Cyberattacks are growing in South Africa
As use of technology, the Internet and smartphones grows in South Africa, so does the attack surface and the opportunity for cyber threat actors. In 2019, South Africa saw a cross-industry spike in cyberattacks. iDefense, an Accenture security intelligence company, identifies the reasons for these attacks and how businesses and consumers can defend against them.
How big is the problem?
The scale of the problem is significant—the country has the third-highest number of cybercrime victims worldwide, losing approximately R2.2 billion (US$147 million) a year to cyberattacks. This paper looks at some of the major incidents occurring in 2019, the emerging trends and insights, and the actions businesses can take.
- February 2019: A South African energy supplier suffers two security breaches in quick succession.
- July 2019: Ransomware infects a provider of pre-paid electric power leaving customers without access to power.
- September 2019: One of South Africa’s largest ISPs suffers a distributed denial of service (DDoS) attack lasting two days.
- October 2019: Several South African banks, as well as financial institutions in Singapore and Scandinavia, suffer DDoS attacks resulting in a loss of service.
Scale of the problem
South Africa experienced a cross-industry spike in cyber attacks in 2019. The following facts and figures, taken from a variety of sources over the past 12 months, indicate the scale of the problem:
Why is South Africa such an attractive target?
Threat actors may perceive South African organisations as potentially having lower defensive barriers than those more developed economies. They may also think they face a lower chance of incurring consequences for their malicious activity. That’s because there is low investment in cyber security and developing cybercrime legislation in South Africa. Threat actors are taking notice.
What can be done?
iDefense recommends a number of actions. These include making use of security and threat intelligence, protecting against internal threats and people-based attacks, and focussing on compliance—applying standards and best practices.
It’s time to get serious about defending your business and protecting your customers against cybercrime.