One of the biggest hacks in cybersecurity history occurred in 1994, when Russian hacker, Vladimir Levin, engineered the first big-money heist by hacking into Citibank’s telephone and computer systems and stealing US$10 million. Levin and his small team of hackers in St. Petersburg, Russia, hijacked this system, managed to steal account credentials like passwords and account numbers from customers, and then transferred funds to untraceable accounts set up in Finland, the United States, the Netherlands, Germany, and Israel. He was eventually caught, and served a three-year prison sentence, while Citibank ultimately recovered all of its money, short of US$400,000. This unprecedented online bank robbery attempt was a wake-up call for the financial industry and left the world shocked by the advancements in cybercrime and technology.
Unsurprisingly, a 2019 global risk management survey by Aon noted that banks, government agencies, healthcare, insurance and technology industries all consider cyberattacks and data breaches the number one risk they face. In 2018, the average cost of a data breach was $3.86 million a number that grew to $4.24 million in 2021.
Taking this into consideration, organisations of all sizes should be looking at what to do when (not if) they are hit by a cyberattack.
CYBERCRIME IN AFRICA
Cybercrime is estimated to cost Africa $4bn a year (a figure that hits $450bn worldwide), broken down into yearly losses of $570m, $500m and $36m for the economies of South Africa, Nigeria and Kenya respectively.
In early October 2020, Uganda’s telecoms and banking sectors were plunged into a crisis in the wake of a major hack on Pegasus Technologies that compromised the country’s mobile money network. Hackers used approximately 2,000 mobile SIM cards to gain access to the system and an estimated $3.2m was stolen. In June 2020, the second-largest hospital operator in South Africa, Life Healthcare, was hit by a cyberattack in the middle of the Covid-19 pandemic, paralysing the 6,500-bed provider and forcing it to switch to manual back-up systems.
MAJOR CYBERTHREATS
A new report published by the International Criminal Police Organisation (Interpol) gives key insights into cybercrime in Africa.
The Interpol report identifies the most prominent threats in Africa, based on input from Interpol member countries and data drawn from private sector partners.
The top five threats listed in the report are:
- Online scams: Fake emails or text messages claiming to be from a legitimate source are used to trick individuals into revealing personal or financial information.
- Digital extortion: Victims are tricked into sharing sexually compromising images which are used for blackmail.
- Email account compromise: Criminals hack into email systems to gain information about corporate payment systems, then deceive company employees into transferring money into their bank account.
- Ransomware: Cybercriminals block the computer systems of hospitals and public institutions, and then make astronomical financial demands in exchange for restoring functionality.
- Botnets: Networks of compromised machines are used as a tool to automate large-scale cyberattacks.
KNOW YOUR ADVERSARIES: UNDERSTAND THEIR MOTIVATION
The current international threat landscape is incredibly diverse and includes a resurgence of bored teenagers who hack just for the fun of it, nation-state groups, and cybercriminal syndicates and gangs. For the latter groups, the operational objective is to leverage a new exploit to extort millions and achieve extraordinary ‘Return on Investment’.
FIGHTING BACK
A 100% secure system may be an unattainable holy grail, but relying on some of these fundamentals of cybersecurity will offer superior protection:
- Tightening the email loop: Whether business email compromise (which remains the chief of cybercrime), credential harvesting; every breach begins with a malicious email. Ingraining cybersecurity habits in people makes it a reflex for them to outsmart the sophisticated phishing attacks designed to outmaneuver technical filters.
- Fending off malicious ransomware: This would involve a backup solution that includes anomaly detection to identify changes in an environment that warrants the attention of IT. Administrators must be able to tailor anomaly detection to their business’s specific systems and workflows, with capabilities such as customisable filtering and thresholds for each of their backup policies. And those anomalies must be immediately reported to management, as well as aggregated for future machine learning/ analysing purposes. Recovery is best achieved with an unassailable backup copy of data such as object locking, which ensures that the data backup cannot be altered or changed in any way.
- Securing network access: Particularly because remote and/ or hybrid work has gained prominence, therefore increasing the attack surface. Solutions lie in innovative and highly reliable approaches to networking connectivity such as the Software Defined Perimeter (SDP). This approach ensures that organisations can build a secure software-defined perimeter and use Zero Trust Network Access (ZTNA) tunnels to seamlessly connect all applications, servers, IoT devices, and users behind any symmetric Network Address Translation (NAT) to any full cone NAT without having to reconfigure networks or set up complicated and problematic Virtual Private Networks (VPNs).
- Shutting down internal threats: While external bad actors, ransomware and other malware are the most common threats, carelessness or purposeful insider malice from employees can also present cybersecurity risks. A recent example is the breach at Japanese automaker Toyota that leaked the data of 296,019 customers, due to an internal resource leaving server access keys in the source code, which was then publicly uploaded on GitHub.
- Solidifying storage and backups: This zeroes in on a next-generation storage media technology that combines the cybersecurity advantages of hard disks and tape – and has immutability at its core. Affordable optical storage could be the answer, as it is uniquely capable of ensuring an enterprise-scale, immutable active archive that also delivers write-once-read-many (WORM) and air-gapping capabilities, as well as breakthrough cost, margin and sustainability benefits.
- Managing vulnerabilities: It is noteworthy that year-to-date, Microsoft has patched approximately 1,100 vulnerabilities in its products. According to cybersecurity expert, Menachem Shafran (VP of Product, XM Cyber): “The key to successful vulnerability management is to identify all the ways an attacker can move throughout your network and reach your business-critical assets. Once you have identified these attack paths, you can focus on locking down chokepoints and stopping hackers before they even get started.”
PROACTIVE OR REACTIVE? TESTS & FIRE DRILLS
Cyberattacks may be inevitable, but a detailed Incident Response Plan (IRP) provides both a buffer and an antidote if the plan is tested. This means that the first time to verify an IRP is not in the middle of a crisis.
The best way to determine whether the company’s IRP is effective is through tests that assess the readiness of their incident response teams. These tests, which work for all-size companies, come in the form of fire drills and tabletop exercises (TTXs). Each test serves a different purpose. TTXs are occasional and test managerial capability and team-level response; fire drills are regular exercises that test people, processes, and technologies to make sure they respond appropriately and that there are contingency plans in place in the event that first-line responses don’t work.
A good TTX, for example, immerses participants in a cyberattack so they can feel the effects of the decisions they make, and the effectiveness of the company plans. Without these tests, companies are exposed to vulnerabilities such as the large-scale ATM heist that was experienced by Santander Bank in 2021.
CONCLUSION
Cyber-criminals have become more brazen and sophisticated.
Interpol recently (September 2022) announced the results of a joint law enforcement effort, named ‘Operation Jackal’, which targeted a cybercrime ring known as ‘Black Axe’ (as well as related West-African organised crime groups). It succeeded in arresting 75 criminal operators and money mules, and intercepting over $1.2 million in bank accounts, as well as 12,000 SIM cards.
While cyber-security has been largely associated with computers and IT infrastructure, greater consumer use of smart devices has raised overall vulnerability. At the enterprise level, shifting to cloud computing may have cut company costs significantly, but it has also increased the risk of digital attacks.
Despite the broad-based implications of these risks, many businesses are unprepared to deal with them, as the alarming number of threats clearly indicates. These developments imply that security is no longer merely a concern of IT managers, but a key boardroom topic because enterprises need to recognise its strategic importance. Companies need to beef up their security infrastructure to prevent breaches while simultaneously building a sustained organisational culture of safety.
FBNQuest is a leading Merchant Banking and Asset Management group in Sub-Saharan Africa that delivers a wide range of financial services through various businesses – Corporate and Investment Banking, Investment Management (Asset Management, Alternative Investments, Agency Services and Trustees) and Institutional Securities (Structured Products, Fixed Income, Currencies & Treasury and Equities) | https://fbnquest.com
