Business

Can your organisation fend off a cyber attack?

June 28, 2023

116

By Ryan De Smidt

As many as 85% of global organisations experienced a cyber-attack last year, and with nearly 8 in 10 experiencing an attack in 2021, cybercrime is most certainly on the rise. The question remains – how can organisations in South Africa stand their ground against increasingly creative cyber criminals? The answer – be prepared.

Costing the South African economy over R2.2 billion every year¹, cybercrime is the most critical systemic risk for South African businesses in the foreseeable future – and Interpol agrees. A 2021 report by the organisation shows that South Africa receives more cyber threats than any other country in Africa, and alarmingly, ranks third in the world in terms of these threats.

Chris Norton, Regional Director of Africa at Veeam Software, says that while South African entities were initially slow to wake up to the threat in the past, the company is seeing more and more organisations taking deliberate steps to prioritise cyber security.

“With 85% of report respondents revealing that they plan on increasing their data protection budgets this year, some by as much as 6.5% in 2023, is evidence of their concern to ensure that their data remains secure, and is the first step in increasing both their business and cyber resiliency³.”

Norton warns that while cyber security insurance is a must-have, even if a business qualifies for insurance and a breach occurs, this does not guarantee a payout for damages to the business. Instead, stipulated costs will be allocated to restore the data, and that is if the data can be restored. The onus remains on the business to make sure it has protection strategies in place and has partnered with the right infrastructure partner to ensure that its data remains secure and can indeed be restored quickly in the event of a disaster or ransomware attack.

While data backup is essential, businesses need to go one step further and put contingency plans into place in the event of cyber threats and attacks. This is important given that only 55% of an organisation’s encrypted or destroyed data after being held for ransom could be recovered.

“Cyber attackers don’t break into data centres to just delete data – they break in to steal the data as it is worth something to them and acts as collateral that they can demand financial compensation for,” he explains. “Having a data backup is not solving the data resilience problem, but is merely a mechanism to recover the data. It should be viewed as only one aspect of a holistic data resiliency strategy.”

In days gone by, protecting data within four walls was a much simpler task. However, the advent of technology has seen data being stored across multiple locations, such as the cloud, hybrid cloud, and others. It is therefore imperative for businesses to consider how they apply their corporate governance policies to this data, which is often a complex and costly endeavour.

“Our lives were much easier when we were teenagers, but fast forward into adulthood, the majority of us have families, houses, cars and other areas of our lives that need to be continuously maintained and protected – and the same complexity can be applied to data protection,” adds Norton. “Complexity is an ever-present reality, and the more data a business accumulates and the more locations it is stored at, the more complex and costly it becomes.”

Norton recommends that businesses prioritise three non-negotiables when developing a modern-day data protection solution, including:

Data mobility – Having a semblance of control over a business’s data and where it resides so that it can be easily moved if required.
Simplicity – With so many complex environments, businesses should opt for a single software-defined tool to help manage the complexity and one that can back up onto any platform or device anywhere, anytime.
Security – Making sure that backups are secure and easily restored.

In today’s data-driven society, the risk of being ill-prepared for cyberattacks is enormous, and businesses that fail to prepare must be prepared to fail,” he concludes.

References: