OVER the past few decades, cyberattacks have become more complex and evolved to such an extent that it has become a “pandemic.”
Malware, phishing, ransomware, man-in-the-middle, and denial of service attacks have become common vernacular in an increasingly digital world that battles with a growing number of cyberthreats. More recently these attacks have increased, partly due to the Covid-19 lockdown and “new” cyber risks as a result of the remote working of employees.
According to a Cyberthreat Assessment report in late 2021 by the International Criminal Police Organisation (Interpol), the most prominent threats to South Africa are online scams, digital extortion, business e-mail compromise, ransomware and botnets.
According to Accenture, South Africa has the third highest number of victims worldwide at a cost of billions of rand. Mobile banking application fraud has more than doubled and is estimated to entail hundreds of malware attacks per hour. Gross fraud losses on cards issued in South Africa increased by more than 21 percent due to card-not-present (CNP) fraud (fraud made via online transactions, telephone, or email) and banking malware attacks. This places South Africa behind only Russia.
Since the first quarter of 2021 South Africa was the country that was the most heavily targeted by ransomware. Transnet and Transnet Port terminals were the target of a ransomware attack in July 2021, which crippled essential systems. This impacted the functioning of the ports of South Africa and damaged food security, the economy and therefore societal instability.
In September 2021 the Department of Justice and Constitutional Development experienced a debilitating ransomware attack that blocked all their electronic systems through encryption, compromised 1 200 personal files, and demanded payment of a huge some of money to restore functionality. The effect was huge and affected the running of courts, payment to maintenance beneficiaries, appointment of estate executors. Until this day, with many bereaved families in need to access funds from the deceased’s banking account and executor appointments about six months behind, official correspondence still blames the functionality of the system due to the ransomware.
The latest ransomware attack that happened in March 2022, involves TransUnion South Africa, the credit reporting agency. The hacker group, apparently called N4aughtysecTU, demanded a ransom of R255 million for four terabytes of compromised data or 54 million personal records of South Africans such as contact details, credit scores, banking details, identity numbers, email addresses, and physical addresses. What is disconcerting is that the hackers claim that the user’s password was “password,” which would indicate a serious lack of cybersecurity governance by TransUnion and its board. However, the unfortunate result is that the data of millions of people have been exposed to criminals.
Absa had a major internal breach of personal data putting thousands of customers at risk. Although the incident happened in November 2020, Absa only reported that a small portion of South African customers were affected. However, 15 months later it became evident that a huge number of customers have been exposed in the data leak of identity numbers, contact details, physical address, and transactional account numbers. This is a typical example of the unwillingness of companies to disclose the occurrence or full extent of cyberattacks due to possible brand damage.
The increase in cyberattacks and especially ransomware attacks, clearly show how vulnerable South Africa and organisations are to cybercriminals and ransomware attacks. This poses an immense threat to the economy, infrastructure and people. Despite the Cybercrimes Act, enacted in 2021, it was recently reported to Parliament that “cyber capabilities are seriously lacking” in the South African Police Service and the Hawks, which means that as in many other instances, South Africans are on their own.
As we embrace the digital world, consumers will have to become more aware of their privacy and the increased risk of cybercrimes since the damage can be devastating. With almost everything interconnected, attacks will become more frequent and intense, and ransom demands will rise. Interestingly, the danger is not always from an external source, but very often an internal source or trusted insiders such as employees or third parties who have access to the systems and data as in the case of ABSA. Perhaps it is time that consumers, who experienced the exposure of valuable personal data as in the case of the Justice Department, ABSA and TransUnion, consider class actions as elsewhere in the world, in particular where cybersecurity is known to be sub-standard.
Cyberattacks in South Africa will continue to increase since there is a “critical absence of cybersecurity protocol, cyber-resilience as well as mitigation and prevention measures for individuals and businesses” in Africa and South Africa, according to the October 2021 Interpol report.
Organisations will have to keep up with important new trends and implement rigorous cyber security measures to protect their data and systems. Employees will have to be made aware of the risks and should be educated on basic security measures in order to protect themselves and the organisation.
Unfortunately, many companies and government institutions do not have a clear cyber assurance programme, strategy, or governance in place. Until companies and government ensure that cybersecurity is properly managed, consumers will remain vulnerable and their personal data and money will never be totally safe.
Professor Louis C H Fourie Extraordinary Professor University of the Western Cape.
*The views expressed here are not necessarily those of IOL or of title sites.
BUSINESS REPORT ONLINE