why I divert away from addressing this year’s celebration subject of securing your privacy via password to the subject of Ransomware.
Password mechanism is as old as digitalization itself, and personal and organizational maturity in determining a strongly fortifying password for individuals and businesses are indeed essentially typifying the privacy equations of a system and the associated business culture.
For instance, the recognition of strong passwords remains an active point for businesses and individuals to be part of the chain mechanism to protect the end users as well as the systems.
It is now a bloodline to develop a strong attitude to some with strong passwords, which must be as long as may be permitted, random, unique, and include all four character types (uppercase, lowercase, numbers, and symbols).
Concurrently, Password managers are a robust tool to enable businesses and individuals to create strong passwords for every account within the communication systems as it may be, even with the accentuation of the Bringing Your Own Device (BYOD) phenomenon.
If the need for a strong password has solved the security problems, why the advocacy that businesses and individuals need more than a password to protect online accounts and other associated infrastructures just to make you and your business significantly less likely to get hacked?
Essentially is the fast-evolving need for the two authentication processes on all online accounts that offer it, especially email, social media, and financial accounts.
Undoubtedly, yes, because of remote bad guys and internal collaborations for fraudulent activities that now become the emerging new threats, there is a very urgent awareness of the upping notion to keep someone or something away or prevent something from happening or harming organization tech infrastructures.
When considering Ransomware from two perspectives of the IT and the law enforcement responses, the warding off becomes centrally the winning pot to firmly secure both individual’s and corporations’ IT infrastructures and indeed organisation culture and tech profitability standards.
Several surveys of the activity of security signatures are steadily on the exponentially abrupt rise, showing Ransomware attacks on business and government infrastructures are in ever-increasing peril.
Also, Ransomware is now rated a Deck 1 in most Western nations as remains an ever-emerging national security threat with attacks against businesses and the public sector increasing.
The trending subject is not anything else but the urgency of warding off Ransomware attacks. The fortify side of security should not in any way discount the prevention moves whatsoever. Surveys report outcomes thriving won for the argument that systems could be prevented from Ransomware attacks.
Nonetheless, it is a whiz clot to underline that comprehensive antivirus and anti-malware software are the most common ways to defend against Ransomware. They can examine instantaneously, scan satisfactorily, detect sufficiently, and respond effectively to cyber threats.
Further, reinforcement records, essentially, backup files ought to be properly secured and put away disconnected from the internet or out-of-band, so they can’t be designated by assailants.
Utilizing cloud administrations could help relieve a Ransomware disease, as many hold past variants of records permitting you to move back to a decoded rendition.
Simply, backup files should be suitably safeguarded and stowed offline or out-of-band, so they can’t be targeted by mudslingers and attackers. The use of cloud services could help mitigate a Ransomware malady, as many retain forenamed signature versions of files allowing you to roll back to an unencrypted version.
There are relevant controls as they are called for security best practices to midway avert Ransomware assaults or any such quick arising dangers. It implies shielding or avoiding Ransomware requests a comprehensive, all-hand-on-deck approach that unites the whole corporation’s guard component against noxious assaults of any sort.
Such a system should involve extensively keeping up with reinforcements insightfully; creating plans and strategies versatile to be consistently basically a stride in front of any assaults; checking on port settings basically and keeping up with the ongoing status while working in cloud conditions; solidifying all endpoints during designs; staying up with the latest ought to be done consequently; powerful inside preparing and improvement of safety faculty and giving security mindfulness preparing at acceptance to all new staff and maybe week after week online class on your technique to avert and additionally halting Ransomware in its chases.
Simply, applicable controls are available for security best practices to centrally ward off Ransomware attacks or any such fast-emerging threats. It means defending or warding off Ransomware demands a holistic, all-hand-on-deck technique that brings together the entire organization’s defence mechanism against malicious attacks of any kind.
Such a strategy must entail comprehensively maintaining backups thoughtfully; developing plans and policies adaptable to be always at least a step ahead of any attacks; reviewing port settings essentially and maintaining the current status when working in cloud environments; hardening all endpoints during configurations; keeping systems up-to-date should be done automatically; robust internal training and development of security staff and providing security awareness training at induction to all new staff and perhaps weekly online webinar on your strategy to ward off and or stopping ransomware in its hunts.
A central warding-off system is an implementation of an Intrusion Detection System (IDS) that looks for vicious activity by comparing web gridlock logs, I mean, network track logs to signatures that detect known odious and hurtful shifting.
A robust IDS will update signatures often and alert the business quickly if it detects potential malicious activity.
Decisively, when Ransomware strikes, companies should be advised and researched rapidly. Information shown appropriately that, it ought to take mature institutions not over 10 minutes to inspect an interruption.
Notwithstanding, just 10% of organizations can meet this benchmark practically speaking. Regardless, there is prompt assistance for establishments impacted by Ransomware to investigate inside the tickling of an eye or go from occasion discovery to warning in something like six minutes of malevolent action.
In conclusion, there is immediate help for organizations affected by Ransomware to explore within the tickling of an eye or go from event detection to notification within six minutes of malicious activity.
Taking all control is essentially central to the continuing performance of your business and even the public sector to guarantee the continuous existence of the business and endure the pathway to sustainable development with high profitability.
In recognition of her landmark achievements in the advancement of data privacy and protection, Nigeria has been admitted as a member of Global Privacy Assembly (GPA).
The Nigeria Data Protection Bill assented to by President Bola Ahmed Tinubu, was a major consideration in accrediting Nigeria as a member of the prestigious Assembly.
Similarly, the establishment of the Nigeria Data Protection Commission under the Act as the independent data protection authority for Nigeria is a key index in assessing the adequacy of data protection in a country.
The decision on Nigeria’s accreditation was announced during the 45th Global Privacy Assembly Closed Session, held between October 15th through 20th, 2023 in Bermuda.
GPA, which was instituted in 1979, seeks to provide international platform for coordinating transborder efforts in the advancement of data privacy and protection. It currently comprises 130 Data Protection Authorities from countries around the world. Germany, United Kingdom, Spain, South Africa, Portugal, Canada, Senegal are some of the countries with DPAs in Global Privacy Assembly
Upon receiving the news of Nigeria’s status as a member of the GPA, the National Commissioner/CEO, NDPC, Dr Vincent Olatunji expressed optimism that the effort of the Federal Government on digital transformation is yielding positive results.
He called on stakeholders in the Data Processing ecosystem to maintain high standard of care in handling personal data. This will go a long way in strengthening trust and confidence in Nigeria’s emerging digital economy.
Cybersecurity experts warn users about crypto malware — a new way criminals use their victim’s devices to earn money
A survey by NordVPN showed that every third user is afraid of losing access to the files on their computer due to a cyberattack.
Experts notice that even though the scenario of losing a piece of private information is scary for many people, there are other ways cybercriminals can profit from hacking someone’s device.
“The new type of malware we see spreading is crypto malware. The biggest problem is that it is difficult to detect for an average computer user because no data is lost,” says Adrianus Warmenhoven, cybersecurity advisor at NordVPN. “You may think you don’t need to worry because you don’t own or have never used cryptocurrency. But crypto mining malware doesn’t typically include hackers stealing funds from the victim’s cryptocurrency wallet, just using their device to mine. And as a result — making the victim’s device very slow.”
Criminals mine crypto using their victims’ resources
Mining cryptocurrency requires a lot of computer power to solve complex mathematical puzzles, adding new blocks of transactions to the blockchain.
Once all the problems in a block are solved, the miners get their rewards in cryptocurrency.
However, the problem is that the process is very slow and requires an incredible amount of processing power.
In fact, the electricity a computer generates would probably cost more than the cryptocurrency it could mine. That is why cybercriminals look for ways to mine cryptocurrency using other people’s devices.
By infecting a network of computers with malware , hackers can mine crypto while using their victims’ electricity, devices, and computing power to increase their profits. Victims might not even notice that their device is mining crypto. The only sign may be slower performance and overheated devices.
Some of the ways to detect malware — check if your computer gets hot or slow
“Detecting crypto malware on your device can be very difficult. It’s designed to be as stealthy as possible. However, certain signs can help you determine that your device may have been infected,” says Adrianus Warmenhoven, cybersecurity advisor at NordVPN.
The first sign that your device may be mining some criminal crypto in the background is that the device gets significantly slower. Another sign is an overheated device with the fan always on. Lastly, the CPU (central processing unit) usage will be very high if your device gets infected.
If you want to prevent your device from being infected, here are several actions you can take:
Keep all devices and applications up to date. Crypto malware often uses unpatched flaws in systems. The faster you update your software and operating system, the harder it is for malware to infect your device.
Use antivirus software. Antivirus software, such as NordVPN’s Threat Protection, will scan files you download for malware, making it difficult for cybercriminals to install it on your device. It will also block your access to malicious websites, minimizing the threat of phishing.
Practice good internet behavior. Don’t click on suspicious links, don’t download suspicious documents, and try not to visit untrusted websites. There are many ways in which cryptojacking malware could be delivered.
