Crowdstrike Outage Downs Windows – Technology

CrowdStrike Error Causes Chaos Globally 

The world suffered one of its biggest IT failures on record in July, as a single line of code in the CrowdStrike software update caused Windows computers around the world to freeze and display the “blue screen of death”.

The glitch in an update from the cybersecurity provider based in Austin, Texas was a rare but dramatic example of just how badly things can go wrong when technology fails.

Flights grounded, ICUs paralysed

The extent to which every process in modern society hinges on technology was on full display on July 19th as the faulty update caused airlines around the world to ground flights. 

In addition, hospitals in several countries were forced to reschedule surgeries and even ICU procedures since the computers controlling these critical processes were frozen and unusable. 

The update caused a logical error which caused Microsoft Windows computers to malfunction, switching them over to the blue screen – an outcome that no systems engineer ever wants to encounter. 

Unfortunately, scenes like this were played out around the world as critical computer systems remained temporarily frozen.

Capitec suffers day-long outagec

South Africa was largely spared the dramatic effects of the CrowdStrike incident, with the JSE issuing a notice stating that the FTSE indices were not updating. One of the big insurance companies was also affected as well as a major player in the banking industry that saw its systems remain off-line for most of the day.

Capitec’s ATM network, as well as its online banking facilities were non-functional, with customers unable to withdraw or transfer funds. 

After several hours of technical intervention, the bank’s IT team was able to restore functionality to the network, but many customers turned to social media to express their frustration about the outage. They also expressed concerns about the bank’s ability to manage their money safely.

The media hasn’t reported any financial losses as a result of the outage but it’s safe to assume that Capitec may suffer some reputational damage as a result. This incident underscores the potential for IT failures and cyberattacks to undermine the reputation of any business and highlights the importance of securing data with encrypted backup.

How to respond in the wake of a major tech failure

When a large, unexpected IT failure takes place, there are two major priorities for any IT manager or CIO: restoring functionality as soon as possible and recovering sensitive data to ensure business continuity.

  • The first of these objectives may be in the hands of third-party providers like Microsoft or CrowdStrike, but the safety of sensitive company data falls 100% in your company’s area of responsibility. 
  • Secure cloud storage is the only solution that guarantees data safety in the event of an unexpected failure or cyberattack – especially one at the scale seen on July 19. 

Effective and professional communication to clients also remains a priority during any outage in order to preserve trust and mitigate reputational damage. If this recent failure has you worried about your company’s important client data, investing in secure storage could be the best thing you do for your business this year. 

Soteria’s range of cloud storage packages – using immutable encryption – is the best place to start. Browse our range of packages for businesses of all sizes today.

Hidden Costs of Cyberattacks – Cybersecurity

Measuring the Hidden Costs of Cyberattacks on SMEs

Cyberattacks cost businesses around the world over $8 trillion in financial losses last year, but behind the dramatic headlines about costs that can be measured in Rands and cents is a hidden story of reputational damage and loss of credibility that can cost businesses a fortune in the long-term.

In this article we delve into the unstated losses that come in the wake of a cyberattack, study some common vulnerabilities, and find out how you can protect your business from the huge damage that hackers can do by breaching your data security.

Hidden Cost 1: Customer Confidence

One of the most valuable aspects of any brand is the confidence that customers place in the business and the word of mouth recommendations and positive online advocacy that this leads to.

On the flipside, however, once customers lose confidence in your business – especially if their personal data is stolen during a cyberattack – you need a comprehensive strategy to win back their trust or suffer reputational damage as a consequence.

It’s hard to quantify the exact amount that your business may lose as a result of declining customer confidence, but suffice to say that lost sales, a drop in referrals, and even online boycotts are all possible if your business suffers a major data leak or breach.

For some companies, the damage could run into millions or result in a major loss of business.

Hidden Cost 2: IP Theft

Intellectual property is becoming increasingly valuable with conceptual products accounting for 40% of US GDP in 2023.

Your confidential business plans or product prototypes falling into the wrong hands in a cyberattack could mean that your business could lose a competitive advantage, especially in the realm of manufacturing.

Copycat producers in countries with weak intellectual property laws are always waiting to undercut you in the market.

South African copyright and intellectual property laws are relatively strong and you’ll have a solid legal case to act against a local business that tries to copy your ideas – even if they’re stolen in a cyberattack.

Taking this type of action against a foreign business can be more tricky and certainly expensive, especially if international litigation becomes necessary.

Businesses should make sure that they’re insured against this type of outcome and that the amount of cover is sufficient to compensate them for the very real possibility of losses from IP theft.

Hidden Cost 3: Productivity Losses

Finally, a cyberattack can cause extended periods of downtime for your team as you struggle to bring your systems back online and eliminate the malware that was used in the attack.

During this time, your employees are likely to be distracted and less productive, and this could result in anything from delayed orders and invoicing to a total shutdown of operations for a  week .

For some businesses, this could equate to hundreds of thousands or millions of Rand in lost productivity.

Compliance Costs: When things get very real

The cost of compliance with the PPI Act is a fact that businesses should bear in mind when it comes to cyber risk.

The Information Regulator is authorised to fine companies up to R10 million if customer  information is mishandled in the event of a cyberattack. This is a very tangible amount for any business and underscores the importance of full legal compliance – no matter what size your enterprise may be.

The best way to avoid the hidden costs of cyberattacks is to make sure that your data is securely stored in encrypted form. Soteria’s range of secure storage packages for businesses provides all the data security that your enterprise needs. Visit our product page today to learn more.

Financial Impact of Cyberattacks | Cybersecurity

Quantifying the Financial Impact of a Cyberattack on SMEs – Cybersecurity

By now, most business owners who read our articles will be familiar with the financial impact that a Ransomware attack can have – and the amount of money that companies have had to pay cybercriminals to get their data back is just the tip of the iceberg.

The true cost of an online attack can be far more than the ransom demanded by hackers.

When factors like downtime, data recovery, forensics, system restoration, and potential fines from the Information Regulator are taken into account, falling prey to a cyberattack could cost your business hundreds of thousands or even millions of Rands.

In this article, we explore the financial impact of a cyberattack and provide some tips and tools for business owners to calculate the true cost.

Cyberattacks: what’s the damage?

Understanding the financial impact of a cyberattack is far easier when we consider the various costs that are involved in recovering from a crime like this.

A report from the Ponemon Instutite determined that of the 5 most vulnerable industries that experience data breaches – healthcare, financial, pharmaceutical, energy and industrial, the average cost of a breach in the healthcare industry exceeds $10,93 million (over R19 million).

In general, the cost of a cyberattack consists of the following factors:

  • Detection and client notification costs
  • Data recovery costs
  • Network restoration costs
  • The legacy costs of reputational damage and possible financial claims
  • Regulatory compliance fines

In the wake of a cyberattack or data breach, your business will need to jump into action.

In addition to having a cyberattack response plan so that your efforts remain calm and effective, you’ll need to quickly alert clients and anyone else whose data has been compromised and undertake the process of data recovery.

The POPI Act requires businesses to be good custodians of their clients’ data and take all possible steps to protect it before, during, and after a cybersecurity incident.

  • Failure to do so could result in heavy fines (capped at R10 million) or even prosecution.
  • Special insurance may be necessary for companies that handle vast amounts of client data should the incident be investigated by the Information Regulator.

In addition to compliance costs, expenses related to the restoration of your network can range from four to six figures depending on the size and scope of the damage.

  • Downtime following a cyberattack can cost your business a fortune in lost revenues and undeliverable products and services. A larger SMB or corporation may face millions of Rands in wasted productivity while its systems are down.

According to a 2023 study of hundreds of organisations, the average cost of recovery per file could amount to R2 750, which is an 8% increase from 2022. The costly consequence of a data breach can be determined by taking all of the above factors into consideration or by using one of the many “cost calculators” such as Arctic Wolf to estimate the cost to your company.

A major cyberattack could cost millions in total, but for a small monthly investment in secure cloud storage you can keep your data safe, updated, and encrypted.

Soteria’s range of cloud storage packages is the place to look if you’re serious about data security. To learn more, browse our product page or contact our team today.

Hackers and daring online scams | Cybersecurity

The Most Daring Online Scams 

At Soteria we work around the clock to help companies secure their data and prevent cyberattacks, and we will be the first to say that data security is no laughing matter.

Except when it is.

Hackers may be our sworn enemies, but we have to admit that some of the tactics and tricks they use to fool internet users, including some of the smartest people in the world, can be inspired and hilarious.

In this article, we take a lighter look at the world of cybersecurity and some of the crazy lengths cybercriminals have gone to in their quest to access your crucial private data.

The first hack in history

Hacking may be the scourge of the ultra-connected 21st-century, but illegal interception of communications started over 100 years ago.

Back in 1903, the Royal Institution was getting ready to demonstrate a new telegraph technology invented by Guglielmo Marconi. Just as the demonstration was about to kick off – with the kind of excitement you’d expect from a new iPhone release back when we still cared about them – the telegraph machine suddenly sprung to life with the word “rats” being repeated over and over on the ticker tape.

Before long, a dirty poem mocking Marconi arrived over the telegraph, causing a stir in the press. When the authorities investigated, they discovered that the magician Neville Maskelyne, who had a grudge against Marconi, had managed to intercept the telegraph transmission.

This was a sign of things to come 120 years later in our own time, when hackers routinely attack unpopular public figures or execute denial of service attacks on websites that they dislike.

Ocean’s 11 –  in a fish tank

The Internet of Things has brought about a situation where smart devices are connected in almost every office in the world, and some of them are so obscure that you’d never think to secure them.

Several years ago, a Las Vegas casino suffered a major data breach when hackers took control of the electronic sensors that monitor the water temperature and mineral content of one of its fish tanks. Once they gained access to the casino’s network, they were able to identify some highly sensitive unsecured data which they transmitted to Finland –  a fitting location for such a fishy crime.

X marks the spot for a celebrity bitcoin scam

In 2022, when X was still known as Twitter, the company’s current CEO Elon musk was one of many internet users scammed by a cybercriminal who offered to double any amount of bitcoin that they sent to him.

Needless to say, not one of the countless number of people who fell prey to the scam got even a cent back. Then again, since Elon is estimated to have overpaid by $19 billion when he bought Twitter he probably didn’t let the loss of a few bitcoin get him down.

Jokes aside:  you won’t be laughing if you’re the victim of a cyberattack

The ingenuity that cybercriminals have shown in cheating internet users out of their money is only going to get more impressive in the years to come.

Securing your network, updating your firewall and antivirus, and never responding to communications from anyone you don’t know and haven’t confirmed as the sender are three simple ways to stay safe online – but you these days you will likely need more protection.

Secure cloud storage offers a powerful layer of protection for your crucial data, with automated and encrypted backup ensuring that files are sent to the cloud on a regular basis to prepare your organisation for anything the dark web can throw at it.

Learn more about our range of packages for business and home users and take a powerful step in securing your data in the battle against hackers.

UK Data Breach | Hacker Cybercrime

Russian Hackers Claim Security Breach at BA, Boots and BBC

Russian hackers have struck at the heart of the UK’s business sector in a brazen attack on the BBC, popular pharmacy chain Boots, and British Airways, the country’s national carrier.

The attack was perpetrated by clOp Group, a well-known Russian cybercrime syndicate. The hackers targeted the “Three Bs” at a time when Britain is reeling from the effects of a cost of living crisis and the Russian war with Ukraine continues to divide public sentiment in Europe.

More than 100 000 employees’ personal information is said to have been compromised in this attack, with cybercriminals giving the companies until the middle of June to respond and begin negotiating their ransom.

how hackers penetrated three of Britain’s biggest brand names

Despite companies investing millions in cybersecurity, data breaches and ransomware attacks against prominent businesses continue to make the headlines.

  • Like many well-known cyberattacks, the recent data raid on some of Britain’s best-known brands was carried out using a vulnerability in an obscure piece of software, MOVEit.
  • The attack compromised Zellis, a trusted supplier of payroll services to the three Bs and reveals a new evolution in the future of cybercrime.
  • MOVEit may not be a familiar app to many of us, but it’s commonly used by enterprises to transfer files internally on their servers.
  • Hackers working for clOp exploited a vulnerability in the program and used it as a gateway to access a wealth of employee data which was later put up for ransom on the dark web.

As this case vividly illustrates, even seemingly secure software designed for enterprise use can contain weak links in the chain that cybercriminals can use to access valuable data. It also shows how cybercriminals are experimenting and learning from previous supply-chain attacks, targeting a mass -attack through one organisation to exploit a chain.

Improvements and patching can help close these loopholes, but it’s likely that hackers will simply find the next vulnerability to exploit. As the arms race ramps up, data belonging to businesses just like yours could be caught in the crossfire.

time to take data security seriously with encrypted cloud storage

The attack on Boots, British Airways, and the BBC was an attack on Britain’s sense of cyber safety.

Similar attacks have already occurred in South Africa, and as one of the countries with the highest incidence of cybercrimes in the world last year these events are only likely to become more common.

To protect your business data from a cyberattack in a landscape where falling victim to one is becoming extremely likely, you’ll need to keep it securely in the cloud in encrypted format.

Our range of secure cloud storage packages provide a virtual vault where your data can be accessed after a cyberattack – allowing you to get back to business sooner rather than later.

Twitter data breach | Data breach  

Twitter data breach leaves 5 million users at risk

Twitter has revealed that a major data breach in January resulted in more than 5,4 million users’ personal data being lost to hackers. To make matters worse, this information is now being given away on the dark web – potentially putting millions of phone numbers and email addresses at risk of being compromised.

The social media giant, which was recently acquired by Elon Musk, is undergoing a dramatic restructuring as it struggles to retain advertisers.

This latest revelation about data security will add a further layer of challenges to the task ahead for Multi-billionaire Musk and his latest acquisition, as the company does damage control to regain user trust.

One cybersecurity slip up compromises millions of accounts.

Every business handles customer data, but when it comes to social media giants like Twitter, the sheer volume of sensitive information is staggering.

With almost 400 million registered users worldwide the platform is a major target for cybercriminals, and once in a while they manage to breach the company’s powerful online defences.

January’s incident, which was carried out by exploiting an API vulnerability, resulted in millions of users entering sensitive information only to have it stolen by hackers.

The feature that allows Twitter users to find the Twitter ID of other users by submitting their email address or phone number proved to be especially vulnerable to attack. This flaw in the platform’s API mirrors recent incidents in which location-enabled apps like EskomSePush and WeChat have been used by criminals to carry out a variety of illegal activities.

Stay safe while you get social

Keeping your personal data safe when using social media apps is essential in the current cybersecurity climate. Here are some tips that will help keep hackers away.

  • Change your passwords. You should aim to do this at least once a year, with once every three months being ideal.
  • Opt for two factor authentication. This will help ensure that you and only you have access to your account.
  • Beware suspicious messages and emails. You’ll never be required to provide your login details via email. If you can’t do it using the app, it’s probably not legit.

About Soteria Cloud

Based in Cape Town, Soteria offers a full range of cloud storage packages suited to the needs of businesses and families alike. Keep your data safe in the cloud with us.

Reporting a data breach | Cybercrime

Do I need to report a data breach?

According to the POPI Act, an organisation that gathers personal information about others is required to report any data leak or breach in security in a timely manner.

In other words, once you are aware of the data breach you should waste no time in informing the Information regulator and providing as much information as you can so that the organisation has a clear picture of:

  • exactly what kind of data was leaked
  • when it happened
  • who was affected

when do I need to report a data breach?

The number of data breaches affecting South African companies almost doubled over the past year, making it more likely than ever that your business may be affected by one.

For company owners and managers, dealing with the damaging effects of compromised data or a ransomware attack can be extremely stressful – and there’s also a further requirement that any compromised personal information needs to be reported to the authorities.

The POPI (Protection of Personal Information) Act places a strong duty on organisations that collect customers’ personal data to report data leaks in a timely manner. To help our customers comply with the regulations, let’s take a look at the POPI regulations and the responsibility of data collecting entities in more detail.

reporting data leaks is your legal obligation

As a business operating in South Africa, you are obliged to abide by the terms of the POPI Act. One of the regulations that companies need to follow is reporting data leaks to the Information Regulator of South Africa, a body which monitors and enforces POPI compliance.

Here’s what the law has to say about companies’ obligations to report compromised personal information:

  • In terms of section 22 of the POPI Act if there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by any unauthorised person, the responsible party (your business) must notify the Information Regulator and the data subject (the victim of a data leak) and provide a comprehensive notification of the type of breach.

In other words, if you think a data leak or breach has occurred you need to let the Information Regulator of South Africa know about the incident in detail – without delay.

covering yourself: the benefits of complying with the POPI Act

Reporting incidents when the personal information of your client base has been compromised in a data leak is a legal obligation that will help keep your business on the right side of the law.

It’s also an action that could help you legally if one of the people whose information was leaked decides to take action against you in a civil case.

While the information in this article is a general overview of the law, we are not in the business of dispensing legal advice. When a data leak occurs, it’s essential to consult a lawyer who specialises in cybersecurity cases so that you follow a strategy that’s legally sound.

protect your business and customer data with secure cloud storage

There’s no doubt that complying with the POPI Act is a legal requirement, but it also can be a very stressful and time-consuming process. To reduce the risk of a cyberattack and the need to report compromised personal data, it’s essential to secure your company’s information using encrypted, cloud-based storage. To discover a package that’s right for your business, browse our service offerings today.

Defend your Data | Cybersecurity

Cybersecurity must haves to defend your data

If you are a regular reader of our blog, you’ll know that we’ve been  sounding the alarm about the rising tide of cyberattacks targeting SA companies and other institutions. Several large data leaks affecting well-known brands have been dominating the tech headlines since late last year, serving as a strong reminder that cybercriminals won’t be going away anytime soon but it’s never too late to defend your data.

In order to ensure the safety of your business data, it’s essential to take a holistic approach to dealing with online threats and resolving them from a data and financial point of view.

Here are some things  to consider when protecting sensitive information from hackers and online criminals.

ransomware: the threat is real

The Veeam Ransomware Trends report for 2022 reveals  that 9 out of 10 companies have experienced a ransomware attack, with one third of the data involved being unrecoverable.

  • In the case of large companies, ransomware attacks can be especially costly, with each incident involving an average of R7 million in ransom. Even if the company refuses to pay this type of amount, the damage to their brand and reputation could easily exceed it.

insure against cybercrime losses

No business would operate without physical insurance covering their premises and inventory. Yet many companies are inadequately insured against cybercrimes, exposing their owners and shareholders to costly financial losses.

2022 is the year to review your backup plan and your business insurance. It’s time to take a stand against cybercrime by protecting your business from cyber threats, and ensuring that if you’re security is breached, you are insured for any financial losses resulting from stolen data, lost sales, and damages claimed by customers whose information is lost in a data breach.

make sure your company is POPIA compliant

The Protection of Personal Information Act places extensive obligations on businesses to protect their clients’ information.

  • While ensuring your business against these losses as mentioned above, it is essential to ensure that you comply with the new law and take all necessary measures to protect your customers’ data.
  • This includes asking for permission to store and distribute any sensitive information that comes from your client base.

make secure cloud storage the backbone of your cybersecurity preparedness

Taking a simple step such as backing up your data in the cloud and encrypting it could help protect your sensitive information from cybercriminals while minimising the impact of a data leak or hacking attempt. Insuring your business against such an attempt or loss of data is a secure backup to your online backup.

To learn more about secure cloud storage and how it can benefit your business visit our website or contact us today.

Understanding Data Leakages | Data Leaks Part 1

Understanding Data Leakages – Part 1

Cybercriminals are responsible for a huge amount of data-related crimes every year – but they aren’t the only ones responsible for the loss of sensitive business information.

A data leak, which is often the result of employee carelessness or weak IT security policies, can cause crucial information to flow out of your business, even if it wasn’t deliberate.

In this article we unpack the notion of a data leak, find out how it’s different from a data breach, And explore some of the ways data leaks occur.

is it a data leak or a data breach?

If your company suffers a sudden loss of sensitive data this is probably the first question your IT security consultant will ask. Knowing the difference between a data leak and a data breach is the first step in keeping your organisation’s information safe in the digital age.

  • A data leak is any unintentional sharing of sensitive information with an unauthorised user outside your organisation. As the name implies, the ‘leak’ usually takes place from the inside out and often involves an employee or trusted user.
  • A data breach is a deliberate attempt to break through your IT security system from the outside, usually by hackers or cyber criminals. This type of crime takes place from the outside in.

Put differently, the difference between a data leak and a data breach is like the difference between leaving your front door open and someone breaking the lock to get in.

what causes a data leak?

As we mentioned above, most data leaks take place due to negligence or carelessness. Here are the different types of data leaks along with the most likely cause of each one.

accidental data leaks

These data security failures take place by accident and are often caused by employees –

  • sending an email containing sensitive information to the wrong person
  • sharing access to confidential folders with people outside the organisation is another common cause of data leaks
  • taking videos of sensitive company information or events and sharing them on social media is another way data privacy can be compromised

malicious data leaks

This type of leak is deliberate, usually carried out by a disgruntled employee who –

  • seeks to discredit the company or blackmail the management

Malicious leaks often take place anonymously and it can be difficult to determine who the original culprit was.

data leaks carried out by outsiders

This type of incident is almost never an accident. Like a data breach, it is typically carried out by an outsider who plans to use the data for criminal purposes.

  • perpetrators will usually try to trick an employee of the company into sending them confidential or giving them access to privileged files and folders
  • IT managers can sometimes track and investigate this type of leak by flagging emails and folder access granted to people outside the organisation

data leaks caused by IT security failure

This type of leak is caused by incorrect network security settings or errors in mailing list automation software.

  • by the time the error is discovered, important data will probably already have leaked out of the company
  • identifying the cause of the leak and ensuring that doesn’t occur again is essential in this scenario.

protect your data from cybercriminals

No matter what causes a data leak, the cost to your business can be huge. Over the past few years, we’ve witnessed financially damaging data leaks at companies including household names like Nespresso.

Ensuring that your IT security is on point and that your data is encrypted and secured with cloud storage  will help you avoid a similar scenario in your own business.

In our next article, Data Leaks Part 2, we’ll explore the topic of data leaks in more detail and look at some ways you can protect your business against this preventable but damaging type of cybersecurity failure.

Facebook Lost Control | Mobile Apps

Has Facebook lost control?

Social media is a huge part of our lives and for most of us, Facebook is the platform we go to for news, entertainment and to keep up with everyone we know. This wildly successful social media platform has grown exponentially over the years and is now used by 3 billion people worldwide, or almost half of the world’s population.

With so many people sharing information over the Internet, a number of serious privacy concerns and other issues related to Facebook have surfaced over the past few years. For some tech experts the real question is: should we be using Facebook and is the system out of control?

Facebook executives warned that the system is too big to manage

Recently the media reported that a group of advisers had warned the executives of Facebook that their iconic SM platform has grown to such a size and level of complexity that even the world’s best coders and IT experts are having trouble understanding and managing it.

  • While the company was quick to downplay these fears, a number of Facebook executives are said to have agreed with the experts’ assessment and are looking at ways to make the social sharing network more manageable.
  • These may include splitting the company up so that its sister brands Instagram and WhatsApp become independent entities once again.

is Facebook still a secure place to socialise?

In early October the world was shocked when Facebook and Facebook messenger went down for a full day, causing billions of people to lose touch with their personal and business contacts.

This may be a glitch in the system never to be repeated again, but it certainly exposes Facebook’s vulnerability to data security vulnerabilities and begs the question, is facebook out of control?

succeed where Facebook failed with online backup support

Even one of the world’s biggest companies can fall prey to data security failures, but you can avoid this outcome by focusing on your own company’s digital security.

As your business grows, you’ll almost certainly face the reality of having to implement an IT and data security policy for an organisation with increasing information needs. An online backup service such as Soteria cloud ensures that your data is never lost even if your information is destroyed by a virus, or your business is burnt down.

To learn how a cloud-based backup solution can support the growth of your business and secure your data, contact us today.