“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.” - Stephane Nappo
Over the years we all have heard through media reports of cyber-attacks inflicted on South Af rican (SA) organisations. Incidents includes Cyber Attacks on City of Johannesburg, SA Banks and critical infrastructure like nuclear facilities, dam control facilities and water control facilities.
According to the 2019 Accenture Insight Into The Cyberthreat Landscape In South Af rica reports, the scale of cyber-attack in South Af rica is as follows:
a) Cybersecurity company Kaspersky has noted that malware attacks increased by 22 percent in the first quarter of 2019 compared to the first quarter of 2018, which translates to just under 577 attempted attacks per hour.
b) Android mobile phones were the second most targeted by banking malware, second only to those in Russia.
c) Credit cards remained the leading contributor to gross f raud losses in the country, accounting for 79.5 percent of all losses.
d) Banking application f raud increased by more than 100%.
Evidently, the research proves that more sophisticated ploys are created to hack people’s financial information and steal their identity to commit other crimes.
Why is SA vulnerable to cyber-attacks?
The current Covid-19 pandemic has aggravated cyber-attacks, as many businesses and government departments are adopting remote work practices. This approach is practical for social distancing and avoiding retrenchment and unemployment. However, remote work practices have widened the opportunities for hackers to penetrate organisations’ networks and computer systems through security breaches, malware, and unauthorized access.
For example, in the last few months, during this pandemic several of SA’s leading hospitals and health-care organisations have been targeted by a rising wave of ransomware attacks by cyber criminals (Naik:2021).
FRTC is of the view that SA is vulnerable to cyber-attacks because cyber criminals:
a) are confident that South African organisations have weak defensive mechanisms in comparison to first world counties like the United States and Germany,
b) believe that SA is a crime capital because offenders do not get caught and are not prosecuted,
c) know that many companies do not consider cyber security a necessity (hence there is a lack of investment in cyber security and skills training),
d) are aware that cybercrime legislation and law enforcement training are relatively new and not in its advance stages like developed countries, and
e) know that although investment in new technology is growing and many big businesses and government are using technological solutions to meet the business and social needs; most internet users do not have technical experience and knowledge to prevent cyber-attacks.
SA passed the Protection of Personal Information Act in 2013, which aims to protect private data held by government, businesses and individuals f rom security breaches, theft, and misuse; but key elements have yet to be enacted (Harrisberg: 2021)
Therefore, the lack of enforcement of Protection of Personal Information Act makes all types of business that uses digital technology even more vulnerable to cyber-attack f rom internal external sources over the internet, especially via emails.
The Mimecast Threat Center’s research report The State of Email Security 2020 in South Af rica indicated the following findings of a survey conducted with 1,025 global IT decision makers:
a) 34% do not monitor and protect against email-borne attacks or data leaks in internal emails,
b) 39% do not monitor and protect their organisation against email-borne attacks like malware and malicious links in outbound email,
c) 50% do not monitor and protect against data leaks or exfiltration in outbound email,
d) 33% do not have automated detection and removal of malicious or unwanted emails that have already landed in employees’ inboxes,
e) only 12 % offer training monthly,
f) only 13% are trained once per year, and
g) 2019 was a year in which a range of different cyber-hackers found success in attacking high-profile South Af rican targets, f rom ISPs to electricity providers.
Short Skill Programme on Cyber Security
Resilience against cyber security first starts with being empowered with the basic skills to identify the weakest technological security links and deal with them appropriately to defend the integrity of the organisation.
According to FRTC Director Bernadette Felix, ‘The digital age has exposed companies, and their customers, to many new risks. Therefore, we offer a short skill programme on cyber security that empowers you to deal with cyber-attacks.”
The online programme is developed to:
a) teach you how to defend your organisation’s systems and data against the growing threat of cyber-attacks,
b) introduce you to the key elements of cybersecurity management, f rom both a South Af rican and international perspective, and
c) guide you on how to make sound decisions to support your organisation in both thwarting attacks and responding appropriately to incidents.
Developing an information security culture prevents you f rom making the same mistake again and it prepares you to make cyberspace an environment where you can safely communicate, socialise, and perform in confidence.
FRTC offers an accredited skills program on Cyber Security. A person successfully completing this programme will have a deeper understanding of Cyber Security and Digital Crime Prevention. Program structure includes cyber security covers, introduction to cyber security, cyber safety, and crime prevention, identify and control risk. This is a two-month accredited skills program with 15 credits. Contact us to register and for more information.
“The five most efficient cyber defenders are: Anticipation, Education, Detection, Reaction and Resilience. Do remember: "Cybersecurity is much more than an IT topic.” Stephane Nappo
1. Accenture 2019 Insight Into The Cyberthreat Landscape In South Af rica (online) [Accessed on 27 December 2020]
2. Harrisberg, K. 9 January 2021 Government plans to record all babies’ biometrics raises privacy fears, City Press (online) [Accessed on 9 January 2021]
3. Mimecast 2020 The State of Email Security 2020 South Af rican Findings (online)
4. Naick, S. 9 January 2021 SA hospitals under further strain due to increase in cyber attacks, Saturday Star News (online) [Accessed on 9 January 2021]
5. Rooyen Van, N. 25 December 2020 Here’s what cyber hackers want for Christmas, Business Tech (online) [Accessed on 28 December 2020]
6. Smith, C. 2019, Major spike in SA cyber attacks, over 10 000 attempts a day - security company, News24 (online) [Accessed on 28 December 2020]