This is the first segment of a four part series devoted to helping small businesses understand cybersecurity and some of the steps that they can take to protect themselves. Small businesses are more susceptible to cybercrime simply due to the nature of the beast. Owners are embedded in the operations and success of the business and typically don’t have the additional staff to monitor and control potential breaches. It is this very reason that cybercriminals want to focus their devious activities and by knowing the methods and what to look out for, you can participate in your own security protection.
A majority of small business owners report that they don’t even bother to look into any emergency procedures until after they have experienced an attack. This is comparable to leaving your front door unlocked and opened and then trying to figure out what to do once a theft has occurred. It is critical for today’s business, no matter what the size, to take stock of the health of your cyber security and establish best security practices.
Guarding against cyber threats encompasses an entire arena of methods. Cybercriminals are adept at using any and all ways that they can to access your data and steal important business and customer information and the average attacks can be via:
- Network breach
- Malicious insider or outsider
- Email attachment
- Browsing/surfing the net
- Unrestricted or hidden Wi-Fi
- DDOS attacks
Read about the services Da Vinci offers by clicking here.
In the Johannesburg, SA 2015 Security Summit, it was revealed that in the prior six weeks, South Africa was the most attacked country on the African continent. Information shared included the fact that there had been a 150% increase in DDOS attacks in the prior eighteen months and that the attacks occurred where there were multiple compromised systems. The most common delivery method was via an infected Trojan that was the catalyst to target a single system that caused website downtime. While an average attack is around 9Gbps and lasts only around seventeen minutes, the larger attacks can last as long as a couple of hours. Interestingly, the attacks were not targeted to any specific type of company or organisation as cybercriminals are interested in the easiest success possible, no matter what the vertical.
In the same meeting it was released that 99% of all phishing expeditions are from organised crime origins and yet very few are prosecuted in South Africa.
Antonio Forzieri, of Symantec stated that 1 in 214 emails sent in SA last year involved a spear fishing attack. A single click of a mouse caused severe personal and financial loss as people fell prey to the email link. The effectiveness of these attacks increased from 3% to 70% when it included a private email address.
Another alarming fact is that South African Banking Risk Information Centre indicated that R2.2 billion is lost every year by South Africans due to phishing and internet fraud. Add to this that the fact that while SA has a cyber security policy, it is heavily criticised. Small businesses should not depend on the government to ‘bail them out’ in the situation of a security breach, data theft and financial or personal loss. The University of Johannesburg director of the Centre for Cyber Security, Basie von Solms indicated “The AU Convention shows SA is far behind as far as cyber security is concerned. Government and private sector must work together to cyber secure SA.”
Keren Elazari, Hactavist now security expert, Gigaom Research analyst and TED Talk speaker stated that the solution lies in de-centralising current systems. “When it comes to the global financial ecosystem we are at a massive shift point, moving from traditional 20th century finance that is centralised to a new financial world with micro payments, digital payments, digital wallets, crypto currencies and other forms of payments.” Elazari seems to feel that once this transition occurs it will help to empower small businesses so that they can have a larger say in their own cyber security.
Each year, small businesses are affected by more cybercrime than any others and this is expected to continue to rise unless owners establish the kind of crucial security strategies that can fend them off. DaVinci Forensics works closely with smaller companies for risk analysis, advice and even staff training. Small businesses must rely on ensuring the safety and security of their personal and customer data as part of the cost of doing business.