Despite recent legislative efforts to combat cybercrime, South Africa still seems severely underprepared to fend off online criminals.
Even after the recent wave of cyber attacks that targeted businesses and citizens alike in the country, the authorities do not seem to posses adequate resources to effectively fight off similar incidents in the future.
Is SA Doing Enough to Battle Hackers?
Just last Spring, State Security Minister D. Mahlobo appeared confident that South Africa was finally on the right track in terms of increasing its cybersecurity defence mechanisms.
The Minister stated that although online technological developments have propelled economy and growth forward, they also carry with them risks, as hackers identify vulnerable victims.
During the summer, the Cybercrime and Cybersecurity Bill that has been in the works for a couple of years was pushed forward and into public consultation, with a view of swiftly passing in and incorporating into our legislation the tools necessary to efficiently address cybersecurity incident.
Then, it happened again – and worse than ever before. In October, what appears to be the single largest personal data breach in SA history was uncovered.
Hackers have managed to gain access and leak 13-digit-long personal identity numbers and other personal information material pertaining to roughly 30 million SA citizens.
Information like their income range, addresses, race profile, and employment was among the 27 gigabytes of sensitive personal data that was dumped online, surpassing the previously largest breach of over 6 million accounts with more than 1.5 million unique email credentials that were hacked from the website of Ster-Kinekor in 2016.
SA Lacks Trained Cybersecurity Personnel
As cyber attacks continue, they employ more and more sophisticated methods, techniques and practices, besides online fraud and identity theft.
Malicious bots are often employed not only in launching DDoS attacks, but also in attacks that target businesses more specifically, such as web scraping.
During this process, malicious bots can be used to copy and replicate entire website content, including copyrighted material, or to access pricing information on competitor websites and thus undercut prices and see an increase in sales, a method that is widely used against e-commerce websites.
Most recently, another type of security flaw, dubbed “Krack”, was detected in the WPA or WPA2 protocol employed by every Wi-Fi network since 2003, which renders them vulnerable to hackers.
An unprecedented number of ransomware attacks were deployed last year, with WannaCry – a malicious software that would lock data and demand a ransom of $300 (R3,914) to decrypt it – standing out in terms of notoriety and counting South African companies among its victims, which include multinational companies like FedEx and public infrastructure like the British National Health Service.
Yet SA seems to not have enough manpower to fight off similar attacks, as companies struggle to find trained experts or budget in expenses that they can dedicate to cybersecurity, according to Professor von Solms, who serves as the Director for the University of Johannesburg Centre for Cyber Security.
Businesses seem to be very ill-prepared regarding cybercriminals, and government still lacks the infrastructure to combat online attacks effectively, the implementation of the Cybersecurity bill still pending. With hacker activity being on the rise for a while now, it seems that disaster is just waiting to happen – and only then will SA authorities and enterprises finally hear the wakeup call for more and better cybersecurity.