COVID-19 has thrown our world around. Attending conferences, seminars, training sessions, client lunches/launches and award dinners is the norm for certain industries, and suddenly, the carpet gets pulled out from underneath us and we have to adapt like never before.

The economic impact is something we don’t ever want to think about… typical businesses that might not survive this are events companies, conference venues, caterers, restaurants and photographers, to name but a few. What will the long-term impact be?

Did you think that we would ever have to start implementing technology at the rate we are forced to now? Remote working, closure of schools and childcare facilities, no face to face meetings, etc.

On the same note, when we look at remote working, cyber threats can’t be left out of the equation with organisations weighing up benefits for employees to work from home to combat the COVID-19 epidemic. With more people working remotely and relying on online platforms, new cyber threats are emerging, and organisations should get strategies in place. Reams of sensitive organisational data will be put at risk if organisations don’t act pro-actively. Working in isolation brings a constellation of cyber security challenges to the table. But, if tackled promptly, organisations have the opportunity to protect themselves and their employees from unnecessary cyber threats.”

What is cybersecurity?

Cybersecurity is the protection of Internet-connected systems, including hardware, software and data, from cyber-attacks. The goal of cybersecurity is to limit risk and protect IT assets from attackers with malicious intent. Cybersecurity best practices can, and should, be implemented by large and small organisations, employees and individuals.

What can cybersecurity prevent?

Cybersecurity helps prevent data breaches, identity theft and ransomware attacks, as well as aiding in risk management. When an organisation has a strong sense of network security and an effective incident response plan, it is better able to prevent and mitigate cyber-attacks.

Types of cybersecurity threats

• Malware: a form of malicious software in which any file or program can be used to harm a computer user, such as worms, computer viruses, Trojan horses and spyware
• Ransomware: a type of malware that involves an attacker locking the victim’s computer system files – typically through encryption and demanding a payment to decrypt and unlock them
• Social engineering: an attack that relies on human interaction to trick users into breaking security procedures to gain sensitive information that is typically protected
• Phishing: a form of fraud in which falsified emails are sent that resemble emails from reputable sources; however, the intention of these emails is to steal sensitive data, such as credit card or login information

Ransomware attacks are rampant in South Africa and becoming more sophisticated, as hackers try to encrypt both production and back-up environments – and the value of ransom demands is climbing. There has also been a spike in incidents where business emails are compromised to enable fund transfers into incorrect accounts.

Recent cyber attacks

These are just a few of the cyber-related incidents that took place in 2019 and early 2020:

South Africa:

• Hackers stole 1.7-million Nedbank in February) by breaching the systems of a third-party service provider that sends SMS and email marketing information for the bank
• The City of Johannesburg estimates it lost R50-million in October last year when it fell victim to a ransomware attack (see the video embedded in our previous communication about cybersecurity)
• Three months before that, Johannesburg electricity utility City Power also fell victim to a ransomware attack, which briefly encrypted its databases and prevented customers from accessing its website and buying power units
• Insurance giant Liberty is still investigating a ransomware attack that happened in June 2018. The hackers claimed to have accessed 40TB of data, including customer and financial data – but never made good on their threat to release it

International:

• The UK Labour Party’s computer systems were brought down by a major dedicated denial of service (DDoS) attack
• Staff at money transfer service Travelex, and the UK’s Redcar and Cleveland Borough Council, had to resort to using old-fashioned pen and paper after they suffered ransomware attacks
• Four subcontractors of aircraft manufacturer Airbus were attacked by hackers seeking commercial secrets
• Chinese tech company Huawei accused the US government of hacking into its systems to disrupt its operations
• In turn, China was accused of distributing malware to its Uighur minority population using exploits for Apple, Google and Windows phones
• Suspected state-sponsored and non-state hackers from countries such as China, Russia, the US, Iran, Vietnam and North Korea were accused in 2019 of a plethora of attacks on government, military, energy, university, health, financial services, retail, corporate, dissident and media targets in other countries, mainly to steal information or demand ransoms
• An Israeli cybersecurity firm sold spyware that exploited a vulnerability in WhatsApp, which was apparently used to target human rights activists, and government and military officials in at least 20 countries