Data is big business. And as South African organisations accrue and manage more of it each passing day, they become a bigger target. The truth is that data is big business not only for legitimate companies but also the criminal entities that together comprise a multitrillion-dollar underground economy. Threat actors operate with impunity today, based in jurisdictions that turn a blind eye to cybercrime. And many of them have their sights set on fast-growing African businesses. Serious breaches could spell disaster for much-needed IT modernisation efforts.

Given the scale of the challenge, it can be tough for business and IT leaders to know where to start. But going back to basics and securing the most important asset a company owns, its data, will go a long way to minimising the kind of cyber risks currently imperilling South African firms.

The rush to digitalise

South African organisations aren’t just becoming a bigger target. The target itself is getting easier to hit thanks to digital transformation. While always an imperative, the drive to invest in cloud and related technologies took on a new urgency and significance during the pandemic. Digital deployments became business critical as South African businesses rushed to support remote working, drive more efficient business processes and create new ways to reach their customers.

One Dell study reveals that 79% of organisations in the country had fast-tracked a digital transformation programme during the crisis, similar to the global figure. And a further 84% said they were redesigning their business models. In practice, this means more cloud infrastructure, SaaS apps, home working laptops and other investments. Unfortunately, it also creates more opportunities for malicious actors.

A human and technical challenge

This leaves South African organisations with a much larger “digital attack surface” for hackers to probe. Part of the challenge comes from human error. Take the cloud. The complexity of running modern cloud systems has put many organisations at risk because in-house skills simply can’t keep up with the rate of technological change. South Africa is one of the biggest markets for cloud computing on the continent, with hybrid the preferred choice for 88% of local businesses. This adds further complexity, as does the use of multiple cloud providers.

Yet if in-house IT teams don’t know how to secure and configure these systems correctly, they could be left exposed to online attackers. The skills challenge is worsened by industry shortages that now exceed over two million professionals globally, and the sheer rate at which new features are rolled out by the big cloud providers. Threat actors are actively scanning the Internet for cloud databases and other assets that are exposed to the public Internet. A 2020 report claims that 60% of South African organisations experienced a public cloud security incident over the previous 12 months, with misconfigurations accounting for 39% of reported attacks.

Human error is also manifest in continued use of passwords, and poor management of those credentials, which can expose both cloud and on-premises systems to attack. That same report claims 59% of local businesses were breached through their cloud credentials. Password reuse and use of easy-to-guess or easy-to-crack credentials are commonplace.

Digital transformation has also exposed organisations in other ways. The trend towards mass home working means more unpatched and under-secured endpoints connecting to corporate networks. And home users are thought to be more likely to click on phishing links than their office-bound colleagues as they’re more distracted.

Counting the cyber cost

Cybercriminals have one motivation in mind: money. To drive up profits they’re primarily looking for sensitive data to steal or ways to extort companies. Increasingly they combine the two via ransomware, where most attacks now start with data theft and then proceed to ransomware deployment to make key systems unusable until a fee is paid. Sometimes the second stage isn’t even necessary. A recent breach and extortion attempt at credit agency TransUnion led to the compromise of sensitive data belonging to three million South African consumers and 600 000 businesses.

The costs of such attacks can vary depending on the scale of the outage and/or volume of data stolen. One estimate puts the average global cost of a data breach at more than US$4.2-million. At $3.2-million, the South African figure is the highest in the southern hemisphere. Ransomware breaches can go even higher, sometimes into the tens of millions. Costs can include IT overtime, third-party forensics services, lost sales and productivity, and customer churn. Thanks to South African’s new Protection of Personal Information Act (Popia), large regulatory fines and possible jail time for execs are also on the cards.

Protecting the data to lower the risk

Layered defences are commonly thought to be the best way to mitigate these and other cyber risks. That means better staff education, alongside continual authentication checks via multi-factor tools (MFA), and protection at the endpoint, e-mail, cloud and network layers. But any security placed at the network perimeter will always be at risk from hackers using breached, phished or guessed credentials. These and other techniques can easily bypass security filters, allowing threat actors free rein inside corporate networks.

A better approach would be to start by scrambling the data itself, via encryption or tokenisation technology. Recommended by the EU’s General Data Protection Regulation (GDPR), this approach means that even if hackers gain network access and exfiltrate corporate data, they will not be able to use it. But not all offerings are created equal. Organisations should look out for data-centric security which works across on-premises and cloud environments, and can scale as data volumes increase. It should provide continuous data discovery, classification, protection and monitoring, in a seamless, streamlined manner, accelerating compliance and minimising risk. That’s the kind of security that can provide a firm platform for digital transformation and growth.

comforte AG has evolved into a market leader for data security and cloud-native tokenisation. Combining our experience in securing data in motion and rest, we took our portfolio one step further and created a “Data Security Platform” that seamlessly integrates into the most modern cloud-native environments as well as traditional core systems. Now, more than 500 enterprises, including many Fortune 500 organisations, rely on comforte AG’s solutions to secure their data. With offices in Germany, the US, Singapore and Australia, comforte AG has a global reach.