200 days. R5.8 billion. The cybercrime price tag is getting weightier.
A recent report by McAfee revealed that cybercrime costs South African companies more than R5. billion every year. Take a moment to absorb that number. Even with recent political mayhem affecting the value of the Rand, that’s a bill no business wants to foot. Add to this another startling statistic and suddenly cybercrime moves from that problem the media talk about all the time to a blazing reality that has to be addressed.
The other statistic? Santam revealed that South African companies take around 200 days to identify an online breach. That’s more than six months before a breach is detected, much less resolved, and a Kaspersky Lab report found that the longer it takes to locate a breach, the larger the price tag to recover from it.
These three reports are a drop in the statistical ocean as report after survey after analysis reveal a landscape plagued by relentless cybercriminals with an arsenal of technology tools at their disposal.
A security priority
Cybersecurity isn’t just a growing concern for the business, it’s a mandatory part of any sustainable strategy. Without a clear budget committed to the development and maintenance of security, the company is taking an unnecessary risk that may see it lose not only its reputation and data, but receive a hefty smack from the freshly minted POPI Act.
The South African organisation cannot claim ignorance if it is left behind or caught in a hack. Not only is POPI in effect, but it is expanding its reach with the 2016 Cybercrimes and Cybersecurity Bill which is now tabled before Parliament. The Bill defines numerous aspects of cybercrime that every organisation needs to understand, and POPI will impose a more than hefty fine if the organisation isn’t prepared.
There is every chance that you will be hacked. The difference between a prepared business and an unprepared one is the extent of the damage and the impact on its future.
Investment into cybersecurity foundations should be a priority, regardless of business size or income. In fact, research has shown that smaller businesses are more likely to be harder hit than the larger enterprise, especially in terms of the cost of recovery and repair. No matter what the business or how many people populate its halls, a robust cybersecurity strategy must be implemented and maintained.
It is a view shared by most organisations and service providers. The global security market has risen from $3.5billion in 2004 to a staggering estimated value of $120 billion by the end of this year. It’s driven by the volume of organisations, the growth of the online population, the increasing value of data as currency and, of course, the fact that every day new people are hooking themselves up to the internet.
To protect against the threats and to put the business on the best possible footing for the future, budget must be allocated to security and given the highest possible priority. It is also vital that internal processes reflect the same level of security as the technology. Employees must have access to clearly defined regulations, they must be trained to adhere to them at all times, and they need to understand why these regulations are essential. Sometimes the simplest breach was just that one time Dave in Marketing decided to ignore the rules.
In the third quarter of 2016, Panda Labs revealed that 18 million new malware samples had been captured. The Computer Crime and Intellectual Property Section (CCIPS) found 4,000 ransomware attacks a day since January 2016, and Kaspersky found that their volume had increased from one every two minutes to one every 40 seconds.
That’s a relentless onslaught against the business walls, every piece of code designed to get in, take what it needs and do what it wants. Now, for a moment, imagine the walls are made of clay.
Until next time, thank you for your continued support of First Technology.
Johan de Villiers Managing Director