Due to the lack of attention and security efforts, South Africa is becoming one of the main countries that cyber criminals are turning to for open attacks. The crisis is found in both private citizen and corporate situations where personal information is accessed and stolen and critical company data and proprietary information is accessed. Without confirmed legislation in place, it is up to the individuals and companies to take action to protect their data.
Consulting systems engineer for security solutions at Cisco South Africa, Greg Griessel stated, “Attackers have become more proficient at taking advantage of security gaps and are targeting unsuspecting South African users.” He continued to say, “At any given time, we should expect for one per cent of high-urgency vulnerabilities to be actively exploited, while 56 per cent of all OpenSSL versions are still vulnerable to Heartbleed.” This validates the Cisco 2015 Annual Security Report that examines both the cybersecurity trends as well as the concept of threat intelligence in the country.
Cisco has reported that the cyberattack trends are showing the use of what is called ‘snowshoe spam’. This is a situation where the attackers initially avoid detection through the use of sending low volumes of spam from a large set of IP addresses and then make use of combining additional programs such as JavaScript and Flash to make detection even more difficult. These attacks are particularly threatening for company environments where the attack may not appear to be suspicious.
Sharon Knowles, CEO of Da Vinci Forensics says:
Companies may often think that they have some security protocols in place but may not be aware of the lower level cyberattacks that can occur due to lack of employee or staff education on the subject. Part of the DaVinci Forensics process to help to ensure security of critical corporate and customer data is to work in conjunction with all departments to assist in a proactive approach.”
There is a high priority need for companies to take control of the destiny of their own data through the establishment of security teams that are constantly monitoring and improving their organizational protection. Attackers will consistently make alterations and changes in their attack styles and take into consideration such factors as conflicting cross-border data localizations, geopolitical motivations, sovereignty requirements and known legislations that have not been instituted.
Greg Griessel emphasized, “Security is now the responsibility of everyone within South African organizations, from the board room to individual users. Security leaders and practitioners need the support of the entire business to combat malicious actors who are increasing in their proficiencies to exploit weakness and hide their attacks in plain sight.”
The price that is being paid from SA companies that have experienced cyberattacks is mounting on a daily basis. While some companies may report an attack, there are many that simply choose not to acknowledge so that they do not lose the faith of their customers as well as a degrading of their reputation. Corporations need to work with professional companies that specialize in cyber security to ensure that something that could have been avoided does not throw them into a crisis.
The time has come for companies to be in control of their security destiny
*** Source***
CNB Africa.com