Though most South African banks and fast food chains were affected by a variant of the Dexter malware last year, many are still not ready for the next cyber crime: here’s how to prepare​
Last year, Payments Association of South Africa (PASA) revealed and confirmed that most of South Africa’s banks were affected by a variant of the Dexter malware.
Various media reports were published detailing how a syndicate could have possibly loaded software with the intention to damage computers onto a server at fast food outlets (mostly KFC and Famous Brands outlets), before it captured data stored on the magnetic strip of a bank card. The software is said to have been installed on Point-Of-Sale (POS) devices.
In an interview with Bloomberg, the Chief Executive Officer of PASA said that the syndicate “then either produced its own fraudulent cards or sold the compromised data to a third party.â€
Not only was card data stolen but losses ran into the tens of millions of rands for the banks.
Although there are several measures and tools that can be used to protect against the technical threat and installation of malware, the main question is how does a company protect itself?
Cyber risk managers often analyze cyber vulnerabilities by only looking at one specific technology and not addressing how the risk might emerge from the interaction of those technologies, resulting in a much larger risk.
Cyber risk and its financial impact
As illustrated by the incident involving South African fast food outlets and banks above, cyber crime is the most commonly known risk associated with cyber security. Other risks exist and also heavily damage companies’ financial health, namely:
- Loss of and damage to digital assets
- Data breaches that result in leaking of intellectual property and trade secrets
- Online and social media exposure (in the bad way)
Take a data breach as an example: Apart from intellectual property and and trade secrets being leaked, there are also financial costs associated with:
