The security landscape is challenging and complex. There have been significant surges in data breaches and attacks that have focused on extracting data from organisations and exposing millions of personally identifiable information (PII) records.
In the United States, 2021 saw a 10% proportionate increase in data breaches compared with 2020 and in South Africa the average cost of a data breach was a staggering R46 million according to the 2021 IBM Cost of a Data Breach Report.
This is why companies need to reframe how they approach data, privacy and security, according to Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 Africa.
“Data protection is not just a compliance box to tick,” she explains. “It is key to ensuring that the business does not lose money or reputational standing because of a breach. As high-profile attacks continue to gain momentum, both public and private sector companies need to make data protection a discipline, not a chore.”
This is emphasised by recent successful attacks that have put local companies on the back foot. The Experian breach in 2020 exposed personal information of as many as 24 million South Africans, in 2022 TransUnion attackers claimed that 54 million South African records were compromised and held to a R223 million ransom.
The group that successfully entered into the latter system claimed that the protection was so poor that they used the word ‘password’ to gain access. They are not the only companies that have been compromised either – the Information Regulator has revealed that it has received a total of 139 breach notifications since POPIA was enforced.
Over the past year, the attacks have included QSure; and Debt-IN, to name but a few. The Insurance Crime Bureau has found that impersonation fraud increased by 337% in 2020, a statistic that is likely to increase over the next year.
“Data breach volumes have gone up, as criminals gain access to tools that make exploitation easier,” says Collard. “It has become imperative for companies to build a security culture and to adequately protect the personal information and data they have control over.”
It has also become critical for people to make data protection a discipline in their own lives. The recent hacks of credit bureaus have put anyone at risk, potentially landing their information on the dark web and in the hands of people who will use it to rack up extensive debts in their name.
Consumers should regularly check their credit score and immediately report anything suspicious – this vigilance will ensure that they are ahead of the game if someone tries to infiltrate their identity and incur debt on their behalf.
“The same diligence should apply to employees within the organisation,” concludes Collard. “Ensure that there is constant security training so that users can identify threats and avoid making mistakes that can cost them and their company.”
Data, privacy and security are everybody’s problem. If a person uses the internet, purchases a car, accesses credit, gets into debt, sends an email or uses any kind of messaging service, they are at risk. As every one of these things is now a part of normal life, data security should join the list – check credit profiles, assess security risks and stay ahead of any vulnerabilities.