“The bottom line is that cyber risks sit right alongside rising systemic risks, and is the biggest emerging, and constantly evolving risk facing businesses today.” (SHA Specialist Risk Review 2022)
In Africa, Interpol has identified phishing – particularly Business Email Compromise (BEC) – as well as online scams, as both the biggest current crime threats, and the crimes most likely to increase in the next three to five years.
This is Interpol’s list of the prominent cyberthreats identified in the African region:
For 7 consecutive years, BEC attacks have been the most financially devastating cyber threat worldwide, and continue to be the most prevalent cybercrime, says Interpol. A type of phishing attack, it causes significant financial losses and often reputational damage.
It includes cybercriminals using an organisation’s email account to send out fraudulent messages with malicious links or attachments that install malware or steal confidential information.
Most commonly, however, BEC involves cybercriminals manipulating emails, especially payment requests containing bank account details. This is because it’s common business practice to send confirmation of or changes to bank details, or invoices containing bank details, via email.
In BEC attacks, these emails are intercepted – or fraudulent emails or invoices are created – changing the account details to the cybercriminal’s account. Any payments subsequently made are lost to cybercrime.
A recent High Court ruling in this regard, set a precedent applicable to all businesses, as the judge noted: “… the plaintiff’s case established clearly that sending bank details by email is inherently dangerous, and so must either be avoided in favour of, for example, a secure portal or it must be accompanied by other precautionary measures like telephonic confirmation or appropriate warnings which are securely communicated.”
Specific BEC preventative measures include:
One of the oldest, most pervasive cyberthreats and a major source of stolen credentials and information, phishing is a cyber-attack aimed at stealing sensitive information like usernames, passwords and credit card details, typically using deceptive emails or websites, apparently from trusted sources, that contain malicious attachments or links to viruses or malware.
Phishing is linked to an estimated 90% of data breaches and causes not only direct financial losses but enables other forms of cybercrime.
Cyber extortion involves cybercriminals using digital methods to threaten or extort victims for money and/or assets. It often involves the attacker threatening to reveal embarrassing personal information, delete important data, sabotage systems and networks, or launch distributed denial-of-service (DDoS) attacks.
An increasingly popular type of cyber extortion is ransomware, a malicious software that locks users out of their own data, business systems and devices by encrypting their files. Victims must pay a ransom to have their files decrypted and regain access.
Such attacks can be extremely costly to businesses with substantial financial losses incurred due to ransom payments and recovery efforts, as well as downtime, lost production, and reputational damage.
Ask your accountant for help in preparing a business continuity and disaster recovery plan so you are prepared if the worst happens.
Online scams take advantage of users’ poor levels of digital literacy to lure them with false promises. Below are the most common online scams increasingly prevalent in the African region.
These malicious software programs are spread through phishing emails and malicious websites to steal sensitive information such as usernames, passwords and financial data by capturing keystrokes or stealing login credentials from unsuspecting victims. Cybercriminals may use the information to steal money directly from the victim or sell the information on underground markets.
According to the 2022 SHA Specialist Risk Review, cybersecurity ranks third on the list of top threats for local businesses, after power disruptions and labour matters.
The report says that not addressing cybersecurity opens companies to a range of risks, including:
October is Cyber Security Awareness Month – Stay Alert!
Disclaimer: The information provided herein should not be used or relied on as professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your professional adviser for specific and detailed advice.