Sponsored: Don’t select an IR team in a crises

“The risks are not limited to the financial services sector,” says Professor Danny Myburgh, managing director of CyberCom Africa.

01 November 2023

It’s not the most cheerful thought, but cybercrime is here to stay and it’s going to get increasingly sophisticated and ingenious; it will continue keeping CISOs up at night. Cybercriminals have become increasingly bold, with Akira, BlackCat, REvil and Rachnor among a long list of threat actors who keep up a global barrage of incessant attacks.

“The risks are not limited to the financial services sector,” says Professor Danny Myburgh, managing director of CyberCom Africa. “Everyone is a target and especially those standing to experience serious reputational damage such as medical and law firms, which deal with confidential and sensitive data. Knowing and identifying your risks is a key part of any cybersecurity strategy.

“In our work, the top threats we see are business email compromise, ransomware attacks and data infiltration and theft. CyberCom is the Incident response team that has managed the majority of the major incidents published by the media and attends to 40-50 major incidents per year. “We are also seeing attackers combining methodologies and applying multiple extortion tactics.”

“Technologies like artificial intelligence (AI), quantum computing, ChatGBT and Deepfake are all evolving and the chaos that results from attacks has driven cybersecurity very firmly into the boardroom.” According to Myburgh, an effective incident response (IR) plan encompassing rapid response and remediation, containment, effective negotiation of the ransom process, eradication and a thorough digital forensics analysis are not nice-to-haves. Woe betide the organisation that is not prepared and partnered with a company that can immediately go into damage control.

“A recent IBM report highlighted statistics around companies with or without an IR team or IR plan and it said that the breach cost gap continued to grow and that breaches at organisations with IR capabilities saw an average cost of a breach of $3.26 million in 2022, compared to $5.92 million at organisations without IR capabilities. The report underlined the cost-savings value of having IR capabilities.

“In the event of a ransomware attack, even paying a ransom does not guarantee getting your data back. Protection against a breach is the only way to try to mitigate the possibility of attack, but even then, according to IBM, the average time to discover a breach is 279 days and the duration to contain a breach, 56 days. Digital paramedics

“My best advice to organisations is not to make decisions in a crisis, but have an incident crisis response partner already on-boarded, with costs established upfront, ready not for the “if”, but the “when” a breach happens. Myburgh describes his team as “firefighting paramedics”. He explains that “we literally come into a crises situation with a wealth of knowledge and experience, since we do this on a weekly basis, we put out the fire, stabilise the environment and get our clients to a healthy state in the shortest period.”

“Pay attention to your firewalls, passwords, remote access and make sure patch management is a priority. It is all very well buying the most up-to-date apps and technologies, but you are throwing money away if these tools are incomplete or incorrectly configured. “We are never going to eradicate crime and we will win some battles and lose others. We will make improvements and so will the hackers. It’s about being as prepared as possible when it happens to your organisation,” he concludes.