South Africa, prepare for more cyber attacks
South Africa, prepare for more cyber attacks
Cyber security solutions firm Fortinet has issued a stern warning to South African businesses and organisations: prepare for an escalation in cyberattacks as digital criminals expand targets to home network devices and mobile devices.
According to Fortinet's Global Threat Landscape Report for Q2 2017, 90% of organisations recorded attacks targeting system and device vulnerabilities that were at least 3 years old – even though updates and patches that corrected those vulnerabilities had long been available.
The company says that even more alarming is that approximately 60% of organisations reported successful attacks that had targeted vulnerabilities that were 10 or more years old. Moreover, 1 in 20 of such attacks today target mobile devices, such as Android-based smart phones and tablets.
Fortinet adds that cyber attackers target a wide range of known vulnerabilities in these devices − known collectively as IoT − in order to control them remotely, collect users' data, or install malicious code.
"That allows attackers to aggregate millions of similarly compromised devices into huge cyber weapons known as botnets that can be used to generate huge volumes of data traffic that can overwhelm and shut down targeted online organisations or cripple Internet traffic," the security company adds.
Fortinet recently released the findings of the 2017 Global Enterprise Security Survey, which, for the first time, included South Africa.
The survey examines the changing attitudes towards security in business during July/August 2017.
"With ransomware, data breaches and other cyberattacks successfully infiltrating organisations on a daily basis, sometimes it can be hard for the board to find somebody to blame. In some cases it's obvious, such as when identified malicious insiders are the culprits. But other times, when the cause is not so blatant, the hammer will usually come down on the office of the CIO/CISO and their team. And in some cases, they may be correct to do so – sometimes everything may not be up to scratch, from both a technology and a process perspective," the company explains.
IT security spend
Paul Williams, country manager – Southern Africa at Fortinet, said based on information from the survey, IT security spend on security has increased as has knowledge of the prevalence of cyber security attacks like malware and ransomware.
"If you look at the wannacry virus that hit us with regards to the beginning of this year, 24% worldwide were affected, and (in) South Africa it was 25% ... although we think we're outside the realm of global, sometimes we are affected as badly if not worse sometimes with certain viruses," he said.
Despite the increase in spend, the reality is that it is not enough to date Williams continued. "If they were spending 20% two years ago, they are now spending 40% or 35%, so it is not a dramatic increase, it's just an increase."
When it comes to knowledge of security and general awareness, the survey found that on a management level and IT department level, most people in the organisation understand cyber security threats but often lack the knowledge of physically understanding advanced threat prediction mechanisms and what technology is available to facilitate this.
According to Williams the main message to the market is that security is a reality and a grudge purchase perhaps, but any company in any vertical has to take responsibility – and this means proactive input from all role-players (including the CIO, CTO and CFO) to understand the implications of security breaches.
This involves security technology policies, governance model review and other security implications across the board.
Williams explained that while there are parallels that the rest of Africa can draw from the South Africa findings, it is necessary to take a country-specific approach.
"With the rest of the continent, you have to be more country specific...for Nigeria, West Africa English speaking I would say perhaps 70%, for English speaking East Africa and Egypt I would say also again 70%, and for North Africa I would say about 80%. And also some of the countries in between that the answer is really 40% or 30%, because the maturity value of the security personnel and the understanding cyber security in those countries is very low."