Stalker Hutchison Admiral, a Santam-owned subsidiary, a liability and underwriting management agency, indicated that their statistics show that it takes an average of two hundred days for a company to identify and realise that a security breach has occurred. Candice Sutherland, a business development consultant at Stalker Hutchison Admiral stated that there were no exact cybercrime figures available for the reputational damage that companies faced and that it led to them keeping breaches quiet, thereby taking years for a firm to detect a system breach.
Hutchison continued to say “We must remember that these are highly skilled, highly trained cyber criminals and syndicates whose main aim is long-term attacks and staying hidden on networks for extended periods of time. They often bypass the system completely unnoticed for months and even years – unfortunately there is no big siren and red flag waving hack attack.”
The length of time that it takes for discovery, combined with the inherent attitude of secrecy for release of the information has led to the ability of cyber hackers to not only get away with their crime, but to have already moved on to other companies.
There were several websites that failed last year due to what is called a DDoS attack, implemented by the hactivist group known as Anonymous Africa. A DDoS attack is server specific, flooding it with so many information requests that it causes an overload and eventual shut down. While the attack doesn’t allow data or server access, it does weakens the IT infrastructure. This is the organization that was responsible for the 2013 cyberattack on both The Herald, a Zimbabwe state-run newspaper and the ANC website.
Sharon Knowles, CEO of Da Vinci Forensics says:
“The main component of a security breach is in the assumption that each company has taken internal actions that should be sufficient. There are always areas that can be overlooked and Da Vinci Forensics knows what stones need to be overturned to find every weakness. The complicated and sophisticated world of cyberattacks cannot be addressed with a single answer or action, but instead with an overall holistic approach.”
Da Vinci Forensics offers a Network and IT Management Solution
The increase of hactivist group attacks that are target-specific is an example of the way companies should be paying attention. They have included government agencies such as Israel, the United States, Uganda and Tunisia as well as such corporations as Sony, PayPal, Visa, and Mastercard.
Space Age Technology marketing director of IT, Chris Welham stated “I have chatted to our operations manager, whose team is responsible for monitoring our clients’ service and networks. He agrees that there has been an increase in both automated attacks as well as more and more major vulnerabilities in software are being exploited.”
Gadget.co.za founder of World Wide Worx, managing director and editor-in-chief, Arthur Goldstuck, indicated that there isn’t any real quantification on how many companies have been victims of cybercrime, but did agree that there was an increase, although South Africa is not listed as the worst country in the world.