https://www.polity.org.za
Deepening Democracy through Access to Information
Home / Legal Briefs / All Legal Briefs RSS ← Back
Africa|Financial|Health|Infrastructure|Safety|Service|Services|System|Systems|Technology|Maintenance|Infrastructure
Africa|Financial|Health|Infrastructure|Safety|Service|Services|System|Systems|Technology|Maintenance|Infrastructure
africa|financial|health|infrastructure|safety|service|services|system|systems|technology|maintenance|infrastructure
Close

Email this article

separate emails by commas, maximum limit of 4 addresses

Sponsored by

Close

Article Enquiry

Comprehensive preparation will contain the fall-out from ransomware attacks

Close

Embed Video

Comprehensive preparation will contain the fall-out from ransomware attacks

Webber Wentzel

24th October 2023

ARTICLE ENQUIRY      SAVE THIS ARTICLE      EMAIL THIS ARTICLE

Font size: -+

Ransomware attacks have been rising and it is companies that have a high level of preparedness who are weathering the storm. The Sophos State of Ransomware in South Africa 2023 report found that 78% of South African organisations surveyed had experienced an attack in the preceding year, up from 51% in the 2022 survey.

Ransomware attacks introduce malicious software into a company’s systems.

Advertisement

“The usual pattern our clients experience is that late on a Friday evening or a Saturday morning, company management is notified by the IT department that the Company has lost access to essential files, and has received a demand for money, usually in the form of bitcoin, to release the files,” says Webber Wentzel partner Karl Blom.

“Typically, up to six months before the event, a hacker has accessed the company’s system and stored a virus that gathered confidential information. Once enough information has been accumulated, the hacker locks down the files.”

Advertisement

Webber Wentzel partner Wendy Tembedza urges companies to put a three-step strategy in place. The first is to mitigate the risk before any event occurs, the second is to manage an event, and the third step is to review controls and processes regularly, given that technology and threats are constantly evolving.

Mitigation

Tembedza says companies should ensure they have taken reasonable steps to protect their systems, taking into consideration the particular types of breaches to which they are susceptible. The Protection of Personal Information Act (POPI) requires companies to have appropriate, reasonable, and technical organisational measures in place. This involves assessing access controls, policies relating to the utilisation of IT infrastructure and procedures for regular maintenance and review of safety systems.

Organisations must have a plan to deal with a data breach (in this case, a ransomware attack) that sets out how employees should act, who they must notify and how the organisation will approach the Information Regulator and affected data subjects to notify them of the incident.

Blom says a highly regulated entity operating in a sector such as banking, financial service, health care and even education may have to comply with requirements specific to that sector, in addition to POPI.

Two other laws apply along with POPI in the event of a ransomware incident, he says. The first is the Prevention and Combating of Corrupt Activities Act (PRECCA), which requires a company to notify the South African Police Services (SAPS) when certain crimes like fraud or extortion, with a value of over ZAR 100 000, are committed. The second relevant law is the Cyber Crimes Act. A financial institution or telecommunications network operator that suffers any cybercrime (which could be a broad range of crimes from fraud to extortion) must report the crime to the SAPS (although this requirement is currently suspended).

Management

If a data breach has occurred (arising out of the ransomware attack), POPI requires that certain steps be taken, primarily relating to notification, says Tembedza. This includes notifying:

(i)   affected data subjects; and

(ii)  the Information Regulator,

as soon as reasonably possible following the event. 

Employees must follow the company’s procedures when making any notifications.

The company should notify its insurers, assuming it has insurance in place to cover cyber-attacks.  Where insurance is in place, the company must ensure that it adheres to the terms of its policy.

It is important to take legal advice on what actions are permissible to recover your information and systems following a ransomware attack.  While often unlikely, certain actions may create further liability for a victim (for example, making payment of a ransomware amount to an attacker in a sanctioned country or attempting to pursue a 'vigilante-type' response. 

One should also consider whether it is necessary to brief public relations firms (through your attorneys) to explain the incident to data subjects and to ensure that what is said is both legally sufficient and expressed in a way that best protects the company’s reputation, says Blom.

In all cases, companies that fare the best in these situations are those who:

(i)   respond to the incident quickly;

(ii)  have taken reasonable precautions (such as implementing robust backup systems);

(iii) hold appropriate insurance cover (and adhere to those terms); 

(iv) brief attorneys prior to notifying their insurers, affected data subjects and the Information Regulator; and

(v)  where necessary, brief forensic investigators and/or public relations experts through their attorneys.

Written by Wendy Tembedza & Karl Blom, Partners at Webber Wentzel

Listen to Tembedza and Blom, dive into the alarming and rapidly evolving world of these cyber threats, here.

EMAIL THIS ARTICLE      SAVE THIS ARTICLE ARTICLE ENQUIRY

To subscribe email subscriptions@creamermedia.co.za or click here
To advertise email advertising@creamermedia.co.za or click here

Comment Guidelines

About

Polity.org.za is a product of Creamer Media.
www.creamermedia.co.za

Other Creamer Media Products include:
Engineering News
Mining Weekly
Research Channel Africa

Read more

Subscriptions

We offer a variety of subscriptions to our Magazine, Website, PDF Reports and our photo library.

Subscriptions are available via the Creamer Media Store.

View store

Advertise

Advertising on Polity.org.za is an effective way to build and consolidate a company's profile among clients and prospective clients. Email advertising@creamermedia.co.za

View options

Email Registration Success

Thank you, you have successfully subscribed to one or more of Creamer Media’s email newsletters. You should start receiving the email newsletters in due course.

Our email newsletters may land in your junk or spam folder. To prevent this, kindly add newsletters@creamermedia.co.za to your address book or safe sender list. If you experience any issues with the receipt of our email newsletters, please email subscriptions@creamermedia.co.za