Tag: cyberattack

Cybersecurity Myths | Cybercrime

Cybersecurity Myths Busted: Separating Fact from Fiction in the Digital Age

The cybersecurity industry is a technical field that provides crucial data protection services to companies and households across the country. Like many highly complex services, a number of myths tend to circulate in the cybersecurity field and falling prey to them can be almost as damaging as a cyberattack itself.

In this article, we take a look at some of the misconceptions surrounding data protection, compared to the true reality of things based on the latest data, and suggest alternative approaches to enhance online security.

Cybersecurity Myth 1: An antivirus package is enough

While having updated antivirus software is an important part of cybersecurity defence, it is certainly not enough to repel today’s sophisticated online attacks. 

Social engineering, malware, and other types of unauthorised data access and theft often slip under the radar of antivirus programs, leaving your business exposed to major data loss and reputational damage. What’s more, outdated antivirus software can be a major risk for data breaches. 

Cybersecurity Myth 2: Cyberattacks don’t affect South African businesses

While South Africa faces significant cybersecurity threats, it is a global issue with widespread impact. However, given the huge potential for data loss and reputational damage, South African companies must be hypervigilant when it comes to cybercrime.

If this myth was ever true, it hasn’t been valid for a long time. As South Africa’s connectivity levels increase and are comparable to those of many advanced countries, the frequency of cyberattacks has grown significantly. 

In 2023, a Kaspersky report revealed that South African businesses experienced 300 cyberattacks in a single week, shedding light on the serious domestic cybercrime situation which has yet to improve. 

Cybersecurity Myth 3: Cyber defence is too expensive

If you think cybersecurity is expensive, the cost of not having it can be astronomical. Data
loss and corruption can cost a fortune in downtime, lost productivity, and reputational damage.

When client data is involved, the risk of POPIA Act compliance violations becomes very real. A number of organisations, including the Education Department which was fined R5 million over a Matric results data breach, have learned this the hard way.  

When compared to the potential costs of a cyberattack – ranging into millions of Rands – not to mention the fines incurred for failure to properly protect customer data under the POPIA Act, a monthly cyber defence package like our Total Data Protection offering is exceptionally reasonable.

Realistic solutions: how to keep your data safe

Now that we’ve busted some of the biggest myths about cyber defence, let’s take a look at some simple but powerful ways that your business can protect its data from cybercriminals.

Step 1: Limit access to sensitive files

Setting file permissions so that only users who absolutely need to access sensitive documents can view or edit them limits the potential number of employees that cybercriminals can trick into revealing sensitive data.

Step 2: Invest in professional-grade cyber defences

Secure cloud storage with advanced encryption technology and full customisability should be the benchmarks of any cyber defence system you choose for your business. By shopping around for the best suppliers, you’ll find that you can protect sensitive data without breaking the bank.

Step 3: Train your staff to become cybersecurity warriors

As cybercriminals increasingly target company employees to gain access to networks, every member of your staff needs to join the fight against hackers.

Investing in staff training for cyber risk management, so that your team is able to identify suspicious activity online and report it in time, could make the difference between a failed attempt to access your data and a huge, damaging data leak or cyberattack.

Find the solution that sets your business up for success

Not all solutions are equal, and not all are suitable for every company but there are a few questions you should consider in order to ensure that your security needs are fully met.

In asking the right questions you will be able to develop a cyber security strategy that is right for your business:

  • What regulatory or governance requirements do we need to adhere to?
  • Are we POPIA compliant?
  • What is our risk tolerance?
  • Can we afford the crisis our business would face in the event of a data breach?
  • How would this affect our employees?
  • Are we keeping our staff educated about cyberattacks?
  • Do we need cyber insurance to protect the company?
  • Have we made every effort to safeguard our data with reliable cloud backup and advanced encryption?

Soteria offers a range of affordable and cutting-edge cyber protection packages to meet the needs of any enterprise.

Head over to our services page for a full breakdown of our entire service offering, with rates tailored to suit every business.

Cyberattack Response Plan – Cybersecurity

The First 24 Hours: Your 7 Step Cyberattack Response Plan

Logging onto your device only to find that you’ve become the latest victim of the current wave of cyberattacks sweeping the country is one of the scariest moments for any internet user. 

When your data is on the line and time is of the essence, it may seem natural to panic, but that’s the last thing you should do. The first 24 hours following an attack is a crucial time window for limiting damage and restoring systems, and you’ll need a plan in place to respond effectively. 

By following the series of steps outlined in this article, you’ll be able to assess the scale of the damage, take proactive steps to mitigate data loss, and hopefully emerge from the cyberattack with all (or at least some) of your data and your company’s reputation intact.

How to React When Hackers Strike

The first thing to do after a cyberattack is to remain calm. Notify management of what has happened and start taking steps to assess and mitigate the damage by following this structured step-by-step incident response plan; Identify, Isolate, Notify & Protect, Analyse, Report, Reset, Protect.

Here’s what you need to do:

1. Identify the Attack

A ransomware attack typically starts with a message from the hackers, stating that your data has been compromised and providing further instructions, such as the ransom amount and how to pay it. 

Whatever you do, don’t even consider following these instructions until you’ve completed the next step.

2. Isolate the Affected Systems ASAP

Your priority following a cyberattack is to isolate the device or network that has been compromised. This means powering down and disconnecting the device from your network without delay. 

These steps may help to slow the spread of malware or ransomware to other devices in your organisation.

3. Notify and Protect Your Network

Alert key personnel such as your IT manager or outsourced networking consultant immediately. Once they are available, convene a “war room” with the IT department, management, and possibly legal and PR advisors to mitigate the potential damage to your network and your company’s reputation.

4. Analyse the Damage

There are several types of damage a cyberattack can cause: 

  • Financial damage from lost data and downtime
  • Damage to your computer network that may take time to restore 
  • Reputational damage that your business may suffer if the cyberattack becomes public knowledge. 

It’s important to realistically assess the worst-case and medium-case scenarios and start fixing the damage as soon as possible.

5. Report the Incident

Cyberattacks must be reported to the Cybersecurity Hub at the national CSIRT as soon as they occur. In cases where fraud is suspected or a large amount of customer data has been leaked, you may also need to report the incident to law enforcement authorities.

6. Reset, Patch, and Update

With the help of a trusted IT professional, reset your computer network, patch the vulnerabilities that allowed the attack to occur in the first place, and update your files with the most recent versions from your secure cloud backup. 

This will help you get your business up and running again. 

7. Post-attack security upgrade

Finally, be sure to remove any malware that hackers may have installed to gain access to your network and prevent similar attacks from taking place weeks or months down the line.

Implement a total data protection plan

To help ensure that your business is prepared for future cyberattacks, if you don’t already have reliable cloud backup and a secure data protection plan, this would be the time to upgrade your security.

Secure cloud storage, particularly comprehensive encrypted data storage solutions like our
Total Data Protection package, will help keep your sensitive files safe in the cloud.

Trust Soteria Cloud to safeguard your valuable data while focus on your core business. Get Total Data Protection today.

Find out more

Proactive Cybersecurity – One Step Ahead

Preparing for a Cyberattack: Why Proactive Backup Is Your Best Defense

Is there anything you can do to prepare for a cyberattack ahead of time and be ready to restore your valuable data? The answer is a resounding, proactive YES. Here’s what business owners need to know to stay ahead of the online crooks.

Cyberattacks: Not if but when – and what then?

Global cyberattacks continue to be one of the top worries of IT managers and company owners worldwide, with an estimated 5,200 victims of ransomware incidents estimated for this year. These destructive attacks are expected to more than double in 2024.

Disruptive attacks
Image courtesy of QEB

Cybercriminals often see significant financial rewards from these illegal activities , which is why these figures remain alarmingly high. For business owners and managers this means being proactive about cybersecurity is crucial to safeguarding your business against the evolving threat landscape.

Proactive backup is one of the best practices we recommend to all our clients. “Proactive cybersecurity” means anticipating future problems or changes to take appropriate action, immediately. With careful planning “before or in the event of” a cyberattack, you can keep your company information secure and recover quickly in the event of a cyberattack.

Put simply – being proactive means being ahead of the game – being proactive to prevent an attack from taking place rather than reactive once your data is seriously compromised.

Proactive Backup: Staying ahead of the hackers

Simply signing up for a backup service is a good first step towards protecting your company’s data, but that alone is not enough to ensure your critical files are safe in the cloud and accessible when needed.

A proactive approach to backup means ensuring the following steps are taken:

Your files are backed up regularly

Scheduling automatic backups ensures that the latest version of your files is always saved in the cloud. This minimises the risk of data loss resulting from a breach or technical failure, preventing a situation where only outdated versions of files are available for restoration.

The right files are backed up

It’s essential to ensure that critical business documents—such as financial records, proprietary information, and especially client records protected under the Protection of Personal Information (POPI) Act — are included in your secure cloud folder.

Threats are detected early

Ongoing monitoring is vital. Ensuring any suspicious network activity is promptly reported to your IT manager helps detect cyberthreats at their earliest stages. This enables you to act quickly and take emergency measures to protect your systems.

Total Data Protection puts you in full control

Finding a single solution that blends secure cloud storage, automated backup, and monitoring used to be difficult – until now, that is.

With Soteria Cloud’s Total Data Protection plan you are in total control of your backups with a full range of customisable options. Click the button below to learn more.

Get TDP Today

From Ai to the Cloud – Cybersecurity


AI, Cloud and Hybrid Work Trends

2024 is turning out to be a fascinating year for the tech industry as AI becomes mainstream and companies double down on the cloud as a way forward for business process streamlining.

As the year unfolds, forward thinking businesses will be watching the evolving trends and planning their cybersecurity strategies accordingly. Here are some big movements in the tech industry to keep an eye on this year.

AI isn’t going away anytime soon

Since the world was thunderstruck by the launch of ChatGPT in late 2022, the rollout of AI solutions and businesses around the world has only intensified.

Large Language Models, AI assisted internet search offered by sites like Microsoft Bing, and the outsourcing of basic tasks to chatbots have gone from futuristic dream to a new reality.  

In fact, some economists still predict that AI will threaten the future of many jobs.

Developed markets like the US have rolled out AI at a large scale, either replacing or augmenting positions that were previously done exclusively by humans. These changes may only be affecting employees at the entry level for now, but professionals in all industries – including law, medicine, and even executive management – are exploring the possibility that some of their traditional expertise may be carried out by machines in less than a decade.

For companies, there’s an indisputable cost/benefit to using AI and it certainly can improve efficiencies in many areas of a business – but new technology is not without risks.

  • AI applications have been proven to be unreliable in certain areas, including fact checking, with ChatGPT providing hilarious instances of output that seems professionally acceptable at first glance but actually contains several highly problematic facts and phrases.
  • Accuracy aside, the involvement of AI in business processes raises the risk of cybercrime and hacking attempts, which could be potentially disastrous if bad actors take control of an AI-run Business process of a major corporation or bank.

It remains to be seen whether the rollout of AI will bring all the benefits that it promises but there’s no doubt that it’s here to stay. The enormous amount of data that AI applications produce will need to be managed and secured – and that’s where reliable secure cloud storage comes in. 

Hybrid work continues to become the norm 

The remote working trend that accelerated during the pandemic has become a way of life for millions of workers around the world. South African businesses are embracing the remote working model, giving employees flexibility and companies the ability to obtain talent without borders. 

These benefits come with a parallel responsibility for businesses to comply with the Protection of Personal Information Act and keep their sensitive data safe. Secure cloud storage is an ideal way to secure important files and scale up the amount of storage as needed. 

Cloud computing is the future

Companies are producing more data than ever before with a staggering 120 zettabytes created in 2023 alone – and all of this information needs to be stored somewhere. Increasingly, companies are choosing to keep their files safe in the cloud, making it essential to choose the right storage provider.

Recently, an incident in which Google Cloud accidentally deleted every single file belonging to a major Australian pension fund made shocking headlines. This may be a rare incident, but it certainly highlights the potential for disaster that may occur in the wake of a cyberattack.

Not all cloud providers are created equal Before businesses simply upload all their files to a generic online storage location it is essential to ensure that the necessary security protections are in place. Chief among these is immutable storage, which uses advanced coding to ensure the data cannot be manipulated once it’s stored safely in the cloud.

Our range of secure backup solutions feature immutable storage as part of their key architecture. To learn more about our offering and how it can keep your company’s data safe and out of the hands of cybercriminals, browse our range of packages today.

Business Continuity with Cloud Backup – Cybersecurity

The Business Continuity Imperative: Ensuring resilience through cloud backup solutions

As South Africa faces a rapidly increasing number of cyberattacks this year, businesses across the country are coming to terms with the fact that their data can and may be compromised in the near future. 

If your organisation is unfortunate enough to fall prey to an online attack, the one thing on everyone’s mind (from management all the way to the IT department) should be continuity of operations. The question for every business is however, how to ensure continuity when the very data that underlies your business processes has been compromised.

Let’s take a look at some recent news about South Africa’s cybersecurity crisis and find out how businesses can secure their data for uninterrupted trading following a cyberattack.

Time to beef up your defences against cyberattacks

The ultimate goal of cybercriminals is to compromise your company’s data and demand a ransom for its return. 

This criminal strategy can be extremely effective if the company loses access to its sensitive files – but a recent backup of every important piece of data safely encrypted in the cloud means that the hackers have lost before negotiations even begin.

Recent cyberattacks against Telkom, the office of the Chief Justice, and even a high tech security provider like Tracker prove yet again that businesses and government departments are not immune from online data theft- in fact, every internet user needs to be on their guard as cybercrime increases. 

Secure cloud backup is the most powerful weapon against cybercriminals, and it can be obtained affordably. Our range of backup solutions that scale up to suit the needs of growing businesses are a case in point. 

Securing sensitive data couldn’t be more important in 2024

Perpetrator Type

Credit: Brett van Niekerk – Durban University of Technology

South Africa faced 230 million cyberthreats in 2022 alone and this figure is likely to be much larger for 2023 and ‘24 when the latest data becomes available.

With over 90% of the threats to local businesses arising from email cybercrime and an ongoing lack of staff training to identify suspicious correspondence, it’s likely that more and more businesses will fall prey to this type of crime. 

This corresponds closely to the findings of a research paper published in 2017 which identified “hactivism” and data loss as major threats to South African businesses.

When a cyberattack does occur, continuity is key. Here are some strategies businesses can implement to prevent losing access to their data.

Cloud storage is a key component of business continuity 

A cyberattack may be the last thing that any manager or company owner wants to think about, but the harsh reality is that thinking about it is crucial – and preferably, ahead of time.

In the minutes and hours following a cyberattack, your first priority will be returning your systems to functionality and recovering lost or corrupted data to ensure business continuity. 

A cybersecurity response plan – which can be meticulously thought out in advance and simply put into action in the worst-case scenario – is key during the damage mitigation phase following the attack.

Secure cloud storage is an essential component of any cybersecurity response plan because encrypted immutable storage means that your data will remain safe in the cloud even if your physical storage is compromised. A solid backup solution and response plan means that a business is able to safeguard its data and ensure business continuity in the event of a cyberattack.

Soteria’s range of secure cloud storage solutions for businesses of all sizes are your first line of defence against data theft. To learn more about our encrypted backup service, visit our website today.

Mitigating risk of a Cyberattack

Proactive cybersecurity measures mitigate risk of a cyberattack – cybersecurity

Lately, the media has been crawling with stories about companies’ responses – or transparent lack thereof, to cyberattacks, especially when hackers demand millions of Rand in exchange for the data they’ve taken hostage. But some business owners don’t realise that many of these incidents could be avoided if proactive steps were taken in advance.

Let’s take a closer look at the proactive approach to online security and find out what risk management steps businesses can take to keep criminals at bay and protect sensitive information, even if the worst-case scenario comes to pass.

Proactive versus reactive security

For many of us, responding to a security threat – be it a physical break-in or an online data theft attempt – means pushing the panic button. 

While putting boots on the ground is a reassuring strategy for management, the reality is that once a cyberattack has occurred the potential options for resolving it are already quite limited. This is because compromised data that’s already in the hands of criminals is extremely difficult to recover without spending a large amount of money on system recovery or caving in and paying the ransom – which only encourages hackers to attack other businesses.

Protecting your business assets from the relentless wave of cyberattacks currently faced by companies, from state entities to SMEs in South Africa, is an essential part of risk mitigation. A proactive approach, which could also be called closing every possible gap, consists of several aspects:

  • Cyber security investments. These include firewalls, antivirus software, and most crucially, encrypted offsite storage, which will allow you to restore your system and critical files in the wake of a cyberattack.
  • Employee training focusing on the signs of a cyberattack or phishing attempt will help your staff to be risk-savvy when they use the internet and reduce the ever-real threat of them falling to social engineering attacks.
  • Plan ahead. Even if the worst happens and your business falls prey to a cyberattack, incident response planning will help you recover your data fast.

Cyberattack investment: worth every cent in peace of mind 

Implementing rigorous cybersecurity measures may come at a certain cost, but the benefit of having a fully secured business that has the potential to withstand a cyberattack is worth the investment. 

The cost to your business in terms of financial and reputational damage can run into six figures or higher in the worst case cybercrime scenario.

By comparison, a small monthly investment in encrypted backup and a cyber incident response plan will pay huge dividends in peace of mind from day one. 

Secure data storage will tangibly reduce the damage hackers can do to your business by keeping a current version of your crucial data safe and accessible – to you and only you – in the cloud.

To learn more about our range of secure cloud storage offerings for businesses, visit our product page today.

Hidden Costs of Cyberattacks – Cybersecurity

Measuring the Hidden Costs of Cyberattacks on SMEs

Cyberattacks cost businesses around the world over $8 trillion in financial losses last year, but behind the dramatic headlines about costs that can be measured in Rands and cents is a hidden story of reputational damage and loss of credibility that can cost businesses a fortune in the long-term.

In this article we delve into the unstated losses that come in the wake of a cyberattack, study some common vulnerabilities, and find out how you can protect your business from the huge damage that hackers can do by breaching your data security.

Hidden Cost 1: Customer Confidence

One of the most valuable aspects of any brand is the confidence that customers place in the business and the word of mouth recommendations and positive online advocacy that this leads to.

On the flipside, however, once customers lose confidence in your business – especially if their personal data is stolen during a cyberattack – you need a comprehensive strategy to win back their trust or suffer reputational damage as a consequence.

It’s hard to quantify the exact amount that your business may lose as a result of declining customer confidence, but suffice to say that lost sales, a drop in referrals, and even online boycotts are all possible if your business suffers a major data leak or breach.

For some companies, the damage could run into millions or result in a major loss of business.

Hidden Cost 2: IP Theft

Intellectual property is becoming increasingly valuable with conceptual products accounting for 40% of US GDP in 2023.

Your confidential business plans or product prototypes falling into the wrong hands in a cyberattack could mean that your business could lose a competitive advantage, especially in the realm of manufacturing.

Copycat producers in countries with weak intellectual property laws are always waiting to undercut you in the market.

South African copyright and intellectual property laws are relatively strong and you’ll have a solid legal case to act against a local business that tries to copy your ideas – even if they’re stolen in a cyberattack.

Taking this type of action against a foreign business can be more tricky and certainly expensive, especially if international litigation becomes necessary.

Businesses should make sure that they’re insured against this type of outcome and that the amount of cover is sufficient to compensate them for the very real possibility of losses from IP theft.

Hidden Cost 3: Productivity Losses

Finally, a cyberattack can cause extended periods of downtime for your team as you struggle to bring your systems back online and eliminate the malware that was used in the attack.

During this time, your employees are likely to be distracted and less productive, and this could result in anything from delayed orders and invoicing to a total shutdown of operations for a  week .

For some businesses, this could equate to hundreds of thousands or millions of Rand in lost productivity.

Compliance Costs: When things get very real

The cost of compliance with the PPI Act is a fact that businesses should bear in mind when it comes to cyber risk.

The Information Regulator is authorised to fine companies up to R10 million if customer  information is mishandled in the event of a cyberattack. This is a very tangible amount for any business and underscores the importance of full legal compliance – no matter what size your enterprise may be.

The best way to avoid the hidden costs of cyberattacks is to make sure that your data is securely stored in encrypted form. Soteria’s range of secure storage packages for businesses provides all the data security that your enterprise needs. Visit our product page today to learn more.

Financial Impact of Cyberattacks | Cybersecurity

Quantifying the Financial Impact of a Cyberattack on SMEs – Cybersecurity

By now, most business owners who read our articles will be familiar with the financial impact that a Ransomware attack can have – and the amount of money that companies have had to pay cybercriminals to get their data back is just the tip of the iceberg.

The true cost of an online attack can be far more than the ransom demanded by hackers.

When factors like downtime, data recovery, forensics, system restoration, and potential fines from the Information Regulator are taken into account, falling prey to a cyberattack could cost your business hundreds of thousands or even millions of Rands.

In this article, we explore the financial impact of a cyberattack and provide some tips and tools for business owners to calculate the true cost.

Cyberattacks: what’s the damage?

Understanding the financial impact of a cyberattack is far easier when we consider the various costs that are involved in recovering from a crime like this.

A report from the Ponemon Instutite determined that of the 5 most vulnerable industries that experience data breaches – healthcare, financial, pharmaceutical, energy and industrial, the average cost of a breach in the healthcare industry exceeds $10,93 million (over R19 million).

In general, the cost of a cyberattack consists of the following factors:

  • Detection and client notification costs
  • Data recovery costs
  • Network restoration costs
  • The legacy costs of reputational damage and possible financial claims
  • Regulatory compliance fines

In the wake of a cyberattack or data breach, your business will need to jump into action.

In addition to having a cyberattack response plan so that your efforts remain calm and effective, you’ll need to quickly alert clients and anyone else whose data has been compromised and undertake the process of data recovery.

The POPI Act requires businesses to be good custodians of their clients’ data and take all possible steps to protect it before, during, and after a cybersecurity incident.

  • Failure to do so could result in heavy fines (capped at R10 million) or even prosecution.
  • Special insurance may be necessary for companies that handle vast amounts of client data should the incident be investigated by the Information Regulator.

In addition to compliance costs, expenses related to the restoration of your network can range from four to six figures depending on the size and scope of the damage.

  • Downtime following a cyberattack can cost your business a fortune in lost revenues and undeliverable products and services. A larger SMB or corporation may face millions of Rands in wasted productivity while its systems are down.

According to a 2023 study of hundreds of organisations, the average cost of recovery per file could amount to R2 750, which is an 8% increase from 2022. The costly consequence of a data breach can be determined by taking all of the above factors into consideration or by using one of the many “cost calculators” such as Arctic Wolf to estimate the cost to your company.

A major cyberattack could cost millions in total, but for a small monthly investment in secure cloud storage you can keep your data safe, updated, and encrypted.

Soteria’s range of cloud storage packages is the place to look if you’re serious about data security. To learn more, browse our product page or contact our team today.

Cybersecurity Threat Landscape – Cyberattacks

Understanding the Threat Landscape of Cyberattacks on SMEs – Cybersecurity

Cybersecurity has become just as important as physical security for companies both in South Africa and abroad – and considering the number of cyberattacks that take place each year that’s no surprise.

The latest data from Sophos shows that cyberattacks took place against 78% of South African companies surveyed last year, with many attacks affecting small to medium sized businesses.

In this article, we take a look at the cybersecurity landscape, highlighting some of the main threats that hackers and cybercriminals pose to businesses, and outline the best practices that your organisation can follow to secure its data.

Cybersecurity threat landscape has never been bigger

The cybersecurity threats facing SMEs are growing alongside those facing major corporations. As the threat landscape expands, small to medium business owners need to come to terms with the fact that their enterprises could – and frequently do – fall victim to online hacking, ransomware, and phishing attacks.

The study conducted by Sophos may not have surveyed every small business in South Africa, but the fact that so many respondents have faced the difficulties of a cyberattack in the past year paints a bleak picture of the online security environment, both locally and abroad.

With the total cost of cybercrime around the world estimated at a whopping $9.5 trillion for 2024, business owners can no longer afford to hope that it won’t happen to them.

Let’s take a look at some of the ways you can mitigate your small business vulnerabilities and stay safe online.

Know the enemy: the top cyber risks facing businesses

Online threats that affect small businesses can be divided into several categories. These are the main ones to take note of.

Ransomware

This type of attack happens when criminals gain access to your files and encrypt them so that you can’t access them. Some companies have paid millions of dollars to recover sensitive files compromised in ransomware attacks, but with the right strategy you can avoid becoming the next victim.

Data leaks and breaches

While ransomware attacks involve stealing your data and holding it hostage, data leaks are almost the opposite. This type of incident happens when your data is released on the internet for anyone to see and use, thus compromising the security of your business and clients.

Not only can this be bad for your reputation and cost you clients in the long run, but can also result in heavy fines in terms of the Protection of Personal Information Act.

Social engineering attacks

These take place on social media, with hackers contacting you or your employees posing as trusted figures like clients or service providers.

Once trust is established, criminals will convince the person they are dealing with to release sensitive information or download malware. Like the two other types of attacks mentioned above, social engineering can cost your business a fortune in revenues and reputational damage.

SMEs are especially vulnerable to this type of attack since they often deal with smaller suppliers or clients whose businesses aren’t necessarily household names. Impersonation scams like the one that almost bankrupted The Big Issue last year, are also rampant.

With the threat landscape shifting to dangerous ground, you’ll need a solid plan to keep your sensitive data secure.

Strategies to mitigate your online risk

The reality is that cyberattacks can, and will, continue as long as criminals know that it pays to carry them out.

As a business owner, you’ll need to take steps so that your enterprise can function and trade effectively online.

  • A firewall, updated antivirus software, and secure cloud storage are some of the tech solutions that you can implement to keep your data safe.
  • Automated backup is especially useful because it protects your files without the need for constant conscious action on the part of your staff.

Protecting your business against social engineering attacks and phishing scams requires staff training to enable your employees to detect the signs of a cyberattack and encouraging them to always verify the identity of outsiders communicating with your business.

Soteria offers a range of secure cloud storage solutions using the latest encryption techniques for companies of all sizes.

Shoprite Data Leak | Data theft

Shoprite the latest victim of data leak crime wave

Millions of South Africans trust Shoprite, South Africa’s largest supermarket group, to bring them great deals on groceries and household items. Social media was abuzz in June when the retailer suffered a major data breach exposing personal details of its money transfer clients.

The cyberattack carried out by the hacking group RansomHouse is the latest in a wave of online crimes targeting South African corporates. Here’s how it happened and what it could mean for you if you use Shoprite to send money to friends and family.

Shoprite gets more than it bargained for from cybercriminals

A discount retailer may not sound like a prime target for criminals trying to steal sensitive information, but it wasn’t the shopping side of Shoprite’s business that fell prey to hackers.

  • The company’s “know-your-customer” database (FICA) for its money transfer service, which is used by many people who don’t have traditional bank facilities, received a rude awakening when customer information fell into the hands of RansomHouse with the hacking group posting about its success on the Dark Web.
  • Claiming full responsibility for the attack, RansomHouse hackers boasted that Shoprite’s weak data security policies resulted in sensitive information being stored by staff in plain text documents which were unprotected and unencrypted.
  • Once obtained by the hackers, this information containing customers’ personal details was as easy to access as any word document on any computer.

The hackers threatened to auction the data on the dark web with bidding starting at 20 bitcoin (app R6.7 million). To prove that they had the files RansomHouse posted more than 350 files of customer data on it’s dark web website.

cybersecurity is no longer simply a “nice-to-have”

The Shoprite cybercrime incident shines a spotlight on the dangers of unprotected data and the absolute necessity for companies of all sizes to protect their information.

Shoprite has refused to communicate with the RansomHouse hackers to prevent further leaks but assured customers that they would launch a full investigation with forensic experts to ascertain the origin of the data leak, how and why it happened and the scope of the leak. The company also stated that additional security measures and detection strategies had been implemented across the group to prevent further loss of data.

There is little doubt that Shoprite has been left wondering if the entire event could have been avoided simply by using secure cloud storage and taking other simple data protection measures.

protect your data with secure cloud storage

When it comes to cybersecurity, sometimes it’s best to learn from the mistakes of others and avoid a damaging cyberattack. Reduce and mitigate the risk of a data leak by protecting your business information today with one of our secure cloud storage packages.