South Africa’s Internet Service Providers’ Association (ISPA) urges local firms to strengthen their ransomware defences. With cybercriminals increasingly targeting businesses, the association recommends that companies regularly evaluate their defences and test their disaster recovery procedures. Best practice demands that businesses have three copies of backup data, with two copies stored on different media and at least one copy kept offsite.
The average cost of remediating a ransomware attack in South Africa was estimated by cybersecurity firm Sophos to be R6.4m ($430,000) last year, highlighting the significant financial and legal risks associated with cybercrime. ISPA is warning companies that failing to patch known vulnerabilities can increase the risk of attack and that adopting industry-accepted best practice principles is essential to protect against cybercriminals and their ransomware demands.
ISPA advises companies to adopt IT policies such as the Principle of Least Privilege (PoLP) and Segregation of Duties (SoD) across their business. This applies to user access as well as network architecture. A multi-layered network design is best when using the PoLP. With a VPN concentrator or bastion host, businesses can secure their vital management network behind these hardened public-facing endpoints and aim to reduce the external threat surface.
ISPA recommends that regular penetration testing be performed, and the results are conveyed to executive management, with corrective measures tracked on a roadmap. This should allow for improved IT governance and executive support in correcting identified shortcomings. While penetration testing is a thorough security assessment, it can often be too infrequent. An effective real-time monitoring solution, such as a vulnerability management platform, should supplement the penetration testing intervals.
A vulnerability management tool creates an objective perspective on a company’s security posture, reflecting the software update cadence in their environment by highlighting known vulnerabilities. Implementing a software update or patching policy should formalise and instil this concept as part of the organisation’s operating processes. Companies must not overlook legislative imperatives when it comes to cybersecurity. According to the Protection of Personal Information Act 4 of 2013 (POPIA), businesses must mitigate risk related to the processing and storing of personal information. POPIA requires organizations to implement reasonable technical and organizational measures to achieve this.
The human element is often the weakest cybersecurity link. ISPA advises companies to conduct regular training and awareness initiatives to sensitize employees, business partners, and others to the risk of cyberattacks. Phishing via phone and email remains a particular concern in the context of ransomware. ISPA reminds companies and consumers that cybercrime should be reported as they would report any other crime. When reporting a cybercrime at a local South African Police Service (SAPS) station, it is essential to request that it be forwarded to the police’s Cybercrime Division.
Overall, ISPA’s recommendations seek to help companies protect themselves from the increasing threat of ransomware and other cyberattacks. By adopting industry-accepted best practice principles, conducting regular testing, and maintaining awareness, companies can minimize the risks of cybercrime and ensure that their operations remain safe and secure.
