Cybersecurity Awakening

The annual global cost of cybercrime in 2020 was estimated to be around $1 Trillion, which is more than 1% of the global gross domestic product (GDP). According to the World Economic Forum, even today, cybercrime remains one of the greatest threats to global prosperity; having  cost the global economy an estimated $2.9 million per minute in 2020.

By 2022, the international information security market is forecast to reach $170.4bn.  Such a market growth is being fuelled by many factors.  But, the biggest driver of this increase in cybersecurity awareness is related to the sheer scale and impact of cybersecurity attacks around the world and on some of the most trusted brands around us. These stories make the headlines and the headlines draw attention; and today, attention is an asset.

Microsoft Exchange Server Mass Cyberattack

There have been some really big names associated with the recent surge in cyberattacks over the last 12 months. In March 2021, Microsoft, one of the top three wealthiest companies in the world, suffered a highly sophisticated attack which targeted vulnerabilities in Microsoft Exchange servers globally.  Even if over 1 million companies have already shifted to Microsoft Cloud services like Office 365, there is still a big number of companies that are using Microsoft Exchange on premise, which was the surface area of this devastating attack. The severity of this data breach prompted the U.S. Cybersecurity & Infrastructure Security Agency (CISA) to issue an emergency directive which ordered all federal civilian departments and agencies running vulnerable Microsoft Exchange servers to update the software or disconnect the products from their networks.

LinkedIn, Facebook and ClubHouse

Recently, more than a billion people’s data has appeared on different hacker forums, but no-one’s owning up to doing anything wrong. This has happened in the first two weeks of April this year, including LinkedIn (500 million users), Facebook (533 million users) and the 1.3 million user credentials for a popular audio social media platform called Clubhouse. This platform was launched in 2020 only and is said to be worth $ 4bn. Can they keep the party going after such a brand and trust damage incident?

According to Chad Bartlett, Director of Partnerships at Grove, a cybersecurity specialist company: “The odds are certainly stacked against Clubhouse to recover from this data breach. I think Stephane Nappo - voted as the 2018 Global Chief Information Security Officer of the year - hit the bull’s eye when he said: “It takes 20 years to build a reputation and a few minutes of a cyber-incident to ruin it.”

Clubhouse has only been operating for a little over 12 months now so have they had time to build the reputation and loyalty needed to survive this data breach? Especially given that a global survey by Thales Group (previously Gemalto) found that up to 70% of customers would stop doing business with a company that had experienced a data breach. Let’s see what’s in store for Clubhouse.

US sanctions Russia over SolarWinds cyberattacks

The impact of large cyberattacks does not only affect a company’s reputation and trust with customers, but it has even recently forced the US President to raise sanctions against Russia for their alleged participation in the recent sophisticated intrusion attacks with SolarWinds. This attack impacted over 30,000 businesses and Government agencies in the US alone. Globally, the number continues to rise each day as companies realise they have been also impacted.

Cyberattacks in Africa

Over the last 3 months, Kenya has reported a 59% increase in cyberattacks as more Kenyans flock online.  In August 2020, South Africa experienced its largest-ever data leak, the Experian case, which exposed the personal information of around 24 million South Africans and just under 800,000 businesses.  Many companies spanning across various sectors like healthcare, construction and telecommunications have added their names to the list: Telkom, Momentum, Life Healthcare, the administrator of Johannesburg City, and Stefanutti Stocks.

With the enforcement of South Africa’s POPIA (Protection of Personal Information Act), effective 01 July 2021, the country’s equivalent of GDPR or the Mauritian Data Protection Act, we are likely to see a spike in data breaches being reported to the regulator, which will paint an even bleaker picture of the actual situation.

Cyberattacks extend beyond financial and reputational damage 

IBM reports the average cost of a data breach to be $3.86 million as at 2020; this is enough to lead a small to medium company to bankruptcy, with 60% of such companies closing down within 6 months of experiencing a cyber-attack as per CybercrimeMagazine. However, a cyber-attack is not only about stealing your personal information or causing financial damage.

Last February, a cyber-attack jeopardised the health of residents of Oldsmar in Florida as an unidentified attacker accessed the systems of a US water treatment plant and briefly altered the chemical levels in the drinking water. On the other hand, in late 2020, the New York Times reported the first reported death due to cybercriminals attacking a hospital in Düsseldorf, Berlin. A patient was turned away from the hospital due to a Ransomware attack which caused chaos in the hospital's internal systems forcing the hospital into “lockdown”.

How can I check if I have been hacked?

With more than 59% of the world’s population online and roughly one million people joining the internet each day, it has become a child’s play for cybercriminals to choose their next target.   However, with this challenge came an opportunity.  Today, some companies offer a platform whereon you may yourself check if your data has been leaked – even the FBI has resorted to this self-diagnosis technique in a bid to counter cyberattacks. 

To ensure the safety of your contact details, please visit Cybernews here to verify if your phone number or email address has been involved in any of the recent leaked data sets or any others in the past.

So, is Artificial Intelligence and Machine Learning the solution?

As we are living in a “perimeter-less” world, this is the reality for our future and nothing seems to be slowing the tide of cyber-attacks globally.  As cybercriminals become more successful, they are able to reinvest their profits into better and more sophisticated tools, mostly using fast machine-speed attack methods that make use of Artificial Intelligence (AI) and Machine Learning (ML) techniques. These techniques might as well pave the way for enhanced security. For example, the Vatican City has turned to advanced cyber strategies using Artificial Intelligence to protect the Apostolic Library, as they face 100 threats a month from cyber criminals.

As a proactive measure, Grove, advises its global customers to venture beyond the use of “old paradigm rules and signature-based cyber tools” to protect themselves. Today, it’s recommended that customers add AI and ML based cybersecurity tools to “fight fire with fire”. This will allow companies to have a better chance of fending off these advanced cyber-attacks as AI offers an “always on” mode of protection.

Last thoughts - Cybersecurity trends for 2021

As we navigate through 2021, we will continue to see an increasing number of attacks caused by human error – currently standing at 95% – with 91% of all global cyber-attacks starting with malicious email attacks like a phishing or impersonation attack in the organisation. As a proactive measure,  AfrAsia Bank partnered with Grove, to embark on a reinforced cybersecurity journey; a strategic move that will go a long way in protecting the company's brand, data and customers from any involvement in a data breach or cyber-attack.

This fast-moving cybersecurity landscape is certainly not going to slow down as the rate of digital transformation has been catalysed by the recent global pandemic. Even before the pandemic we were already heading quickly towards the 4IR (Fourth Industrial Revolution): The new economy. According to the World Economic Forum, the fourth Industrial Revolution technologies are already bringing tremendous economic and societal benefits to much of the global population.

Whilst we witness some of the largest communication platforms such as Microsoft, Facebook and LinkedIn facing the brunt of cybercriminals these days, this is surely a security awakening call for all of us.