/ 12 October 2022

South Africans must up their game against cybercrime

Complex 'the Mask' Malware Found Behind Massive Cyber Attacks
In 2021, South Africa had the third-highest number of cybercrime victims worldwide and it cost the economy R2.2-billion a year.

South Africa needs a sustained national public awareness campaign to inform and mobilise the public against a growing pandemic of cybercrime.

Although much progress has been made in educating the public about the dangers of Covid-19, the same cannot be said for protecting citizens from falling victim to cybercrime. And unlike Covid-19, there is no “’herd immunity” against cyberattacks.

Under siege at all levels

Interpol data found that cybercrime cost the South African economy $573-million in 2016. An Accenture report five years later found that South Africa had the third-highest number of cybercrime victims worldwide, at a cost to the economy of R2.2-billion a year.

The African Cyberthreat Assessment Report 2021 further found that South Africa had the highest incidents of targeted ransomware and business email compromise attacks of any African country.

Mimecast data support the findings. The State of Email Security 2022 report found that more than three out of every four South African organisations are receiving an increased number of email-based threats, with two-thirds saying they’re bracing for the fallout from an email-borne attack.

Ransomware continues to plague public and private institutions. Sixty percent of local firms were hurt by a ransomware attack in the past year, up from less than half in 2020. The cost of such attacks can be devastating. A separate report in 2021 found that the average ransom payment by South African organisations was more than R3.2-million.

The past few years also saw several high-profile cyberattacks on private companies, including a hospital group and credit bureau, as well as public institutions and vital infrastructure, including the country’s justice system, ports and several government departments.

The matter received front-page attention after a hacker group threatened to release President Cyril Ramaphosa’s personal and private information publicly, proving that no person is safe from cybercrime.

Awareness, action needed

There is a broad effort underway to upgrade South Africa’s digital infrastructure and build greater resilience against cyberthreats. But there is also an urgent need to improve cyber awareness among the general population.

Nearly all successful cyberattacks worldwide are caused by some form of human error. At a personal level, clicking on an unsafe link or accidentally disclosing sensitive personal or financial information to a threat actor can lead to infected devices, being locked out of online accounts and, in severe cases, breaches of one’s online banking profile, which may lead to financial losses.

At a broader level, every person that falls victim to cybercrime is another potential threat to the security of the company they work for, their systems, their employees, customers, suppliers and partners.

In a recent report, more than eight out of 10 local organisations cited concern about risks caused by inadvertent data leaks by careless or negligent employees. Fewer than a third of local companies provide ongoing cyber awareness training to their employees.

Past campaigns offer hope

There are useful lessons to be learned from the country’s past experience with national awareness campaigns.

The recent Covid-19 awareness campaign encouraged safe hygiene and helped limit the damage wreaked by the pandemic. Through regular public discussions, advertising on all mainstream media outlets, a dedicated web portal, in-person information sessions and the support of public and private sector partners, the government was able to ensure most people were aware of the risks of Covid-19, measures to protect against its spread and best practices for staying safe.

In the 1980s and 1990s, the “Zap-it-in-the-Zibi-bin” anti-litter campaign was a bedrock of family holidays, with a catchy song, regular advertising in mainstream media, an eye-catching mascot and a clear call-to-action that could be understood by everyone, young and old.

An effective national cyber awareness campaign needs to go beyond simply “raising awareness” and give people actionable steps to improving their online security. Elements that should form part of such an effort include:

  • A dedicated web portal with up-to-date information about the latest cyber threats, tips for keeping safe, downloadable resources and contact details of relevant authorities in case of someone falling victim to an attack. The site should be zero-rated to ensure it is accessible to citizens from all income groups.
  • Regular advertising of cyber safety tips in radio and TV media in all official languages.
  • A national campaign teaching online safety through accessible and multilingual articles in popular print and online media titles.
  • Social media mobilisation with a dedicated campaign hashtag to marshal online communities around cyber safety.
  • Posters with online safety tips at schools, universities, colleges, clinics, train stations, taxi ranks and other places with high foot traffic.
  • Discussions with public and private sector partners to help amplify campaign messages through their platforms and truly make this a national effort.

Without adequate protection against cyber threats, any efforts at building a strong economy will be undermined. As the first and last lines of defence, the public can become the country’s greatest asset in the fight against cybercriminals. 

Moss Gondwe is the public sector director at Mimecast

The views expressed are those of the author and do not necessarily reflect the official policy or position of the Mail & Guardian.