With online shopping comes the risk of scams, and with Black Friday and other key shopping periods occurring towards the end of the year, shoppers and vendors are at a higher risk of a cyberattack than usual.
In a 2024 media briefing by the South African Council for Scientific and Industrial Research (CSIR), cybercrime was found to cost businesses an average of R50m per security breach.
You may not know how to recognise a cyber threat or how to respond to one, making your business vulnerable to cybercriminals.
In this guide, discover how a range of industries are impacted by cyberattacks and what you can do to safeguard your business against cybercrime, especially with the festive season around the corner.
Industries most affected by cyberattacks
Cyberattacks impact the operations and cash flow of a range of industries in different ways. For example:
- In the manufacturing industry, a cyberattack can disrupt production.
- When a logistics company’s tracking system is compromised, it can cause shipment delays and a loss of critical data.
- The information and communications technology (ICT) industry, which manages large volumes of sensitive client data, such as personal information and financial records, is a major target for hackers. Besides the legal costs through unauthorised sharing of sensitive information, there is also the risk of irreversible reputation damage; though felt differently, both of these ultimately affect a business’s cash flow.
A 2023 analysis by Kaspersky’s Industrial Control Systems Cyber Emergency Response Team (ICS CERT) of cybersecurity trends for Operational Technology (OT) found that the industries most affected by attacks in Africa were:
- The automation of buildings sector
- The energy sector
- The engineering and ICS integration sector
- The oil and gas sector
- The manufacturing sector
Four most common types of cyberattacks
Common cybersecurity threats affecting small and medium businesses in South Africa include phishing, malware, ransomware and data breaches, according to ESET Southern Africa. Here are four of the most common cyber threats to look out for:
Malware
Cyber attackers use harmful software such as spyware, viruses, ransomware and worms – collectively known as malware – to access your system’s data. When you click on a malicious attachment or link, the malware can install itself and become active on your device.
Phishing
Phishing attacks rely on communication methods like email to convince you to open the message and follow the instructions inside. If you follow the instructions, they gain access to personal data, such as credit card information, and can install malware on your device.
Backdoor Trojan
A ‘Backdoor Trojan’ attack is a malicious programme that deceptively installs malware or data onto your computer system and opens what’s referred to as a ‘backdoor’. When attackers gain access through the backdoor, they can hijack the device without the user being aware.
Ransomware
Ransomware is malicious software that cyber criminals can install on your device, allowing them to block your access until you pay the attackers a ransom. However, paying the ransom doesn’t guarantee the removal of the software. It’s better not to pay the ransom if possible.
There are several ways to protect your business against the risk of cybercrime.
Tips to safeguard your business against cybercrime
Update your software
When you update your software, it fixes problems and makes it safer to use by removing any weak spots that could be exploited by hackers.
Install a system firewall
A system firewall can help prevent various attacks, such as ‘Backdoor Trojans’ and denial-of-service (DoS) attacks. A DoS attack is a malicious attempt to disrupt or shut down the normal functioning of a server by overwhelming it with a flood of illegitimate requests that trigger a crash. The attack slows down the server making it unresponsive, and in some cases inaccessible to legitimate users. A system firewall helps protect a server by acting as a barrier between the server and incoming traffic.
Back up your data
When you back up your data, you move it to a different, secure location for storage. You can transfer data to the cloud or a physical device like a hard drive.
Encrypt your data
Install a reliable and user-friendly encryption software like Veracrypt, BitLocker or NordLocker. Once you’ve installed the software, you will be prompted to generate a strong encryption password, which you can use to encrypt your files, disks or databases.
Use strong passwords
Using strong passwords can prevent attacks. Avoid using the same passwords for different accounts and systems, as this increases the risk of attackers gaining access to all your information.
Train your staff
Investing in cybersecurity training can equip your employees with the knowledge to respond to cyber attacks and help prevent them. The Cyber Security Institute (CSI) offers hands-on, industry-specific short courses that can provide your team with a solid foundation in cybersecurity.
Use a secure payment gateway
Payment gateways play a critical role in securely processing transactions and protecting customers’ data. Key features of a safe payment gateway include encryption and tokenisation. Tokenisation is a security technique used to protect sensitive data by replacing it with unique identification symbols, or 'tokens', that retain essential information without compromising its security.
Some payment gateways have advanced fraud detection tools that analyse transactions for suspicious activity. Ensure the payment gateway you choose for your business is 3D Secure. Peach Payments, a partner to Lula, is a secure payment gateway.
One reason many small businesses are vulnerable to attack is because they lack the funding to invest in a robust cybersecurity solution.
Our funding solutions like our Revolving Capital Facility and Capital Advance are easier and quicker for small and medium-size businesses to secure than traditional bank loans. To find out if you qualify for up to R5m in funding that you can access within as little as 24 hours, start the easy online application process now.
