[Sponsored] Protecting Against Ransomware Attacks: Lessons from Recent POPIA Fine

Issue 6 2023 Information Security, Security Services & Risk Management

The South African Department of Justice recently faced a hefty fine from the PoPIA regulator due to a data breach caused by a ransomware attack. This incident serves as a stark reminder of the increasing threat posed by ransomware to organisations. According to Sophos’s most recent ransomware report, an alarming 78% of the South African organisations that Sophos surveyed experienced ransomware attacks in the past year.

Here we delve into the key statistics from the report and provide insights on how companies can bolster their security measures to mitigate the risk of data loss.

The growing ransomware threat: In South Africa, exploited vulnerabilities were the primary cause of ransomware attacks, as mentioned in the survey, accounting for 49% of incidents. Additionally, compromised credentials were used in 24% of attacks. These figures highlight the critical importance of addressing vulnerabilities promptly and adopting robust identity management protocols to safeguard against unauthorised access.

Data encryption and theft: An alarming 89% of attacks resulted in data encryption, surpassing the global average of 76%. Disturbingly, data theft occurred in 35% of attacks where data was encrypted, higher than the global average of 30%. This underscores the need for organisations to reduce time to detection and time to respond preventing data exfiltration and encryption.

Effective recovery methods: Fortunately, 100% of South African organisations whose data was encrypted managed to recover their data, slightly surpassing the global average of 97%. Backups continue to be the most common method for data restoration, with 76% of South African respondents utilising this approach. Maintaining comprehensive and up-to-date backups is crucial to quickly restore data and minimise downtime.

The dilemma of ransom payments: While it is discouraging that 45% of the organisations surveyed in South Africa paid the ransom, this figure has seen a slight decline compared to previous years. It is essential to emphasise that paying the ransom does not guarantee the return of stolen data or prevent future attacks. Organisations should focus on implementing preventive measures to avoid falling victim to ransomware in the first place.

Parallel recovery methods and costs: Approximately 24% of South African organisations that experienced data encryption used multiple recovery methods simultaneously, demonstrating the importance of a multi-faceted approach to data restoration. Furthermore, the average cost incurred by South African organisations for recovering from a ransomware attack, excluding ransom payments, was $750 000. Although this is lower than the global average, organisations must consider the comprehensive impact on downtime, lost opportunity and other associated costs.

Business impact and recovery time: Ransomware attacks have severe implications for businesses. In South Africa, 82% of affected organisations surveyed reported losing business and revenue, which is slightly lower than the global average of 84%. Recovery times varied, with 53% taking up to a week, 29% requiring up to a month, and 19% facing recovery periods of one to six months. Minimising downtime and implementing efficient incident response plans are crucial to reduce the operational and financial impact of attacks.

The role of cyber insurance: The report reveals that 98% of South African organisations have some form of cyber insurance coverage, with 66% acknowledging that the quality of their defences affected their ability to obtain coverage. In addition, 61% stated that the quality of their defences influenced the cost of their premiums. This highlights the importance of maintaining robust security measures as a prerequisite for obtaining comprehensive cyber insurance coverage.

The recent fine imposed on the Department of Justice reinforces the urgent need for organisations in South Africa to fortify their defences against ransomware attacks. By addressing vulnerabilities, implementing strong authentication measures, prioritising data backup strategies, and fostering a comprehensive incident response plan, companies can significantly reduce the risk of data loss. Additionally, organisations should strive to maintain cyber insurance coverage that aligns with their security posture, ensuring adequate protection and financial support in the event of an attack.

Find out more at www.sophos.com


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
SMARTpod talks to The Risk Management Forum
SMART Security Solutions Editor's Choice News & Events Security Services & Risk Management Videos Training & Education
SMART Security Solutions recently released its first SMARTpod podcast, discussing the upcoming Risk Management Forum Conference 2024, which will be held on 26 September 2024 at the Indaba Conference Centre in Fourways, Johannesburg.

Read more...
There is a SaaS for everything, but at what cost, especially to SMEs?
Editor's Choice Information Security Security Services & Risk Management
Relying on SaaS platforms presents significant cybersecurity risks as the number of providers in your landscape increases, expanding your attack surface. It is important to assess the strength of the SaaS providers in your chain.

Read more...
Addressing today’s mining challenges: cyber risks beyond IT
Editor's Choice Information Security Mining (Industry)
Despite the mining industry’s operational technology systems being vulnerable to cyberattacks, many decision-makers still see these threats as purely an IT issue, even though a breach could potentially disrupt mining operations.

Read more...
Get proactive with cybersecurity
Information Security
The ability to respond effectively to a cybersecurity breach is critical, but the missing piece of the puzzle is a thorough, proactive evaluation to ascertain weaknesses and identify any hidden threats.

Read more...
How to effectively share household devices
Smart Home Automation Information Security
Sharing electronic devices within a household is unavoidable. South African teens spend over eight hours per day online, making device sharing among family members commonplace. Fortunately, there are methods to guarantee safe usage for everyone.

Read more...
How to securely manage your digital footprint
Information Security Training & Education
Managing your online presence is critical to safeguarding your privacy and security. It is imperative to take a proactive approach, including using robust cybersecurity best practices.

Read more...
The state of code security in 2024
Information Security
The 2024 State of Code Security survey reveals that organisations have continued to shore up application security defences over the last year, according to OpenText Premier Partner iOCO Application Management.

Read more...
What is the level of safety and integrity of the software supply chain?
Information Security IoT & Automation
Organisations are embracing AppSec practices and focusing on their software security posture. However, they highlight that insufficient funding and security resources, plus a disconnect between developers and security teams, remain major roadblocks.

Read more...
Innovation and security go hand in hand
Technews Publishing Facilities & Building Management Security Services & Risk Management
In a world where the demand for tech innovation is matched only by the acceleration of cybersecurity threats, businesses face the challenge of balancing new product development and robust security measures.

Read more...