An awful lot hasn't gone to plan in 2020. Amidst the seismic global upheaval caused by COVID-19, there has been another, less obvious wave of disruption: cyberattacks.
Cyber criminals in 2020 are more brazen, opportunistic and organised than ever before. Of the many unforeseen impacts of COVID-19, lockdowns and 'work-from-home' have enabled a boom in cyber crime.
As lawyers who specialise in cyber risks and incident management, we at Clyde & Co have seen a spike in claims against businesses of all sizes, across a wide range of industries. This puts us in a unique position to share insight from the cyber claim frontline, to set out tips for incident readiness, and to chart a course for recovery.
South Africa ranks amongst the highest-risk cyber jurisdictions in the world. This may be due to a combination of data protection legislation that lags the developed world, poor policing and enforcement, and low levels of readiness and resilience amongst potential business targets. Fortunately, POPI has at last been fully enacted, which should start to turn the tide, and the Information Regulator is taking a more hands-on approach to cyber crime.
Headline-grabbing South African cyber victims in 2020 include hospital groups, banks and a credit bureau. Beyond this, there is a far wider array of victims at the medium enterprise and SME levels in sectors as diverse as entertainment, logistics, insurance and manufacturing.
So what have we learnt?
- Cyber crime has moved from a niched community of hackers to a full-scale industry, led by 'ransomware as a service' syndicates, most of which are outside South Africa. Cyber crime is monetised efficiently by using hard-to-trace cryptocurrency.
- Cyber criminals, like all thieves, are generally opportunistic, indiscriminate and lazy. Most ransomware/malware attacks do not involve sophisticated planning and are often 'smash-and-grab' type schemes, designed to cause sufficient disruption and loss of data to prompt the victim to pay a ransom to restore systems and data.
- Whilst complex and carefully planned attacks do take place against large corporate targets, the majority of claims are the result of 'shotgun' tactics, which entice victims to click on phishing links, open corrupt attachments or exploit weak passwords to gain access and deploy malware. An organisation's people are the weakest link, not its computers.
- Companies with some level of incident readiness are better equipped to resist a cyber attack. These businesses have an incident readiness plan, and can quickly deploy a response team and engage specialists. More often than not, these companies don’t need to think about paying ransom because they move quickly from triage towards recovery.
- Know your service providers. Just as you may keep a list of emergency service numbers on your fridge, maintain a list of cyber emergency responders – digital forensic specialists, attorneys, PR and reputation management.
- If you have a cyber insurance policy, find out from your broker or insurer who these service providers are and ask to meet them. Clyde & Co regularly conducts 'meet the breach coach' sessions to help businesses understand and plan for cyber risks.
- Expecting to be a victim of cyber crime at some point softens the shock when it happens. Whilst disruption is inevitable, the best responses come from companies who move quickly from a reactive footing to acting positively to stop the attack, contain its spread, restore safely and take ownership of the public message, if needed.
- Lastly, don't pretend nothing has happened. If your systems are compromised, word will spread quickly within your business and beyond that you've been attacked. Remember that you are the victim of a crime, and engage proactively with affected parties, law enforcement and regulatory authorities.
Clyde & Co specialises in all aspects of cyber risk, insurance and claims. Our end-to-end cyber solution is designed to boost cyber resilience and is built around pre-incident planning, incident response and post-incident recovery.