https://www.polity.org.za
Deepening Democracy through Access to Information
Home / Legal Briefs / All Legal Briefs RSS ← Back
Africa|Business|System|Systems|Technology|Contracting|Infrastructure
Africa|Business|System|Systems|Technology|Contracting|Infrastructure
africa|business|system|systems|technology|contracting|infrastructure
Close

Email this article

separate emails by commas, maximum limit of 4 addresses

Sponsored by

Close

Article Enquiry

Data breaches are on the rise – here’s how you should proceed

Close

Embed Video

Data breaches are on the rise – here’s how you should proceed

Cliffe Dekker Hofmeyr logo

1st June 2022

ARTICLE ENQUIRY      SAVE THIS ARTICLE      EMAIL THIS ARTICLE

Font size: -+

A rapid rise in data breaches across numerous sectors has highlighted the intensity and ease with which cybercriminals can sabotage and hold for ransom valuable data, and quickly bring seemingly secure institutions to their knees. What can organisations do to protect themselves?

Hosted by commercial law firm Cliffe Dekker Hofmeyr (CDH), a recent webinar entitled ‘Enemy at the Gates: The practicalities and difficulties of data breaches’ revealed the top cyber threats facing businesses to be business email compromise, hacking, and ransomware. 

Advertisement

CEO at Digital Forensics Lab, Cyanre, Danny Myburgh noted there is also a rise in double extortions taking place in which hackers come in, steal data and then encrypt it with the aim of extorting companies to not only get their data back but then decrypt it as well. It doesn’t stop there, Myburgh said triple extortions are even happening in which hackers not only steal and encrypt data, but also mine it to identify and directly extort other data subjects.

“Typically, many of the vulnerabilities we find our left there by disgruntled employees. This is particularly true for disgruntled former IT administrators who have knowledge of the systems in place. When you exit people, it is important to keep these vulnerabilities in mind,” said Myburgh. 

Advertisement

In his presentation, Myburg identified two main modes of attack in which cybercriminals target organisations. The first he calls the shotgun approach. “This is where the attackers send out a million emails and if one of your employees is unlucky enough to click on it, unfortunately, they have fallen for the scam,” said Myburgh.

The second most common mode of attack is the most concerning. This is what Myburgh calls the targeted attack. “Hackers focus on one organisation, perform in-depth background research, and then specifically target and attack an organisation through accessible vulnerabilities. This is where employees tend to form the weak links, not the infrastructure.”

Unprotected mail accounts with no two-factor authentication, outdated software, poor password control, and a lack of sturdy firewall protocols are just a few of the common vulnerabilities that organisation’s can easily control. 

While it may be easy to secure your data in theory, the reality is that hackers tend to be two steps ahead. What happens when a data breach happens to your business?

Director and Practice Head in CDH’s Technology, Media & Telecommunication practice, Preeta Bhagattjee said the first and most important first step is to be calm, cool and collected. “When you are a victim of a data breach there are several important levers that would need to be considered quite quickly.”

While assessing the extent of the breach and the data that has been impacted, Bhagattjee says one would need to juggle many balls against which strategic, time-sensitive, and legally informed decisions need to be made. 

When managing a data breach incident, Bhagattjee highlighted a few critical steps that should be taken. These include:

  • Reporting obligations – depending on the type of breach and laws that apply to your business – there may be a number of reporting obligations (including under data privacy and cybercrime laws)
  • Managing reputational risk – even though the payment of a ransom is not generally illegal, legal considerations along with reputational risk is to be understood if you are considering paying a ransom demand (i.e. known terrorist organisations)
  • Managing system and technology risks – taking steps quickly to mitigate the technology breach or vulnerabilities but at the same time ensuring evidence is preserved for authorities
  • Ensuring business continuity – consider the ramifications if you cannot continue to fulfil your contractual obligations to customers in light of the data breach
  • Possible damages, costs, fines, and penalties –Claims for damages by the victims of the breach (ie. If personal information of customers is published or they are defrauded by the cybercriminals), being subject to fines and penalties as well as the cost of systems changes and upgrades can arise due to the breach. 
  • Need an effective risk mitigation plan – understanding the learnings and preparing policies and procedures for the next attack are key 

“You need to understand where data is coming into and leaving your organisation, who manages it, and what rules apply to the gatekeeping of this data. Effective contracting with third-party data processors help address the risk and frame the rules and procedures of avoiding a data breach but also handling a data breach incident if it occurs,” said Bhagattjee

As CDH has a presence in both South Africa and Kenya, the webinar delved into the ramifications of data breaches specific to each region. In South Africa, this meant an application of POPIA and how this data privacy regulation needs to be factored in. In Kenya, this discussion pertained to the country’s Data Protection Act.  

Watch the full Enemy at the Gates: The practicalities and difficulties of data breaches webinar. 

EMAIL THIS ARTICLE      SAVE THIS ARTICLE ARTICLE ENQUIRY

To subscribe email subscriptions@creamermedia.co.za or click here
To advertise email advertising@creamermedia.co.za or click here

Comment Guidelines

About

Polity.org.za is a product of Creamer Media.
www.creamermedia.co.za

Other Creamer Media Products include:
Engineering News
Mining Weekly
Research Channel Africa

Read more

Subscriptions

We offer a variety of subscriptions to our Magazine, Website, PDF Reports and our photo library.

Subscriptions are available via the Creamer Media Store.

View store

Advertise

Advertising on Polity.org.za is an effective way to build and consolidate a company's profile among clients and prospective clients. Email advertising@creamermedia.co.za

View options

Email Registration Success

Thank you, you have successfully subscribed to one or more of Creamer Media’s email newsletters. You should start receiving the email newsletters in due course.

Our email newsletters may land in your junk or spam folder. To prevent this, kindly add newsletters@creamermedia.co.za to your address book or safe sender list. If you experience any issues with the receipt of our email newsletters, please email subscriptions@creamermedia.co.za