In recent years, South Africa has become a hotspot for cyberattacks. We have seen cyber threats ranging from phishing to ransomware, data breaches, identity theft and compromised credentials.
By Akhona Stofile – CSIR
According to the Sophos 2023 Report, 78% of South African enterprises reported a ransomware attack in the previous year (ie 2022), up from 51%. Cyberattack vectors that exploit existing vulnerabilities were the main cause of 49% reported attacks, with compromised credentials coming in second at 24%. Lack of data encryption, involving unauthorised access or exposure of sensitive information, was also a major concern in 89% of attacks. Individuals and organisations alike may suffer serious consequences because of such breaches.
Challenges and threats
Some of the most recent challenges and threats the country has faced include the fast digital transformation since Covid-19. While digital transformation has numerous advantages, it also exposes organisations to new dangers if security measures are not implemented correctly. Cybercriminals or attackers target organisations as well as individuals. They target individuals mainly because the public lacks the technological know-how and awareness required to engage with technological devices safely and securely.
Mobile banking application fraud: Mobile banking application fraud has increased in South Africa. Individuals may suffer financial losses because of this form of fraud, which undermines trust in digital banking systems. Additionally, there have been quite a few cyberattacks on the local front recently, including credit bureaus, healthcare and retail groups, and several government departments, with highly organised phishing and distributed denial-of-service (DDoS) attacks in South Africa.
According to Kaspersky, in the first quarter of 2023 phishing attacks increased by 7%, as compared to the same period in 2022. Phishing attacks are often used by cybercriminals as a launchpad for more deadly ransomware attacks. These attacks can be dangerous for users who are not tech-savvy or have low cybersecurity awareness. This has raised the need to make cybersecurity training and awareness mandatory for all citizens. For example, it is easy for untrained or ignorant users to receive a malicious email with a phishing link or malicious attachment and then click on the link or open a malicious attachment.
Business email compromise is one of the most financially damaging cybercrimes and it can be used to initiate a lot of cyberattacks that requires an ignorant user to click a link and get malicious payload to execute and start spying and stealing user credentials, installing ransomware and infecting all devices. In the worst case, the attackers would distribute ransomware, encrypt everything and then use that to extort the organisation through business email compromises.
Successes and innovations
Increased cybersecurity awareness and adoption of cybersecurity solutions: Organisations’ knowledge of cyberattacks improved because of this adaptation, although this improvement is ongoing because cybercriminals always come up with new ways to exploit security flaws. Cybersecurity professionals are also crucial in advising businesses and citizens on cybersecurity best practices.
Cybersecurity Hub: The creation of the national Computer Security Incident Response Team (CSIRT), also known as the Cybersecurity Hub, is an important initiative. The hub is in charge of coordinating cybersecurity or cyberattack information or response to cyber incidents, offering assistance for cyber incidents and putting together a national cybersecurity awareness campaign.
The adoption of 4IR technologies: The 4IR technologies have brought significant innovations and improvements to South Africa’s cybersecurity landscape, such as leveraging big data for cyber threat hunting. The vast amount of data generated in the digital world can be harnessed for threat hunting purposes by analysing large datasets, with the use of artificial intelligence and machine learning (AI/ML) to assist cybersecurity professionals in identifying hidden patterns and potential threats that might be missed by traditional methods.
The South African government has initiated measures such as the National Cybersecurity Policy Framework Policy, POPI and the Cybercrimes Act to tackle cyberattacks and data breaches. These legislative instruments establish institutions such as the CSIRT. However, there is still a lot of room for improvement, for example when it comes to the issues of interoperability and sharing knowledge in the cybersecurity context.
Conclusion:
Despite its success and innovations, South Africa still has a long way to go in the subject of cybersecurity. To address critical threats and provide a secure digital environment for individuals and organisations, the country must continue to invest in cybersecurity infrastructure, education, awareness and digital transformation adoption. The issue of cybersecurity skills shortage is also adding to the challenges the country is facing. There are just not enough people with cybersecurity skills. Therefore, the current level of cybersecurity in South Africa is characterised by both challenges and successes. Ransomware attacks, phishing attempts, infections with malware, data breaches and compromised credentials are all on the rise in the country. These challenges have been amplified by the rapid growth of digital transformation occurring across numerous industries which was mainly pushed by the Covid-19 pandemic. Mobile banking app fraud and organised cyberattacks on important industries such as healthcare and government have also posed significant challenges.
Aside from these challenges, there have been notable successes and inventions. Increased cybersecurity awareness, improved collaboration with other states on cybersecurity and/or cybercrime, the formation of CSIRT and the deployment of 4IR technology are all favourable developments. These achievements demonstrate the country’s dedication to resolving cybersecurity problems and reacting to the growing threat landscape.
