On top of everything else South African businesses have to worry about, ransomware attacks are becoming more and more of a problem. And an expensive one.
An independent survey commissioned by Sophos reveals that a staggering 78% of South African organisations fell victim to ransomware attacks in the past year, marking a substantial increase from the 51% reported in the previous year’s survey.
This surge surpasses the global average of 66%, highlighting the pressing need for businesses in the region to address the ransomware threat effectively.
Ransomware root causes and attack vectors
Exploited vulnerabilities emerged as the predominant root cause of ransomware attacks in South African organisations, contributing to 49% of incidents. Compromised credentials followed closely, constituting the second most common attack vector, affecting 24% of organisations.
These findings underscore the critical importance of regularly patching vulnerabilities and implementing robust identity and access management practices to mitigate these threats effectively.
A concerning 89% of ransomware attacks in South Africa resulted in data encryption, surpassing the global average of 76%. Furthermore, data theft occurred in 35% of these cases, exceeding the global average of 30%.
However, there is a silver lining: 100% of South African organisations successfully retrieved their encrypted data, slightly outperforming the global average of 97%. This emphasises the importance of maintaining secure and accessible backups.
Ransom payments and recovery
While 45% of South African organisations opted to pay the ransom, this rate showed a slight decline from the previous year’s 49%. Globally, the average ransom payment rate in 2023 stood at 47%. Notably, 24% of South African organisations adopted multiple recovery methods simultaneously, demonstrating the importance of having diversified recovery strategies in place.
One revelation of particular note from the survey was the disclosure of a ransom exceeding $5 million (R97.3 million) paid by one organisation (although it wasn’t named). Excluding ransom payments, the average cost for South African organisations to recover from ransomware attacks amounted to $0.75 million (R14 million), made up of expenses associated with downtime, labour, device replacement, network restoration, and lost opportunities. This figure significantly contrasts with the global average cost of $1.82 million (R34.1 million).
Ransomware attacks dealt a significant blow to South African enterprises, causing revenue losses for 82% of private sector organisations – a figure that closely aligns with the global average of 84%. Recovery timelines varied considerably, with 53% stating that they rebounded within one week, 29% within a month, and 19% requiring anywhere from one to six months to fully restore normalcy.
The role of cyber insurance
An overwhelming 98% of South African organisations reported having some form of cyber insurance in place, with 47% holding standalone cyber policies, and 51% including cyber coverage as part of a broader business policy. Sophos compared that with the rest of the world, where 91% of organisations owned cyber insurance, with 47% having standalone policies and 43% incorporating cyber coverage within broader policies.
Significantly, the quality of cybersecurity defences had a direct influence on cyber insurance among South African respondents. Among organisations that had purchased cyber insurance in the past year:
- 66% reported an impact on their ability to secure coverage.
- 61% indicated that it affected the cost of their coverage.
- 19% noted that it influenced policy terms, including coverage limits or sub-limits.
Given the prevalence of ransomware attacks in South Africa and the fast-growing ransomware-as-a-service model, it is evident that these threats aren’t going away.
In light of this, Sophos recommends that South African organisations should consider the following strategies to navigate this challenging landscape effectively:
Bolster defensive measures
- Invest in security tools that fortify against common attack vectors, such as robust endpoint protection to thwart vulnerability exploitation and zero trust network access (ZTNA) to counter compromised credentials.
- Embrace adaptive technologies that respond automatically to attacks, disrupting bad actors and providing defenders with the time needed to respond effectively.
- Consider 24/7 threat detection, investigation, and response, either in-house or through partnerships with Managed Detection and Response (MDR) service providers.
Optimise preparations for potential attacks
- Regularly back up data and practice data recovery from backups.
- Maintain an up-to-date incident response plan.
Prioritise strong security practices
- Ensure timely patching of vulnerabilities.
- Regularly review and optimise security tool configurations.
In the face of ransomware threats, South African businesses and organisations have little choice but to remain vigilant, proactive, and adaptable in their cybersecurity efforts.
It is only by implementing these strategies and continuously evolving and testing their defences, that businesses can better safeguard their assets, data, and financial stability.
The Era of Digital Insecurity
Sadly, it’s clear that we live in an era marked by digital insecurity, and businesses owe it to themselves to do everything in their power to protect important digital assets. Just as sadly, this fight will never end.
To quote a favourite sci-fi game from the 90s, “The price of freedom is eternal vigilance.”
Indeed, Admiral Tolwyn. Indeed.