Simon Colman, Business Head of Digital and Financial Lines at SHA Risk Specialists (a division of Santam)

Covid-19 has changed the cybercrime landscape. With more people working remotely, employees are inadvertently creating opportunities for hackers to forge tunnels into company networks through often unsecured connectivity. It can be expected that this trend will continue as businesses adopt hybrid work from home/office strategies. Last year, South Africa had the third highest number of cybercrime victims globally, according to Accenture. Phishing remains a significant trend. And we’re seeing more state-owned entities, banks, law firms, SMEs and healthcare providers get hit. It should be a business imperative to proactively mitigate cybercrime risks.

How SA tracks globally

In 2020, South Africa suffered 577 malware attacks every hour, with fraud via mobile banking apps doubling within a year. Cyber-attack losses totalled R2.2 billion. Accenture speculates South Africa might be a testing ground for malware, due to less robust cybersecurity systems here. Globally, the country ranks 59^th out of 182 countries for cybersecurity, and it comes eighth on the continent. 

A slew of attacks reported recently have seen some of the biggest names in banking, insurance, transport and in the public sector affected. Most recently, the justice department also announced that it was a victim of a cybercrime this year, demonstrating the no system is safe. 

Over the past two years,  (SHA Risk Specialists) – a division of Santam – conducted surveys of almost 1600 randomly selected business owners, the vast majority of which were in the SME sector We found that 30% of these had experienced a cyber-attack within the last 24 months. Another 25% had fallen victim to a ransomware attack. Astonishingly, however, almost 50% of businesses still didn’t believe they were at risk.

This lack of awareness and worrying level of complacency may render South Africans particularly vulnerable. One of the problems might be that the country is so exposed to crime that incidents that don’t involve violence don’t make the news. So, there’s less awareness of the prevalence of this kind of activity. Many SME business owners also incorrectly assume that the data they hold has no value to hackers and they therefore will not be targeted. The vast majority of SME incidents involve ransomware which is often a completely random attack.

Cybercrime in the current COVID-19 landscape and what we should be looking out for

We are seeing a cybercrime spike. Currently, more people are working from home and connecting back to the office without using VPNs. It’s tricky to detect when data has been compromised – gone are the days of a virus showing up as a blue screen with a smiley face! Now a trojan or piece of malware lurks unseen in the system, ‘sleeping’ or actively extracting data for an external source. 

• Phishing – when a person is targeted via email, phone or text by someone posing as a legitimate (and often known) institution or individual to extract personal information like credit card details or passwords – remains a top trend over this time. Just think how many emails you receive in a day! Would you be able to spot a cleverly worded request from your ‘boss’ asking for the password for your company site to do some very creditable-seeming updates?
• Ransomware - involves encrypting all the data on a company’s hard drives and servers and demanding a ransom in exchange for its return. It’s also rife right now.

Local banks and the online retail, healthcare and legal sectors are currently being hit hard. Healthcare has always been a big target overseas so it’s unsurprising this trend is coming to South African shores.

What can be done to mitigate cybercrime? 

It starts with awareness training for an entire team, irrespective of company size. Interactive training tools should be explored. It’s imperative to understand the current cybercrime landscape and trends. 

Then it’s about putting proactive mitigation measures in place. Do regular backups and invest in antivirus protection. Our survey found 25% of SME businesses ended up paying ransoms that averaged about R25 000. Out of the 25% that paid, a further 20% got hit a second time. The first time, hackers attack randomly. The second time, you’re a ‘paying client’ to them. It stands to reason that if regular backups of critical data are not maintained, that the business owner may think the only solution is to pay the ransom.

Those numbers were dwarfed by the cost of business interruption and downtime. About 12% of the victims of cybercrime in our survey experienced business interruption that cost them in excess of a million rand in downtime. Losses can stack up faster than you can imagine. 

It’s crucial to have the right cover in place that combines risk management services and insurance to cover business interruption costs, ransomware, forensic costs and more. 

Innovation in the insurance industry has more momentum than ever before, which is just as well because the rising complexity of the emerging risks we face require a commitment to innovation.

The proliferation of technology coupled with remote work have created the ideal environment for smart, opportunistic cybercriminals. While cybercrime insurance provides quick access to service providers that help alleviate the resultant fallout and clean up required after an attack, simple measures such as updated anti-virus software, good password management and educating employees will help prevent major cyberattacks.