Financial Crime World

Cybercrime Costs Soar: Financial Institutions in South Africa Face Exponential Surge in Attacks

The Unprecedented Threat Landscape

South African financial institutions are facing an unprecedented surge in cyber attacks, with the cost of global cybercrime projected to reach a staggering $13.82 trillion by 2028. According to Anthony Watson, Executive Risk Consultant at ESCROWSURE, the threat landscape has evolved significantly, with highly organized cyber crime syndicates, state-sponsored hackers, and advanced hacktivists now targeting financial institutions.

The Rise in Cyber Attacks

Manoj Puri, ABSA Chief Information Security Officer, revealed that the bank has experienced a 400% increase in cyber attacks over the past two years, with millions of attacks taking place every month. The intensification of cyber attacks is compounded by the rapid expansion of digital territories, which includes attack surfaces of corporate and government institutions, as well as those of their third-party suppliers.

The Growing Risk of Third-Party Source Code

Ryan Boyes, Governance, Risk and Compliance Officer at the Galix Group, warned that the risks to organizations surrounding third-party source code are increasing significantly. “We’re seeing threats to software source code such as man-in-the-middle attacks, backdoor attacks, source code leaks, and code injection,” he said.

Tactics Used by Cyber Actors

Cyber actors are using a range of tactics to infiltrate networks, including:

  • Ransomware
  • Denial-of-service (DoS) attacks
  • Supply chain attacks

Once compromised, attackers release applications that can systematically encrypt data and software, demanding non-traceable payments in crypto-currencies for decryption keys.

The Cost of Recovery

The average cost of recovery incurred by South African organizations excluding ransom payments is over $1 million, with 26% of organizations requiring between one and six months to recover to full operational capacity. Sophos’ State of Ransomware in South Africa 2024 report highlights the urgency for financial institutions to prioritize cyber hygiene and third-party software vulnerabilities.

Mitigating Risks

To mitigate risks, Boyes emphasized the importance of:

  • Having a mapped inventory
  • Performing third-party risk assessments
  • Ensuring compliance with standards such as ISO 27001 and frameworks like CIS and NIST
  • Having contracts in place
  • Vulnerability management
  • Patch management
  • Automated scanning to identify and mitigate risks

The Role of Software Escrow

Software escrow has emerged as a vital tool in mitigating operational risk associated with reliance on third-party software providers. ESCROWSURE, South Africa’s leading software escrow service provider, offers customized legal agreements to safeguard source code and ensure business continuity in the event of cyber attacks or other disruptions.

Conclusion

As the cost of global cybercrime continues to soar, financial institutions in South Africa must prioritize proactive measures to protect themselves against these evolving threats. By implementing effective risk management strategies, including software escrow arrangements, organizations can reduce their exposure to operational risk and ensure business continuity in the face of adversity.