What's Happening?

Facebook Twitter Youtube Linkedin

NEED HELP? QUESTIONS@FIA.ORG.ZA

become A FIA member TODAY
member login

Ransomware attacks more prevalent

ARTICLE BY

  • Aon

SHARE THIS POST

The City of Johannesburg suffered another ransomware attack, having been targeted in July as well.  Both incidences occurred around the 25th of the month when most South Africans receive their salaries and do payments, highlighting the fact that ransomware attackers will exploit flaws in IT infrastructure at critical times to gain optimum leverage.

According to Zamani Ngidi, Client Manager: Cyber Solutions at Aon South Africa, the importance of addressing an incident correctly at the point of its occurrence, is crucial.  “Taking a proactive approach that is aimed at remediating the elements that lead to a cyber event in order to prevent it from occurring again is at the heart of the matter.  Time is absolutely of the essence,” he adds.

The risk that cybercrime poses is here, and it is very real. “A lack of reporting on the matter is leaving many in the dark as to the resultant costs that a business could suffer as a result of a cyber breach, not only from an incident response perspective but also the subsequent business costs associated with a breach of this nature that can include aspects such as business interruption through to reputational damage,” explains Zamani.

“The city of Johannesburg is not the only entity suffering from cyber breaches, it is simply the only one in the paper this morning.  Many companies simply do not have the luxury of a big balance sheet to absorb the risk,” says Zamani.  “It necessitates a major shift in business thinking to view cyber risk as both a strategic and critical risk that holds a very real threat to business and its operations.  Proactive steps need to be put in place in order to prevent a business from becoming a statistic as far as possible in addition to having a solid incident response plan in place in a worst-case scenario,” he adds.

The nature of cyber attacks

Attackers are utilising forms of benign malware—such as software designed to cause distributed denial-of-service (DDoS) attacks or launching display ads on thousands of systems— to unleash huge outbreaks of ransomware. Botnet operators will grant ransomware attackers access to botnet nodes in exchange for payments, allowing them to significantly expand the scope of a ransomware attack. 

“While attackers will continue to launch scatter-gun-style attacks to disrupt as many systems as possible, we are also seeing increasing instances of attackers targeting specific companies and demanding ransomware payments proportional to the value of the encrypted assets. This can be quite significant in an event where cyber criminals manage to get their hands on sensitive and distinguishable client information, of which there has been ample, high-profile examples in South Africa,” says Zamani. 

To achieve stronger returns in these targeted attacks, criminals will hit environments where access to data and systems is mission critical, such as hospitals, transportation companies and manufacturing companies. We also expect to see an increase in the use of ransomware to infect IoT devices, which come with a diminished set of security features by default to facilitate out-of-the-box functionality, and users tend to maintain these original settings once the devices start functioning. Aon has already seen the Mirai botnet that harnessed IoT devices to launch DDoS attacks and anticipate ransomware to infect smart thermostats and other smart devices.

In addition, cryptocurrencies will continue to support the flourishing ransomware industry overall, despite law enforcement becoming more advanced in their ability to trace attacks, for example, through bitcoin wallets.

Addressing the issue

According to Zamani, companies will have to go beyond the vital step of creating backups, to protect themselves. “Companies will need to utilise systems that can create snapshots in time or maintain multiple versions of files created over the course of the day, to enable restoration to a specific point in time prior to the backup with minimal loss of productivity. Security professionals will need to routinely test if their backups allow them to restore the data and files in a specific timeframe to ascertain the downtime the company can withstand if a ransomware attack is realised.” 

“We will also see more companies recognising the need to implement the Principle of Least Privilege—limiting file access rights for users to the bare minimum permissions they need to perform their work to reduce the number of files that could be encrypted in the event of a ransomware attack. Advanced companies will grant employees only the access needed for the business activities of a specific function, rather than providing automatic access to everything,” he adds. 

With perpetrators carrying out wide-scale, profitable, and disruptive attacks in recent years, the number of attackers, the volume of ransomware families, and the number of infections increased dramatically. The trend is continuing, with attackers launching large-scale attacks, but also evolving their tactics to implement targeted attacks with demands for greater payments proportional to the value of the assets. This activity will be supported by the continued rise of cryptocurrencies.

The following questions from Aon will give an indication on how risk ready your organisation is to face a ransomware attack:

  • When was the last time you reviewed your company’s patch management program? Your disaster recovery and business continuity plans?
  • Can you identify where all of your mission critical data resides and whether regular backups are being made?
  • Does your cyber insurance policy provide adequate coverage? Have you taken the necessary steps to ensure you will be eligible to make a claim if your company is impacted?
  • Have you communicated with employees about the latest phishing and social engineering techniques?
  • Do you have an incident response plan in place and has it recently been tested so everyone knows what to do in the event of an attack?
  • Are all necessary technical and procedural controls in place and operating properly?
  • Has your security posture recently been assessed and tested and have you acted on the results?

“Whether you are a big or small operator, your company’s ability to protect against and recover from ransomware attacks rely on implementing proactive technical measures and business continuity plans.  That is why you need a qualified risk advisor by your side who is able to take your business through a comprehensive cyber risk assessment in order to mitigate the risk of unwarranted access to your most crucial data,” concludes Zamani.

Subscriber Terms and Conditions

  1. APPLICATION OF TERMS
    • These terms and conditions (“Subscriber Terms”) apply to the subscription by any qualifying member of the South African Underwriting Managers Association NPC (“SAUMA”) to the services and benefits offered by FIA Services (Pty) Ltd (“FIA Services”) under the SAUMA affiliation arrangement (“Subscription”).

  2. NATURE OF SUBSCRIPTION
    • A Subscription under this arrangement:
      • does not constitute membership of FIA NPC;
      • does not confer any voting rights or governance participation in FIA NPC; and
      • is governed solely by the contractual relationship between the Subscriber and FIA Services.

  1. ELIGIBILITY
    • To qualify for the Subscription, the applicant must, at the time of application, be a current paid-up member of SAUMA.
    • FIA Services will verify the applicant’s SAUMA membership status with SAUMA prior to activation, and may re-verify such status periodically.
    • If a Subscriber ceases to be a paid-up member of SAUMA, the Subscription will correspondingly be terminated.
    • Applicants are required to authorise FIA Services to confirm their SAUMA membership status with SAUMA as part of the application process.

  1. SERVICES
    • The Subscription entitles the Subscriber to the following benefits:
      • Complimentary access to the FIA CPD Platform;
      • Complimentary access to the FIA Insight Magazine (digital edition);
      • Advertising opportunities on FIA platforms at a discounted rate of 15% (fifteen percent) off the prevailing published rates; and
      • Invitations to attend FIA Technical Webinars annually.
    • FIA Services reserves the right to update, vary or substitute the Services from time to time, provided that the overall value and nature of the benefits remain materially the same.

  1. FEES AND PAYMENT
    • The monthly subscription fee is R260.00 (two hundred and sixty rand) for up to seven registered individuals (Key Individuals and Representatives), and R36.00 (thirty-six rand) per additional registered individual thereafter, excluding VAT.
    • The Subscriber shall provide FIA Services with the required details of each individual to be registered under the Subscription for the purposes of activation and billing.
    • All fees are exclusive of VAT, which shall be charged at the prevailing statutory rate.
    • Subscription fees are reviewed annually in March and may be adjusted with effect from 1 April.
    • Any changes to the Subscription, including but not limited to the number of Representatives and Key Individuals registered under the Subscription, may only be effected once annually during the annual review period in March of each year, with such changes taking effect from 1 April.
    • Subscription fees shall be billed monthly in arrears, unless the Subscriber elects an annual billing cycle at the time of application.
    • The Subscriber shall ensure that all billing information (including contact details, authorised signatories and bank account details) is kept accurate and up to date.
    • Non-payment of subscription fees may result in suspension of access to the Services until such fees are brought up to date.
    • The Subscriber acknowledges and agrees that all subscription fees payable under these Subscriber Terms may be collected by way of debit order, which shall be processed by the holding company, FIA NPC (The Financial Intermediary Association of South Africa), on behalf of FIA Services. Payment to FIA NPC shall be deemed to constitute valid and sufficient discharge of the Subscriber’s payment obligations to FIA Services under these Subscriber Terms.

  1. ONBOARDING
    • Onboarding will be conducted as a Subscription with FIA Services under the SAUMA affiliation arrangement.
    • Onboarding will not confer FIA NPC membership status or any associated rights.
    • Onboarding is conditional on confirmation of the Subscriber’s current SAUMA membership at the time of application

  1. DATA PROTECTION
    • FIA Services will process all personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) as set out in our POPIA policies.
    • By subscribing, the Subscriber authorises FIA Services to confirm their SAUMA membership status with SAUMA and to process personal information for the purposes of fulfilling the Subscription.

  1. TERMINATION
    • The Subscriber may terminate the Subscription by giving FIA Services one calendar month’s written notice.
    • FIA Services may terminate the Subscription on one calendar month’s written notice, or immediately if the Subscriber breaches these Subscriber Terms and fails to remedy such breach within 14 (fourteen) days of receiving written notice.
    • Termination of the SAUMA–FIA Services affiliation agreement shall not automatically terminate these Subscriber Terms.
    • Termination by the Subscriber shall not relieve the Subscriber of liability for any subscription fees accrued up to the effective date of termination.
    • FIA Services may suspend or terminate the Subscription with immediate effect in the event of non-payment of fees by the Subscriber.

  1. GENERAL
    • These Subscriber Terms are governed by the laws of the Republic of South Africa.
    • Any disputes arising under these Subscriber Terms shall be dealt with in accordance with the dispute resolution provisions contained in the FIA NPC membership terms and conditions, as modified to reflect that the contractual relationship is with FIA Services.
    • Any notices required under these Subscriber Terms may be validly delivered by email to the addresses provided in the Subscriber’s application form, and such notices shall be deemed received on the day of transmission if sent during business hours.
    • The Subscriber may not assign, cede or transfer any of its rights or obligations under these Subscriber Terms without the prior written consent of FIA Services.
    • No variation of these Subscriber Terms shall be of any force or effect unless reduced to writing and signed by both FIA Services and the Subscriber.