Employees' role vital in cybersecurity as attack on Shoprite showed
Check Point Software, a provider of cybersecurity solutions globally, on Friday reminded African organisations of the importance of cybersecurity training for employees, after the recent “data compromise” at supermarket chain Shoprite.
Shoprite said on June 10 it had become aware of a suspected data compromise which might affect some customers involved in money transfers to and within Eswatini and within Namibia and Zambia.
It said the data compromise included names and ID numbers, but no financial information.
Hacking group RansomHouse claimed responsibility for the attack, saying it took about 600GB of data. The group claimed a lack of cybersecurity practices by Shoprite employees was easy to exploit, with many keeping large amounts of personal data in unprotected plain text.
Check Point said with employees being the first line of defence in security and prevention, this was an important reminder of the need to implement regular cybersecurity training, as well as clear procedures and policies for data storage.
Check Point said in response to the attack, Shoprite was quick to implement additional security measures, including amending authentication processes and detection strategies, and locking down affected areas of the network.
“While these measures are good, they still reflect another concerning reality,” said Check Point’s Africa regional director Pankaj Bhula.
He said many local businesses were still one step behind cybercriminals, following a detect and respond approach rather than a prevent-first one.
“Prevent-first is critical to protect against today’s sophisticated Gen V attacks [fifth generation cyberattacks].”
Check Point said ransomware attacks were rife, and increasing, across the African continent.
In the first quarter of 2022, Check Point Research had noted a 23% increase in ransomware attacks compared to 2021 — with one out of 44 organisations now affected weekly, on average. This is compared to one out of 53 organisations affected globally.
The company said ransomware attacks were becoming the most lucrative type of cybercrime, enabling criminal gangs to rake in huge profits.
In the last few months alone, these attacks had disrupted large organisations in SA from Dis-Chem to Capitec and Transnet.
Check Point said to bolster defences against ransomware, organisations must have a robust, secure data backup solution in place.
They needed to provide frequent cybersecurity awareness training to all employees, especially around phishing attacks and enforce a strong password policy, requiring the use of multi-factor authentication.
They also needed to keep computers up to date and apply security patches, especially those labelled as critical.
Would you like to comment on this article? Register (it’s quick and free) or sign in now.
Please read our Comment Policy before commenting.