The landscape of cybersecurity is shifting alarmingly, with a recent report from Kaspersky indicating that South African organisations experienced an average of 19 cyber incidents in the past year.
At the 25th Cyber Security Summit South Africa, held in Johannesburg last week, Kaspersky shared insights into the increasingly sophisticated threats that businesses face and the necessary responses to mitigate risks.
Globally, Kaspersky detected an astonishing 467,000 malicious files each day in 2024—a 14% increase from the previous year. In South Africa alone, a staggering 34.2% of users reported encountering web-borne threats.
The financial sector, in particular, is under siege; banking and financial malware saw a surge of 34% compared to 2023, intensifying the challenges for both institutions and consumers.
A worrying trend is the rise in password stealer detections, which increased by 14%. This escalation raises the spectre of identity theft and data breaches, with exploit attacks soaring by 55% and backdoor vulnerabilities leaping by 42%.
These statistics underscore a dramatic shift in the modus operandi of cybercriminals, who are increasingly focused on maintaining persistent access to compromised systems.
Kaspersky experts have also highlighted the evolving nature of the crimeware ecosystem.
Attackers are adopting a “multi-platform” approach, adapting their strategies based on global trends. Notable is the expansion of the Grandoreiro banking trojan, originally from Latin America, now targeting over 1,700 financial institutions and 276 cryptocurrency wallets across 45 countries—including several in Africa, from South Africa to Nigeria and Mozambique.
The rise of AI in cybercrime is particularly concerning. Cyber attackers are utilising AI to drive phishing scams, automate malware development, and launch more sophisticated attacks.
Coupled with the increasing adoption of cloud-based services, the security risks associated with misconfigurations and data breaches are growing exponentially. Meanwhile, social engineering techniques continue to exploit human vulnerabilities, positioning human error as a significant cybersecurity risk.
In light of these mounting threats, Kaspersky has urged businesses to adopt a proactive cybersecurity approach. This strategy should encompass gathering targeted threat intelligence relevant to their industry and operational geography, alongside implementing advanced security solutions like Kaspersky Next, tailored to the specific demands of their IT infrastructure.
- Employee training is imperative, as a significant number of cyberattacks manipulate human error.
- Conducting regular threat assessments and penetration testing can help identify vulnerabilities before they are exploited.
Global Security Solutions Expert at Kaspersky, Dmitry Berezin, said with the rise of AI-assisted cybercrime and increasingly targeted attacks on businesses, decision-makers should have a comprehensive security strategy that combines robust cybersecurity solutions for IT assets, employee education, and acquiring threat intelligence.
"By integrating intelligence-driven security measures, companies can better protect their assets, customers, and reputation in an increasingly hostile digital landscape," Berezin said.
IOL