South Africa has third-highest number of cybercrime victims globally, report
Increasing reliance on the Internet and technology across multiple platforms has led not only to an expansion of communication options but also created a wealth of opportunities for cyber criminals. According to the latest Accenture report, the attack surface has grown tremendously and threat actors have targeted South African entities on all fronts in the past year.
According to Clive Brindley, Senior Manager within the Security Practice at Accenture in Africa, South Africa has experienced a cross-industry spike in cyberattacks in 2019, making it a country with the third-highest number of cybercrime victims worldwide. "Our research found that approximately R2.2 billion a year is lost to cyber-attacks," he says.
"Card-not-present (CNP) fraud on South African-issued credit cards remained the leading contributor to gross fraud losses in the country, accounting for 79.5% of all losses," states Brindley, adding that the country has seen an increase of more than 100% in mobile banking application fraud.
"In addition to these worrying general trends, 2019 was a year in which a range of different threat actors found success when attacking high-profile South African targets, from Internet service providers to electricity providers. Overall malware attacks increased by 22% which translated to 577 attempted attacks per hour," he adds.
Accenture suggests that threat actors perceive South African organisations and businesses as potentially having lower defensive barriers compared to those in more developed economies, and that they may face a lower chance of incurring consequences for their malicious activity.
"The increased focus on South Africa by cyber threat actors is due to interconnected factors such as lack of investment in cyber security, developing cybercrime legislation and law enforcement training, poor public knowledge of cyber threats – to mention a few," says Brindley. "Many developing economies consider cybersecurity a necessity but are not capable of investing sufficient funds as they battle to fight other social problems such as high crime rates, inequality and poverty, as well as high unemployment, and a shortage of skilled labour."
Businesses that are capable and willing to invest in cybersecurity face shortages of trained cybersecurity practitioners, which is hampering South Africa's ability to put measures in place to prevent and mitigate today's advanced threats. "South Africa has been slow to adopt legislation to tackle cybercrime, and the National Assembly finally adopted the Cyber Crimes Bill in January 2020," he says.
The report highlights Dark-Web related data sources and hardly noted any threat actors in South Africa between 2010 and 2014.
However, between 2014 and 2016, this activity picked up slightly; and, from 2016 onward there has been a much higher focus on South Africa among the criminal underground than in years prior. "These types of attacks include the use of ransomware, banking Trojans, BEC scams, and carding fraud. The differentiator is that South Africa is experiencing these threats in bulk for the first time. The threat is amplified as our population is inherently less aware of cyber threats than populations of some other nations," says Brindley.
The rapid uptake in recent years in the use of mobile financial services among South Africans leaves users vulnerable to banking trojans and banking malware.
Ransomware has increased in popularity and is widely available for sale across the criminal underground for as low as $100, making it accessible even to the most unskilled threat actors.
Advanced threat actor groups are targeting larger entities typically able to afford to pay higher ransoms.
Some threat actors may view South Africa as a testing ground for malware. Cybersecurity measures are not as robust in the country compared to other countries globally.
Accenture suggests that while making use of security and threat intelligence has previously been the reserve of large, well-funded organisations; it is increasingly becoming accessible and affordable to most businesses. Accenture's ninth annual report on "The Cost of Cybercrime," reported that security intelligence and threat sharing provide the greatest cost savings compared with levels of spending ($2.26 million). Security and threat intelligence are not only an important enabling technology for both discovery and investigation activities, but are valuable for understanding threats and better use resources against anticipated attacks.
"Counteracting internal threats is still one of the biggest challenges business leaders face today," says Brindley. "Increases in phishing, ransomware and malicious insider attacks mean that organisations need to place greater emphasis on nurturing a security-first culture that reinforces safe behaviours, both for people within an organisation and across entire business ecosystems."
According to Accenture, many organisations already have tools and solutions in place to help them with data compliance, but these tools are configured incorrectly making data compliance a challenge and data breaches more common.
However, having clear procedures in place including an incident-response capability, post-incident analysis, backed up data, anti-DDoS measures, and cloud access security brokers can help to overcome these challenges should a data breach occur.
