Industry Insights • 10 MIN READ
What Makes South Africa a Target for Cyber Crime, and What Actions Can Be Taken?
by Eleanor Barlow • May 2023
As per INTERPOL’s African Cyberthreat Assessment Report 2022, a total of 230 million cyber threats were detected in South Africa, out of which 219 million, or 95.21% were email-based attacks. What’s worse is that the nation is already suffering from an alarming 100% increase in mobile banking application fraud and is experiencing on average 577 malware attacks every hour.
But what are the loopholes in South Africa’s cybersecurity system, that bad actors are taking advantage of? We aim to cover just that in this blog.
There are 3 primary reasons that make South Africa particularly susceptible to cyber-crime.
1. Poor Investment in Cybersecurity Systems
Compared with other nations, South Africa has comparably weaker cyber defense systems in place. High poverty rate, inequality, low employment rate, shortage of skilled labor, and the struggle to keep up with the sophistication and number of cybercrimes are some reasons that count towards the nation’s struggle to combat online attacks.
Although there is a recognition for the need for more stringent cybersecurity systems, a shortage of funds and skilled tech workforce can often impede efforts.
2. Lack of Awareness
Not only is there a lack of training, but the rapid transition to remote work culture has increased exposure, giving a breeding ground for cyberattacks to take place both in and outside the office, and against both personal and business devices.
3. Antiquated Laws and Poor Law Enforcement Training
Hackers take advantage of the fact that cybercrime legislation and training for law enforcement are weak in developing countries. Although South Africa’s Cyber Crime Bill was adopted as law in 2021, it still lacks proper training for many cyber police.
“It has been acknowledged that South Africa is often a target for cyber-crime and is amongst the highest cyber-attack regions in the world. General opinion will tell you the lack of investment in cyber security has been, and remains, a problem which contributes to making South Africa an attractive place for cyber criminals. Another challenge, which is a problem worldwide, and even more prevalent in this region, is the availability of technical resources from a support and analytical perspective.” – Rob Griggs, Regional Managing Director, SecurityHQ, SA, and John Taylor, Regional Sales Director, SecurityHQ, SA.
Real-Life Examples of Cyberattacks in South Africa
In October 2021, hackers hit the City of Johannesburg with a network breach. As a precautionary step, key government e-services were halted. The hackers demanded a hefty ransom of 500,000 South African Rand, or USD 37,000.
Around the same time, a chain of DDoS attacks was launched against multiple banks in South Africa, including Standard Bank and ABSA. Hackers launched the attacks on payday, which significantly delayed pay checks. Much like in the attack against the City of Johannesburg, malicious actors again demanded ransom in Bitcoins.
In February 2022, a highly sophisticated ransomware attack was attempted against internet service provider RSAWEB. The company discovered the attack in time, and contained it, followed by restoring services to customers. RSAWEB claims that no customer data was accessed or exploited by threat actors. They were lucky, but many organisations throughout South Africa are targeted every day with ransomware attacks.
Click here to learn about: The Real Cost of a Ransomware Attack and How to Mitigate Ransom Threats.
How to Enhance Cybersecurity at Both Personal and Organizational Levels?
Threat actors are becoming more sophisticated with their techniques. As a result, new tools, vulnerabilities, and attack vectors surface daily, but following a few best practices can help avert cyberattacks.
- Access Only HTTPS Websites
HTTPS websites are secured. A padlock sign in the URL bar indicates that the connection between your web browser and the website server is encrypted. It protects you from eavesdroppers or hackers intending to intercept communication between your browser and website server.
- Keep your Software and Devices Updated
Updated and patched software and devices are fuelled with updated codes that are capable of combating newly discovered tactics and procedures. Do not overlook update notifications.
- Implement a Firewall
A firewall uses a set of updated rules to spot and block malicious traffic. Firewall is your first line of defense against malicious and anomalous activity. It is a crucial element that keeps out dangers, controls and monitors activity, accepts, rejects and drops access.
- Regular and High-Quality Backup
A regular and clean backup can mean a vital difference to securing your information in the event of a ransomware attack. Follow the 3-2-1 backup rule, whereby you make three copies of data, stored in different locations.
- Scan and Monitor
Daily scanning and monitoring for malware, vulnerabilities, and other issues are required. This is the only way to be aware of security issues targeting your data, people and processes.
- Invest in Email Authentication
Email authentication protocols add another level of security to your daily operations.
You can choose how recipients’ mailboxes should treat emails failing authentication checks by setting policies. Learn more about Email Security, here.
- Invest in TRI and Penetration Testing Services
SecurityHQ’s Threat & Risk Intelligence (TRI) service involves the analyses of data, to identify threat actors and vectors victimizing business. It maps your digital footprints with attack tactics to understand the surface exposure from a hacker’s point of view. View, monitor, prioritise and analyze all digital elements of your organisation, including Internet, applications, systems, cloud, and hardware. Harvest information from the Dark Web, Deep Web, and public domain for complete visibility.
Penetration testing involves simulating an attack on your network surface to identify security loopholes. Hunt for, and highlight, vulnerabilities in your network by emulating real-life external and internal attacks. Testing conducted in a controlled environment, without compromising routine business activities.
If you live or work in South Africa, and want to enhance your cyber security posture, reach out to a member of our team, or speak to one of the local team members, based in Johannesburg, for more information. Fill out this form, and our security experts will get back to you.