Cybersecurity and Resilience in South Africa
The 2019 FTI Consulting Resilience Barometer ranked cyber attacks as a top concern for South African businesses in the G20. South Africa is a target firmly in the view of cyber threat actors today. The Country’s move towards digital transformation, combined with a regulatory and judicial environment that is still grappling to achieve greater effectiveness, leaves it in a vulnerable position. In the past few years, South Africa has experienced significant breaches across a range of industries.
Its banks have been silently robbed of millions, hundreds of thousands of identities have been stolen, and corporates have been held ransom, demanding a payment of usually Bitcoin to grant them access to their own data. Adding insult to injury, the attackers even provide a 24/7 support desk to help make Bitcoin payment. This problem is not exclusive to South Africa.
Data and Access Hostage Situation
Cyber criminals targeting South African businesses are increasingly using ransomware as their weapon of attack. This was the case for an electricity supplier of Johannesburg, who recently was hit by a ransomware attack that left some customers without power. FTI Consulting has assisted several organizations who faced ransomware attacks, including an e-commerce billing platform. Weak customer credentials led to a highly successful, laterally moving attack that was able to successfully encrypt servers in a matter of hours.
The FTI Consulting team deployed to the client site immediately and was able to quickly determine the strain of ransomware. The collaborative effort led to a successful negotiation with the malicious actor, saving the client hundreds of thousands of dollars and preventing significant customer and revenue loss.
September 27, 2019
Senior Managing Director, Global Head of Cybersecurity
Senior Managing Director, Head of South Africa Forensic & Litigation Consulting
Managing Director, Head of South Africa Strategic Communications
Senior Managing Director, Head of Americas Cybersecurity