THE INCREASING number of companies falling victim to cyber criminals through cyber and spear phishing scams in South Africa came under the spotlight at the 46th annual International Association of Financial Executives World Congress in Cape Town this week.

During a panel discussion, Kris Budnik, PwC director for cyber told local and international chief financial officers that fraud and extortion were a reality in cyber space.

Budnik said the increased scams were the latest indication of inadequate cyber security measures to avert cyber attacks.

He also called on companies to understand which cyber risks they were most vulnerable to and for them to prioritise these.

“There are a lot of South African companies that are paying ransoms to release information from hackers. The question is has your board understood the implications of the ransom?” he said.

Budnik said that the scams involved the dissemination of a “worm” via e-mail which once opened encrypted users machines and put sensitive information at risk.

He said when that happened the hackers then sent e-mails demanding a ransom to undo the damage.

“They (companies) have little choice but to pay. When they pay the ransom they are likely to be targets in the future. My advice is companies not to pay, but if they are not going to pay they should best be prepared,” he said.

Budnik charged that spear phishing scams cyber criminals sent out fake e-mails appearing to be from a chief financial officer to an employee with instructions to transfer money.

Nathan Desfontaines, Managing Director at CyberSec, who was also part of the discussion, said cyber criminals were no longer looking for complex ways to attack companies.

“They are looking for low hanging fruit including receptionists, he said.

Conchita Manbaat, the president of the Development Centre for Finance in the Philippines, said chief financial officers had to be prepared for the attacks.

“Chief financial officers have to control data which when breached can cause damage to the company. The amount of damage you cannot put value on is the reputational value of the company,” she said.

Original Post The Sunday Independent Newspaper