Lately I’ve been getting an ever-increasing number of articles on cybersecurity in my inbox. It’s easy to put it on the backburner, but there is no doubt that this is a very serious problem that’s not going to go away if you ignore it. Unsurprisingly, the weakest link is people, although they usually don’t get treated as harshly as those in the game show, The Weakest Link − remember that?
We generate around 2,5 quintillion bytes of data every day, leaving us all vulnerable to data misuse, cybersecurity attacks and identity theft, both in our own lives and in the commercial and industrial world. In a recent survey of 500 security executives from 13 countries around the world, including South Africa, cybersecurity company Trellix’s ‘Mind of the CISO 2023’ report has some sobering numbers. I thought the statistics were quite interesting.
Cybersecurity incidents involving phishing were at 40%, ransomware at 36%, business email compromise at 32%, and credential stealing at 28%. The report also said that 28% of attacks were state-sponsored, meaning hacking syndicates backed by hostile states, while 24% were inside jobs. The leading cause of major cybersecurity incidents was password misuse at 56%, followed by insider threats at 44%, supply chain breaches at 40%, non-detection by existing technology at 40%, and missed vulnerabilities at 36%. These incidents led to a loss of customers, business downtime, reputational damage, regulatory penalties, and higher insurance premiums. Only 60% of the respondents were fully covered by their cybersecurity insurance.
There are plenty of examples locally. In 2020, the credit bureau Experian had a data breach that exposed the personal information of 24 million South Africans and 790 000 business entities; and the hack of TransUnion in 2022 exposed millions of South Africans to potential risk. There are more. Liberty Holdings, ViewFines and Ster-Kinekor were all attacked. The Dis-Chem cyber attack resulted in the data of over 3,6 million South Africans being compromised. I’m sure we’ve all had random emails and WhatsApps where we wondered how they got our information.
The most devastating ransomware attacks almost always begin with a simple Spear-Phishing attack to get a user with valuable credentials to click on an infected link. Of the South African companies surveyed by Trellix, 78% said they had paid a ransom of between five million and ten million dollars.
There are many technical solutions that can be put into place, but the most important barrier is your people. The key lies in strong passwords, regular training, checking your links with your end users and vendors, and not clicking on suspicious email links. A little prevention today could save you from huge problems tomorrow. As an example, I still remember my very first computer − a long time ago. It was a 64K Apple that I was ridiculously proud of, and my very first password was − password. At least that wouldn’t happen today.
At the recent MESA conference, I heard of another typical example. This was the story of a company in Abu Dhabi that was subject to a cyber attack. On the first two tries the hackers were unable to breach the company’s security. Then they employed three pretty girls to stand outside the offices and offer the people going in a free USB stick. Within five minutes they were in, and had all the information.
You also need to get your people’s cooperation, which is where training comes in. Nowadays, process plants operate on a whole new level. Everything is interconnected. While this brings huge benefits in productivity, it also makes them vulnerable. In response, companies are putting into place such strict policies that it’s very difficult to get access to a plant to work on it, and this is creating resistance from workers.
In the future, cyber resilience is going to become even more important. Looking ahead, quantum computing has the potential to take this to a whole new level. Quantum computers can perform calculations exponentially faster than today’s computers. We can expect to see the arrival of post-quantum cryptography to make cryptographic systems secure against attack.
On the other side, as quantum computers become more powerful, they could be a threat to current encryption standards like RSA. ‘Bad actors’ could decrypt encrypted data that is considered secure, potentially exposing sensitive information. While a regular computer needs millions of years to crack RSA algorithms, a fast quantum computer would take hours. Today’s encryption algorithms would become obsolete, putting communications, financial transactions, and military defences at risk.
The race is on to develop new quantum-resistant encryption methods that can withstand attacks like this. I’m optimistic that the good guys will win.
| Tel: | +27 11 543 5800 |
| Email: | [email protected] |
| www: | www.technews.co.za |
| Articles: | More information and articles about Technews Publishing (SA Instrumentation & Control) |
© Technews Publishing (Pty) Ltd | All Rights Reserved
printer friendly version