This year we saw City Power in Johannesburg fall victim to a ransomware attack that not only crippled its Web site, but left consumers unable to buy pre-paid electricity. Sadly, this is just one example where local organisations are increasingly being targeted by malicious entities.
Further afield, in the US alone, more than 20 public-sector organisations have experienced ransomware attacks this year. And is evident by the City Power instance, nobody can consider themselves safe.
According to the findings of “The State of Enterprise Security in South Africa 2019” report conducted by World Wide Worx in partnership with Trend Micro and VMware, 35% of South African IT decision-makers are expecting some form of attack to occur not within years or months, but days.
Whether it is in the public sector or private, an SME or enterprise, a company with huge IT security budgets or the ones relying on a firewall and anti-virus, ransomware has become one of the most significant threats in the digital world today.
Even worse, depending on the type and severity of the ransomware attack, the damage could take weeks or even months to repair. Given the likely cost in terms of downtime, disaster recovery, and lost business, many decision-makers may opt to pay the ransom. But not only will this encourage more of this behaviour, there is no way of knowing whether the cybercriminals will decrypt the data once paid.
Only 57% of those surveyed believe they can detect evidence of a malicious breach within a few minutes. However, nearly half of businesses (43%) say it might take them a few hours, or longer, to detect a breach. Considering the speed at which ransomware can infiltrate a system, this means the damage would likely be irreversible by the time an attack is identified.
With cybercriminals cottoning on to just how lucrative ransomware can be, these attacks will only increase in frequency over the coming months. The research highlighted that the biggest shortcoming in cybersecurity preparedness is outdated software, with a whopping 77% of IT decision-makers claiming that it makes their organisations highly vulnerable.
Even if you forget the danger of ransomware, out of data systems mean the organisation is vulnerable to any kind of malicious attack. Who can forget the WannaCry ransomware attack of 2017 where companies worldwide were caught with the proverbial digital security pants down? Judging by this recent research, the lessons learnt were quickly forgotten.
Fundamentally, the approach to IT security in a cloud and digital era must change rapidly and dramatically. Senior financial decision-makers must learn that when it comes to data protection, an ounce is worth a pound of lost data and productivity. Having strong information and data security solutions in place is essential. But a cultural shift towards security awareness and collaboration across all parts of the business is also required.
At a time when ransomware becomes commonplace, no business can afford to be lax when it comes to keeping their systems and software updated, and their staff educated on basic security hygiene.