Hackers lurk and know what they’re doing. SA firms must be prepared

In Hollywood blockbusters, organised criminal syndicates are often portrayed as flashy gangsters being wiretapped or trailed by the police. While they may “do their business” in the shadows, usually the victim sees them coming — even if it is too late.

Similarly, when we secure our homes and business premises we invest in security gates and bars for the windows, alarm systems and contract the services of armed response companies. While it is never guaranteed that one can eradicate the risk of crime, dealing with physical threats that you can see makes planning a little easier.

In the digital world, it is different. Highly organised criminal syndicates lurk in corners of the web and dark web waiting to pounce. Rather than being opportunists, these syndicates have highly advanced research and development wings and use sophisticated social engineering techniques and software. They are not limited by geography or time — they can, and will, pounce at any time of the day or night. Every single device and employee is a door for them to attack.

In recent months we have seen SA organisations in both the public and private sectors fall victim to attacks. The risk-reward ratio tipped in the hackers’ favour — estimates show hackers received more than R6.3bn in ransom payments last year. While awareness is certainly improving, there is a worrying trend that represents a significant threat to SA.

Ransomware attacks are now targeting supply chains, creating threats for governments, municipalities, hospitals and businesses. As we experienced recently, we know SA can ill afford extended breakages or blockages in the supply chain.

With a global increase in ransomware attacks targeting supply chains, organisations must implement stronger, layered security strategies to protect themselves. Cybercriminals often spread their net to see what they can catch, meaning many of the hits against the supply chain may be “accidental” — third-party collateral due to unsecured back doors uncovered by attackers. Rick Vanover, senior director of product strategy at Veeam, says that effective supplier collaboration and transparency, robust data backup and improved security maintenance are vital to try to see off this threat.

Supply chains are incredibly complex webs of trading partners, commerce transactions, logistics and more. In light of this, Vanover says globally it is smart business practice to ask your suppliers how they are improving security measures and protecting against ransomware attacks. We should be doing the same in SA.

A thorough approach to supply chain management takes into consideration that you’re only as secure as your least secure trading partner or supplier. You can do everything perfectly in terms of your own security measures, but one supplier’s lapse in security can have crippling effects for the entire supply chain.

While C-suites always try to cut costs, data backup and recovery is one area where no business should cut costs or corners. It is true that a robust backup and recovery strategy won’t keep you safe from ransomware attacks but it will place the business in a far stronger position when the inevitable does occur. It leaves hackers with fewer options when you’re able to recover critical data quickly on your own. In other words, it tilts leverage in your favour.

Implementing the right data solutions is only the first step. You must maintain and continually test them. Vanover says an effective way to do this is to try to think like a hacker. There are many different ways to simulate attacks, including hiring professional, ethical hackers who can target your organisation to find out where you’re most at risk — but with no real-world danger. He says if you cannot, or choose not to, hire professional, ethical hackers, it’s important to test your backup and recovery solutions frequently and thoroughly to find risks, and then fix them.

We’ve read countless articles about how the pandemic forced organisations into the cloud to enable a work-from-home environment. It’s true there has been an unprecedented and rapid evolution in SA business. It’s not inconceivable to imagine that because of the rush during the hard lockdown last year, some IT departments just didn’t have time to adequately prepare. Ask yourself, are you sure mistakes weren’t made or that virtual doors were not left open?

Vanover reminds us that it is best practice to revisit all protocols that were adopted as part of the initial cloud migration to ensure they’re secure, hardened and cost-effective. Hyperscaler cloud settings can change at a moment’s notice — organisations must therefore continually monitor, evaluate and implement the latest security standards.

IT departments have a responsibility to identify weaknesses and areas of vulnerability and motivate for support and budget.

Earlier, we spoke about organised syndicates. They’re so sophisticated now that a new trend is raising eyebrows: ransomware-as-a-service (RaaS). RaaS is a consumer-driven offering that multiplies the volume of attackers by lowering the technical skill required to launch a ransomware attack.

Organisations must evolve and move to keep pace with cybercriminals. Like a game of rugby, if the opposition’s attack keeps finding holes in your defensive structure then it is time to evolve and find a better way to fend off their attacks. This includes supply chain transparency and cooperation, data backup and ongoing security maintenance. This is how you try to stay out of the headlines for the wrong reasons.

Ian Engelbrecht is a Veeam Software Systems Engineering Manager in Africa