Last year we published a blog about South Africa having the third-most cybercrime victims in the world.

The stat came from a research report by iDefense, an Accenture security intelligence company, who calculated that cyber attack damage in South Africa amounted to R2.2 billion (!) in 2019/2020

A year on, South Africa is still an attractive target, and we’re keen to highlight the reasons why. In doing so it may help you plan your cyber defense strategy.

Reasons why South Africa struggles with cyber threats

The iDefense report shows there are a few interconnected reasons why SA is on a cyber security backfoot:

Poor investment in cyber security: SA’s high crime rates, unemployment, inequality and shortage of skilled labour means that many businesses don’t have the funds or resources to invest in cyber security. Those that do have the funds, can’t easily find staff who are trained in it.

Poor public knowledge of cyber threats: SA has the second-fastest internet and GDP in Africa and new tech startups are booming. However, iDefence analysts note that SA internet users are less experienced and cyber aware than in other countries, and are therefore more vulnerable to cyber threats.

Poor cybercrime legislation: South Africa has been slow to adopt cybercrime legislation. There have been delays in its enforcement, which has made the country a safe haven for illegal operations meanwhile. A lack of training to deal with cybercrimes has also meant that the SA Police Service has been out of its depths in dealing with it.

Poor awareness of shadow IT: iDefence analysts note that companies in SA have hugely underestimated their exposure to apps and infrastructure that operate without their IT departments even being aware of them. The use of personal devices on business networks are ideal entry points for ransomware and other threats.

Relatively recent discovery on the dark web: iDefence analysts notice that before 2014, SA was rarely mentioned on the dark web, but since 2016 it has come into sharper focus amongst this criminal underground.

As a result of these factors, cyber criminals expect South African companies to be a relatively easy target for their criminal activities, and they also believe they’re less likely to be caught by law enforcement.

Did you know

• Ransomware is cheaply available to unskilled cyber criminals and easily deployed.
• Phishing is still highly successful in SA, presumably due to low cyber security awareness.
• Mobile banking fraud is also highly successful, presumably because there’s been a rise in mobile banking uptake without a rise in cyber security awareness.

Four easy things you can do to lessen your chance of a cyber attack

1. Educate your team on cyber security via an email course. There are free courses available.
2. Install digital technologies to scan for threats and protect your computer/device network and automatically backup your data.
3. Move your operations to the cloud.
4. Become compliant with POPIA data privacy regulation. In doing so, you’ll be using best practices and meeting security standards for data protection.