By Adedapo Adesanya
As Africa faces the threat of rising cybercrimes, FBNQuest, through its Thought Leadership medium, has called on the need to recognise the strategic importance of managing companies’ security infrastructure.
In a note made available to Business Post, it stated that organisations of all sizes should be looking at what to do when (not if) they are hit by cyber-attacks.
Cybercrime is estimated to cost Africa $4 billion a year (a figure that hits $450 billion worldwide), broken down into yearly losses of $570 million, $500 million, and $36 million for the economies of South Africa, Nigeria, and Kenya, respectively.
Drawing real-life parallels, in early October 2020, Uganda’s telecoms and banking sectors were plunged into a crisis in the wake of a major hack on Pegasus Technologies that compromised the country’s mobile money network.
Hackers used approximately 2,000 mobile SIM cards to gain access to the system, and an estimated $3.2 million was stolen.
In June 2020, the second-largest hospital operator in South Africa, Life Healthcare, was hit by a cyberattack in the middle of the COVID-19 pandemic, paralysing the 6,500-bed provider and forcing it to switch to manual backup systems.
As per the International Criminal Police Organisation (Interpol), the most prominent threats in Africa, based on input from Interpol member countries and data drawn from private sector partners, identified that the top five threats listed in the report include online scams, digital extortion, email account compromise, ransomware, and botnets.
FBNQuest noted that “the current international threat landscape is incredibly diverse and includes a resurgence of bored teenagers who hack just for the fun of it, nation-state groups, and cybercriminal syndicates and gangs. For the latter groups, the operational objective is to leverage a new exploit to extort millions and achieve an extraordinary return on investment.”
It then tasked organisations to apply the fundamentals of cybersecurity that will offer protection. This includes tightening the email loop, which makes it difficult to fall for phishing attacks.
Others include fending off malicious ransomware, securing network access, shutting down internal threats, solidifying storage and backups, as well as managing vulnerabilities, noting that, “The key to successful vulnerability management is to identify all the ways an attacker can move throughout your network and reach your business-critical assets. Once you have identified these attack paths, you can focus on locking down chokepoints and stopping hackers before they even get started.”
It also tasked parties to ensure that a detailed Incident Response Plan (IRP) is put in place.
“Cyberattacks may be inevitable, but a detailed Incident Response Plan (IRP) provides both a buffer and an antidote if the plan is tested. This means that the first time to verify an IRP is not in the middle of a crisis.
“The best way to determine whether the company’s IRP is effective is through tests that assess the readiness of their incident response teams. These tests, which work for all-size companies, come in the form of fire drills and tabletop exercises (TTXs). Each test serves a different purpose.”
The company noted that while cyber-security has been largely associated with computers and IT infrastructure, greater consumer use of smart devices has raised overall vulnerability. At the enterprise level, shifting to cloud computing may have cut company costs significantly, but it has also increased the risk of digital attacks.
“Despite the broad-based implications of these risks, many businesses are unprepared to deal with them, as the alarming number of threats clearly indicates. These developments imply that security is no longer merely a concern of IT managers, but a key boardroom topic because enterprises need to recognise its strategic importance. Companies need to beef up their security infrastructure to prevent breaches while simultaneously building a sustained organisational culture of safety,” it warned.