Cybercrime: Weather approaching perfect storm
MAIN IMAGE: Patrick Evans, Chief Executive Officer, SLVA Cybersecurity
Property practitioners in South Africa should take cognisance of the high rate of cyber crimes in the country as it could be damaging to their businesses. Dealing in a secure way with clients or prospective buyers and other entities in the real estate industry, requires real time and efficient actions to prevent breaching of security online.
The world generates an estimated 2.5 quintillion bytes of data every day. Amidst this mind-boggling amount of chatter, a very real threat is lurking: cybercrime, which has increased by 600 percent since the start of the pandemic, the United Nations reports.
Patrick Evans, Chief Executive Officer of SLVA Cybersecurity, says that cyber threats are increasing at a rate far greater than the industry is able to cope with, and small and medium enterprises (SMEs) are particularly vulnerable as the financial impact falling victim to these security breaches can result in their total collapse. A sobering thought when you consider that 43 percent of cyberattacks are aimed at small businesses, according to Accenture’s Cost of Cybercrime Study, and only 14 percent are adequately prepared to defend themselves.
As the business landscape rapidly evolves, simply keeping abreast of technology advancements and security vulnerabilities is no longer enough, Evans warns. Data breach risks need to be managed strategically, and this requires a very specific skill set.
Importance of a CISO
This is where a Chief Information Security Officer (CISO) comes in, and business owners are starting to realise the importance of this role in their organisations. “Even if a company has an accomplished and technically skilled team on board, utilising the services of an advisor with decades of experience on how to mitigate the risks and implement up-to-date security measures is invaluable,” says Evans.
Not all organisations, however, have the budget or even the need for a full-time CISO, and there is currently a shortage of skilled cybersecurity professionals. The answer to this is a virtual or fractional CISO – an outsourced security practitioner who can help prevent an attack or recover from one, usually part-time and remotely.
Some of the challenges facing organisations and how a virtual CISO can help:
There is a huge increase in the number of threats facing organisations, with ransomware becoming increasingly more prevalent. The LexisNexis True Cost of Fraud study reports that cyberfraud in South Africa has increased by 41.5 percent since 2019, and new data from Mimecast’s State of Email Security 2022 report found that 60 percent of South African organisations had suffered a ransomware attack in 2021, up from 47 percent in 2020.
“Ransomware looks for the weakest attack surfaces. SMEs, educational institutions, and those in manufacturing and other verticals are often the subjects of the most severe attacks, which can be financially crippling.It’s a catch-22 situation. The most vulnerable are the ones who do not have the resources to adequately protect and mitigate attacks,” says Evans.
Severe financial impacts
The financial impact of falling victim to a cybercrime, especially as an SME, can be devastating.
Cyberattacks do not simply take down a website. They can completely shut down business processes and, worse still, hold a company’s entire IP or customer database for ransom. The result is a complete shutdown in order to recover the business, and the added risk of penalties and fines from regulators as a result of data protection laws.
There is a dire shortage of cybersecurity skills globally. Fortinet reports that 60 percent of organisations struggle to recruit cybersecurity talent, and South African skills are at an all-time low, with many CISOs leaving for lucrative opportunities abroad. Combine the increase in cybercrime with the shortage in cyber skills, and we have a perfect storm brewing.
Virtual or fractional CISO
There is a solution. Virtual or fractional CISOs (vCISOs) provide those that need it most with solutions to fit their needs and budget and go several steps further than simply box-ticking. These virtual CISOs are industry veterans and offer expert advice for a fraction of the cost.
“There are different CISOs for different purposes. Together with my co-founders, Steve Jump and Andrew Odendaal, each with over 20 years’ experience in the information and cybersecurity industries, we identified the different CISO roles that organisations typically need.”
- Interim vCISO: The interim vCISO can fix urgent issues and put in an action plan to take your company to the next level of cyber resilience. They can also assist in finding a suitable full-time CISO.
- Shadow vCISO: If you have decided to employ someone with only a few years’ experience and “grow” your own CISO, a shadow vCISO can be provided to nurture and groom the unseasoned employee.
- Mentor vCISO: If you are worried about your company’s current security function, you can hire an industry expert to coach and mentor your current CISO or CIO.
- Post-compromise vCISO: After an attack or security breach, you may need to bring in someone with extensive, post-compromise recovery experience to help you deal with the aftermath while your CISO carries on with business as usual. A post-compromise vCISO, who has weathered many breaches, including ransomware, can offer invaluable assistance.