Here is our view of some of the hazards to look out for in the coming year. It’s clear that the COVID-19 pandemic has significantly influenced the nature and severity of cyber threats.
Software Supply Chain Attacks
This happens when a cybercriminal exploits source code. Malicious code is added to one component, and the supply chain of that component becomes the distribution network, sending the code to targets. The Transnet hack in July last year was an example, and experts expect these attacks to become more common, as cybercriminals take advantage of the shift to hybrid working to target organisations’ supply chains. Therefore, regular penetration testing (Pen-testing) is essential to stay one step ahead of this threat.
Ransomware is likely to become an even more significant threat in the future. Although Africa ranks behind the rest of the world in ransomware detections, the continent saw the most significant increase in attacks last year. South Africa was the most targeted country in Africa for ransomware in Q1 2021. A report from business analysts KPMG estimates that working from home has caused a threefold increase in the risk of ransomware attacks, and demands will probably be costlier in 2022. Regular penetration testing (Pen-testing) is essential to stay one step ahead of this threat.
Hybrid working looks set to become the norm. Working from home and the growing Internet of Things (IoT) means hundreds of potential entry points for DDoS attacks and other security breaches. Edge security refers to protecting the “edge” of your network. A breach of edge security could expose credentials used to access the main data centre assets, leaving you vulnerable. Regular penetration testing (Pen-testing) is essential to stay one step ahead of this threat.
Business Email Compromise
Interpol cites BEC as one of the key threats Africa faces in 2022. There are multiple types of BEC, such as bogus invoices, CEO fraud, and account compromise. South Africa leads the continent with BEC attempts, although Africa, fortunately, saw less than 1% of global BEC attempts from 2020 to April 2021. However, this is likely to rise due to the economic potential of Africa. Vigilance employee training and awareness are your best defences against BEC.
Cryptocurrency is anticipated to become a major target for cyberattacks. Africrypt was South Africa’s largest cryptocurrency exchange, but its founders suddenly disappeared with c.$3.6 billion in Bitcoin in 2021, claiming the exchange had been hacked. This was not the first South African cryptocurrency investment scam, and Interpol reckons it won’t be the last.