South Africa
Sign in
Personal
Business
Wealth
Manage your business 18 June 2021

Some of the ways in which cybercrime can devastate your business

Cybercrime takes a number of forms and affects a number of businesses each year. Given the potential risks of a cyberattack, you are going to need to do more than just install antivirus software to protect your business.

Businesses around the world have benefitted from the way we’ve all become increasingly connected online. We can now enjoy instant communication, more efficient sales pipelines, better information about our clients and the ability to work remotely.

Unfortunately, criminals are increasingly targeting businesses through their IT infrastructure, and cybercrime is growing at an alarming rate. According to a global study by Resilient and the Ponemon Institute (2019), 63% of small- and medium-sized businesses experienced a data breach in 2019, with average costs of $1.24 million in compromised data or systems and $1.9 million in business disruption over a 12-month period.

With this in mind, it is vital that you understand the different ways criminals can target your business so that you can prepare adequate defences. It may no longer be enough to simply install antivirus software or ask your IT department to set up a firewall.

Types of cybercrime

  • Installing malware
    Viruses, trojan horses, keyloggers and other types of malicious software are all referred to as malware. Malware can harm your business by creating backdoors into your IT systems, stealing sensitive data such as financial and customer records or user passwords, or holding your data hostage. Protect your computers against malware by ensuring that security patches are applied timeously and that a reputable anti-malware package is installed and fully maintained.
  • Hacking
    Computer hackers know how to exploit the flaws in modern computer software to gain access to your systems, although they often simply use social engineering and other psychological tricks to con legitimate users into providing passwords or other information that they can use to gain access. Some hackers may simply deface your website, as a form of graffiti or social protest, but others prefer to stay hidden, stealing sensitive data. These more serious criminals may hope to sell your data on the black market, or they may try to extort money from you, threatening to destroy your financial or customer records. You can protect your business by ensuring all systems and software are fully updated at all times, by configuring your firewalls according to best security practice, by training your staff to recognise and report social engineering tactics and by having your IT infrastructure regularly audited by security professionals.
  • Denial of service (DoS)
    A distributed denial of service (DDoS) is an attack on a company’s online services by cybercriminals using a botnet, a co-ordinated network of thousands or millions of infected computers, to flood your online services with traffic. This can overload a website or server so that they cannot respond to legitimate connections, effectively making them appear ‘offline’. DDoS attacks are sometimes a form of social protest, but they can also be used to extort money: the attacker will threaten to keep the DDoS active until you pay a fee. Most businesses do not have the resources to defend against these attacks on their own. If this happens, you will almost certainly need the help of your ISP or upstream hosting provider to block the hostile traffic and restore legitimate access.
  • Abuse of insider privilege
    A large percentage of cyberattacks do not involve hackers or other outside attacks. People with legitimate access to your network, including staff and contractors, can cause significantly more damage than any outside attacker. There have been multiple successful convictions of disgruntled or recently fired employees using their access to destroy or steal sensitive data. Even innocent mistakes, such as accidentally deleting a folder or sending confidential emails to the wrong address, can have serious consequences. You can significantly reduce risk by never granting individual access permissions beyond what is actually needed and by strictly enforcing your IT policies.
  • Downstream attacks
    Cybercriminals will often attack your business as part of a larger strategy. A hacker might plan to steal your customer database and sell it to identity thieves, putting your clients at risk. Malware will often try to spread to new targets by hijacking your email system. Downstream attacks can take any form, but the common thread is that your IT infrastructure becomes a springboard for launching attacks on third parties. This can pose severe reputational and legal risks. Organisations that are attacked by hackers using your network could hold you responsible and take legal action. Spam or malware that is seen coming from your network can result in the major email providers blacklisting your servers, blocking your ability to communicate with your clients. Ensure that your network is properly secured and that your IT department is proactively monitoring for any suspicious activity.

As with any form of crime, the majority of cyber incidents are also the most easily defended against. By taking reasonable precautions and following industry best practices, you can reduce your exposure significantly. But you may find that a high-security environment is not compatible with a system that is actually useful to you and your clients. You will need to balance your risk profile, your security budget and your usability requirements.

This is why a comprehensive cyber insurance policy is a vital tool to protect your business against risk. Typical business insurance protects against many risks but does not cover cybercrime. Fortunately, Commercial Cyber Insurance policies are available, which can cover both data recovery and the legal and reputational costs of a successful cyberattack. Commercial Cyber Insurance also provides access to expert advice on securing your network and assistance with incident response.

Visit sbinsure.standardbank.co.za today for a free Commercial Cyber Insurance quote.

References

Ponemon Institute. 2019. ’Exclusive Research Report: 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses’. Available [Online] https://start.keeper.io/2019-ponemon-report. Accessed: 9 June 2021.

Terms and conditions apply.

Standard Bank Insurance Brokers (Pty) Ltd (Reg. No. 1978/002640/07) is an authorised Financial Services Provider (FSP 224) and part of the Standard Bank Group. The Commercial Cyber Insurance product is underwritten by The Hollard Insurance Company Limited (Reg No. 1952/003004/06), a Licensed Non-Life Insurer and an authorised Financial Services Provider.