by TINTSWALO BALOYI
JOHANNESBURG – SOUTH Africa’s Internet Service Providers’ Association (ISPA) has urged local companies to routinely evaluate ransomware defences and regularly test disaster recovery procedures as local firms are increasingly in the sights of organised cyber criminals.
ISPA warned that with the average cost of remediating a ransomware attack in the country estimated last year by cyber security firm Sophos to be R6,4 million (US$350 542), there are significant financial and legal risks to exposure to the online realm.
“Cybercrime disrupts more than business operations, it exposes organisations to reputational and regulatory risk,” said ISPA chair, Sasha Booth-Beharilal.
The executive said in addition to ransomware attacks becoming more frequent, developments overseas suggest that policing agencies globally are not considering the payment of ransom as a mitigating factor when considering enforcement actions.
“This, again, underscores the importance of a proactive approach to cyber security,” Booth-Beharilal said.
Ransomware is an increasingly common type of malware that infects a target and threatens to restrict access until a ransom is paid or publish a victim’s confidential data. Ransomware is mostly designed with a mechanism for the victim to pay a ransom to access their data or secure the attacker’s silence.
ISPA maintains it is risky not to immediately patch known vulnerabilities targeted by organised cybercriminals.
Ensuring industry-accepted best practice principles are followed helps to protect against cybercriminals and their ransomware demands.
To be safe, ISPA recommends the adoption of IT policies such as the Principle of Least Privilege (PoLP) and Segregation of Duties (SoD) across businesses, regular penetration testing is performed and adoption of vulnerability management tool.
Also, legislative imperatives should not be overlooked. In terms of the Protection of Personal Information Act 4 of 2013 (POPIA), businesses are required to mitigate risk relating to the processing and storing of personal information.
– CAJ News