2020-09-16 As shocking as the statistics that 9% of companies around the world report experiencing a cyber attack every hour and 22% experience at least one a day, is that 32% of companies say they haven’t been targeted. This is according to the Acronis Cyber Readiness Report 2020. Given the rise in cyber attacks driven by the COVID-19 pandemic, it seems highly likely that the latter group of companies simply aren’t aware they are in fact being attacked and that these attacks aren’t being stopped.
Even before the pandemic, cyber attacks were expected to rise this year given the increase in endpoints and amount of data being created that was critical to organisations’ livelihoods. And hand-in-hand with this rise in attacks, is an increase in the impact on companies that goes beyond financial. When consumers are uploading everything from biometrics, location and financial information a data breach and operational downtime also destroy trust and brand loyalty.
Roundup of recent high-profile local attacks
Just looking at South Africa, there have been several successful high profile attacks this winter. The following are just a selection of the 25 breaches reported to the Information Regulator in the last four months:
Construction group Stefanutti Stocks shut down its IT systems to respond to an attack and data breach. It did not share which details were compromised.
A subsidiary of Momentum Metropolitan lost administrative and financial data in an attack.
Lombard Insurance experienced a data breach which it reported in August. It did not share which details had been accessed and the number of customers affected.
Life Healthcare experienced extensive IT downtime into July after an attack that took its administration systems for southern Africa offline.
Also noteworthy are:
The Experian breach in August, which although strictly speaking wasn’t a cyber attack but an old fashioned piece of social engineering, resulted in the personal identification information of 24 million South Africans for sale online. This reminds us just how much our online and offline worlds have converged, and that as sophisticated as attacks become, we still need to be wary of traditional threats.
And the Garmin ransomware attack in July reminds us that the impact of cyber crime knows no borders as consumers increasingly have access to global services. And that cyber crime pays as companies make the call to pay ransoms in order to survive, and that this inevitably fuels further attacks.
All of which points to the view that the 32% of companies that think they haven’t been attacked more than likely have. But because they were unaware of attacks, they were unable to stop them, meaning criminals are likely to be lurking on their networks today. And further, these companies are not patching their vulnerabilities to prevent future attacks.
Written for publication on the Synapsys website on 16 September 2020