South Africa ranks fifth on the list of countries most affected by cybercrime.
More troubling, say experts, is that many incidents go unreported out of fear of reputational damage or lack of confidence in law enforcement, so the true scale and impact of cybercrime is likely even higher.
From ransomware attacks crippling essential services to data breaches affecting businesses and identity theft that targets unsuspecting individuals, the growing importance of cybersecurity cannot be overstated. In an increasingly digital world, experts say the question is not whether individuals or organisations will fall victim to online crimes, but rather when they will be affected.
The landscape of cyber threats has become more sophisticated and pervasive, affecting individuals, businesses and even nations. In an era defined by the rapid evolution of technology, Cybersecurity Awareness Month holds more significance than ever before. Observed every October, this annual event serves as a timely reminder of the critical need for the fortification of digital defences against the ever growing arsenal of cyber threats. These attacks not only disrupt daily life but also have far-reaching consequences that include financial loss, reputational damage and even threats to national security.
Three most common types of cybercrime in SA
Phishing scams, ransomware attacks and identity theft are the three most common types of cybercrime in South Africa. During phishing scams, criminals disguise themselves as trustworthy entities like financial institutions in an attempt to obtain sensitive information like usernames, passwords and credit card details. This can be done via email or other communication channels.
Ransomware attacks involve encrypting data on a computer system or network and demanding payment for its release. Government organisations, smart cities and even healthcare companies have found themselves targets of these attacks, putting thousands of clients’ information at risk and significantly impacting service delivery.
The ransomware attacks on Transnet and Transnet Port terminals in July 2021 affected the functioning of the ports, damaging food security, the economy and societal stability. In September of the same year, the Department of Justice fell victim to a similar attack that locked all their electronic systems and compromised thousands of personal files.
Not the exception, but the norm
These incidents, however, are not the exception; experts suggest instead that they might be the norm. Earlier this year, the Council for Scientific and Industrial Research (CSIR) said that cybercrime costs the economy an estimated R2.2 billion annually, adding that more than half of South African firms had been impacted by ransomware attacks in the past year. This situation is exacerbated by a dire skills shortage in the sector, with cyber security consistently ranking among the top five most in-demand fields in IT and technology.
A pervasive socio-technical problem
As more aspects of life move into the digital sphere, the attack surface for cybercriminals widens and the chances of falling victim to online crimes increase exponentially. The South African Banking Risk Information Centre (SABRIC) emphasises that cybercrime is a pervasive socio-technical problem that is increasing at an alarming rate. It will eventually replace many “traditional” bank crimes “as it transcends time and physical proximity due to its virtual nature”.
In addition, the organisation says that the convenience and anonymity of the internet make it easy for criminals to perpetrate these crimes, which include unauthorised access to devices, identity theft and online bank information theft. Even more concerning, according to SABRIC, is the potential to infiltrate networks, resulting in mass data breaches.
According to IBM’s Cost of Data Breach Report 2023, the global average cost of a data breach was $4.45 billion (around R85 billion) — a 15% increase over three years — with 82% of breaches involving data stored in the cloud.
One of the biggest risks for business survival
International law enforcement organisation Interpol estimates that 90% of African businesses lack the necessary cybersecurity protocols to safeguard themselves and their clients from financial losses and reputational damages. By these standards, cybercrime is one of the biggest — and fastest growing — risks to business survival for South Africa’s SMME sector.
As cybercriminals grow more sophisticated, South Africa needs a coordinated response and a collaborative effort. Cybersecurity Awareness Month serves as a reminder that safeguarding digital frontiers is a collective responsibility. Through education, awareness and the adoption of cutting-edge technologies, these defences can be fortified to pave the way to a secure digital future; a future where technology serves as an enabler of progress and not a source of vulnerability.