Has your business planned for the worst?

Issue 5 2023 Editor's Choice, Information Security, Security Services & Risk Management

Cybercrime might not get the same attention as contact crimes, but it's nonetheless devastating. During 2018, the US Federal Bureau of Investigation (FBI) received over 350 000 complaints relating to cybercrime, with losses exceeding $2.3 billion. But that turned out to be small numbers: in 2022, the FBI received over 800 000 complaints, tallying to losses of over $10 billion. South Africans were not spared, losing around R2,2 billion to online criminals last year. Many of these victims are small and medium businesses, some of which do not recover from the criminal attack.

How can organisations protect themselves against cybercrime? According to Guy Golan, CEO and Co-Founder of Performanta: "It requires several things, such as threat monitoring, awareness training, and good security practices like patching and configuration management. Out of all those actions, an incident response plan is one of the most important. Unfortunately, it's also very often overlooked or neglected."

South African companies cannot afford to skip that step. Cybercrime activity in the region has grown year-on-year, both as an activity and a threat. The 2022 Data Vulnerability Thermometer ranks SA as fifth globally for cybercrime victim density, and Interpol's 2022 Africa Cyberthreat Assessment report predicts that the country could soon be Africa's biggest cybercrime hub.

Incident plans: security ICU

Yet many local organisations still skirt crucial security measures. Specifically, they overlook the necessity of incident response plans.

Incident response, or IR, is a specialised part of security. One can compare it to a hospital's intensive care unit: IR kicks in when the organisation detects a breach of its systems. Like medical specialists rushing to save patients, stabilise them and get them out of danger, IR stops criminals from doing more damage.

An incident response plan is the lynchpin of this response. It defines actions based on business priorities, establishes key response team members and stakeholders, and determines reporting requirements for legislators, shareholders, and the media. It literally tells companies who to call when trouble hits: it's the emergency contact on a fridge or saved on a phone.

"IR can be compared to ICU," says Golan. "Every second counts. Experts need to work out what's wrong and take immediate action. The infection, disease or bleeding must be controlled and reduced. You can easily use terms such as 'triage' or 'golden hour' in this regard because they fit.

Now imagine if you didn't have access to an emergency contact or if you can't reach a hospital fast enough? This is exactly what happens when there isn't a ready and tested IR plan, and an IR team to execute it."

When they don't reach ICU, patients can die. It is dramatic to suggest cybercrime can kill a business, though that is a reality for smaller organisations. Larger enterprises can take the blow, but at significant costs. A security breach can cost an average of US$4.45 million (R83 million), according to IBM and the Ponemon Institute. Lost productivity and data, reputation damage, and lingering criminals are all factors that deepen a breach's cost.

"Cybercriminals are experts at hiding themselves and changing an environment to suit their plans. They are less worried about being caught than being ejected. So, they dig in, and it takes considerable resources and skills to get them out. An IR plan is what determines how effectively a company can fight back and purge the bad guys,” says Golan.

Plan from the top

The onus of pre-establishing IR is on the CEO, the executive team, and the board. Like a doctor asking patients questions to establish their medical context, an IR plan must reflect an organisation's priorities, requirements, and risks. Security teams cannot answer those questions, nor can the technology department. These are squarely strategic business considerations.

But business leaders are not security experts. Collaboration between business and technical stakeholders delivers an effective IR strategy. The business should champion the plan, empowering both others in the company and security partners to create it. The choice of security partner is essential: IR skills are specialised and best enlisted through a security partner's network.

"Creating an IR plan can be intense, which is why many organisations avoid it or do it in half-measures," says Golan. "They might even believe that they won't be attacked because they are too small or have some security systems in place. But when you get a cybersecurity breach, then you want that plan to be ready to go."

South Africa is unlikely to dispel its growing cybercrime reputation any time soon. But local organisations can prepare and avoid the worst when they fit cybersecurity to their specific needs and risks. An IR plan is a crucial part of that preparation and will ensure your business has a plan for the worst.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

The human factor side of video management systems
Leaderware Editor's Choice Surveillance Risk Management & Resilience
A video management system (VMS) is central to, and the most vital element to any control room operation using CCTV as part of its service delivery, however, all too often, it is seen as a technical solution rather than an operational solution.

Get the basics right to win more business
ServCraft Editor's Choice Risk Management & Resilience
The barriers to entry in security are not high. More people are adding CCTV and fencing to their repertoire every year. Cowboys will not last long in a space where customers trust you with their safety.

All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

Projections for 2024’s Advanced Threats Landscape
News & Events Information Security
Kaspersky Global Research and Analysis Team (GReAT) experts offer insights and projections for 2024 in the Kaspersky Security Bulletin, with a focus on the evolution of Advanced Persistent Threats (APT).

Global strength, local craft
Impro Technologies Editor's Choice
Impro Technologies is a resounding success story. Started in South Africa, the company remains true to its roots and still designs and manufactures its access control systems and solutions in the country.

Tech developments lead hologram growth in 2024
News & Events Security Services & Risk Management
Micro-lenses, micro-mirrors and plasmonics are among the rapidly-emerging optical devices that have evolved on the back of holographic and diffractive technologies, and are seen as part of the natural evolution of optical science by R&D teams.

Trellix detects collaboration by cybercriminals and nation states
News & Events Information Security
Trellix has released The CyberThreat Report: November 2023 from its Advanced Research Centre, highlighting new programming languages in malware development, adoption of malicious GenAI, and acceleration of geopolitical threat activity.

SA enterprises can benefit from AI-driven cybersecurity
AI & Data Analytics Information Security
Cybercrime is big business, and threat actors deploy cutting-edge tools to carry out attacks. Fortunately, cybersecurity is constantly evolving to meet and counter the threats they face.

South Africans play a role in becoming scam victims
Editor's Choice Risk Management & Resilience
The South African fraud landscape is becoming increasingly risky as fraudsters and scammers look to target individuals with highly sophisticated scams, in an environment where it is becoming increasingly difficult for lawmakers and authorities to bring these criminals to justice.

Africa Online Safety Fund announces grant winners
News & Events Information Security
The Africa Online Safety Fund (AOSF) has announced the winners of this year’s grants; among them are five organisations operating in South Africa to educate people about online risks.