As the business world begins yet another year, so too are the cyber criminals gearing up for renewed attacks on all forms of commerce and online industry. Figures show that Africa is increasingly in the sights of these ruthless, highly organized crooks but remains one of the hungriest for illegal software.
Check Point, global online security vendor, has revealed in their monthly Global threat index, that five African nations were among the top 10 most-attacked countries in November as cybercriminals made increasing use of ransom-ware attacks using the Locky and Cryptowall viruses.
Botswana was the most-attacked country in Check Point's list of 117 at-risk nations, followed by Malawi in second place, Namibia in fourth, Uganda in ninth and the Democratic Republic of Congo in tenth place. South Africa moved up to 31.
"Software is generally protected via copyright and using software without a license is considered copyright infringement as well as reckless and fraudulent trading because it defrauds the country of tax revenue and exposes the directors to risk under the companies legislation, in most countries. Apart from that, using proper licensed software will naturally decrease risks of malware. It makes sense [to use proper licensed software] both legally and practically but African countries need to ensure that they can enforce legislation effectively to combat the threat", says one prominent African IP lawyer.
Billa Coetsee, Managing Director for Cloud Computing experts Noctranet and Chairperson of BSA The Software Alliance's South Africa Committee, has attributed this heightened focus on Africa to increased vulnerability.
“All networks need both firewalls and end-point security, think of the firewall as the military that protects against foreign (external) threats, and end-point security as the police force that protects against domestic (internal) threats. Never use pirated software, the pirates need to benefit somehow and often the very purpose of pirated software is to introduce vulnerabilities or embed spyware on user systems (there are very few Robin Hood cases regarding software piracy). Finally, never use default settings, especially a default permit policy, allow only the things you intend to use for the people who intend to use it. Design systems to be secure, don't just design systems and then add security as an afterthought.
Installing good cyber security systems is critical to warding off potential attacks but Coetsee says South Africa is at high risk. He says in his personal experience, he has been shocked at the lacklustre security policies and practices employed within the South African context, in both public and private sector. I contacted a number of companies ranging from telecoms to health insurance organizations indicating clear security vulnerabilities that were glaringly obvious just from using their services. It was only a matter of time for unscrupulous users or hackers to identify these weaknesses, or complete lack of security, and exploit it.”
“I have dealt with a number of government organizations that failed to not only deploy firewalls and end-point security systems, but also in changing the default usernames and passwords for their networking devices and hardware, details that are publicly known to everyone."
He says the socio-political environment also exacerbates the issue as Africa does not want to hear that it is failing to meet industry standards or appear open to regulating employee use.
“The use of illegal unlicensed copies adds further vulnerability, as the parties responsible for bypassing security measures often use the very same techniques to create or embed security vulnerabilities such as "back doors" and/or spyware along with the illegal software,” says Coetsee.
Coetsee also points out that though Africa has become a target, many phishing scams have actually originated in African states such as Nigeria.
He says any sophisticated attack makes use of a technique called "tunnelling", which pertinently hides the origin of the attacker and bypasses any geo-location gate-keeping techniques.
But most alarming for Coetsee is the way the African industry players are dealing with the elevated cyber insecurity issues.
“They are using the worst possible strategy: "Penetrate and Patch". This is most often employed and is, in my opinion, one of the worst ways. It is a reactive strategy that "fixes" vulnerabilities only after they have been exploited. Many so-called security experts will say it is the only viable strategy as it is near impossible to predetermine what may be attacked, how, where and why. This leaves the defender vulnerable to the will and determination of potential attackers."
|Who Dares Loses|
Coetsee says a good course of action can be likened to the historic Himeji Castle in Japan.
“Even though it is more than 400 years old its defences remain untested because nobody ever tried to attack it... This in my opinion is the reason we are seeing an increase in attacks on African nations: others have raised the cost of attacking them, leaving attackers to seek more vulnerable targets. Impenetrable defence is a "unicorn" for all practical purposes, but a pro-active strategy that raises the cost of potential attacks will force attackers to look elsewhere at more vulnerable targets.”
Check Point Software Technologies Ltd., the largest pure-play security vendor globally, provides industry-leading solutions, and protects customers from cyber-attacks using security architecture like Fire-Wall-1 and patented inspection technology.
Nathan Shuchami, Head of Threat Prevention at Check Point said Ransomware attacks were growing in volume for the simple reason that they work and generate significant revenues for the attackers.
“Organizations are struggling to effectively counteract the threat posed by this insidious attack form; many simply don’t have the right defenses in place, and may not have educated staff on how to recognize the signs of a potential ransomware attack in incoming emails. This, of course, only makes it even more attractive to criminals."
Marius Haman, head of Microsoft’s cybercrime unit, wrote in a guest editorial on the CIO that the risk of cyber breach needs to be managed.
Coetsee says the best way to combat cyber crime is to consciously and continually employ pro-active defensive strategies both legally and from a practical standpoint. Keep abreast of cyber crime activity and ensure that you have no known vulnerabilities.