Over the past few decades, cyberattacks have become more complex and evolved to such an extent that it has become a "pandemic". Malware, phishing, ransomware, man-in-the-middle, and denial of service attacks have become common vernacular in an increasingly digital world that battles with a growing number of cyberthreats.
More recently these attacks have increased, partly due to the COVID-19 lockdown and "new" cyber risks as a result of the remote working of employees. According to a cyberthreat assessment report in late last year by the International Criminal Police Organisation, Interpol, the most prominent threats to South Africa are online scams, digital extortion, business email compromise, ransomware and botnets.
According to Accenture, South Africa has the third-highest number of victims worldwide at a cost of billions of rand. Mobile banking application fraud has more than doubled and is estimated to entail hundreds of malware attacks an hour. Gross fraud losses on cards issued in South Africa increased by more than 21% due to card not present fraud made via online transactions, telephone, or email and banking malware attacks.
This places South Africa behind only Russia. Since the first quarter of 2021, South Africa was the country the most heavily targeted by ransomware. Transnet and Transnet Port terminals were the target of a ransomware attack in July 2021, which crippled essential systems. This affected the functioning of the ports and damaged food security, the economy and so societal stability.
In September, the Department of Justice and Constitutional Development experienced a debilitating ransomware attack that blocked all their electronic systems through encryption, compromised 1200 personal files, and demanded payment of a huge some of money to restore functionality. The effect was severe and affected the running of courts, payment to maintenance beneficiaries and appointment of estate executors. Until this day many bereaved families needing to access funds from a deceased's banking account and executor appointments are about six months behind, and official correspondence still blames the functionality of the system on the ransomware.
The latest ransomware attack happened this month and involves TransUnion South Africa, the credit reporting agency. The hacker group, apparently called N4aughtysecTU, demanded R255 million as ransom for four terabytes of compromised data or 54 million personal records of South Africans, such as contact details, credit scores, banking details, identity numbers, email addresses and physical addresses. What is disconcerting is that the hackers claim that the user's password was "password", which would indicate a serious lack of cybersecurity governance by TransUnion and its board.
However, the unfortunate result is that the data of millions of people have been exposed to criminals. Absa had a major internal breach of personal data putting thousands of customers at risk. Although the incident happened in November 2020, Absa reported that only a small portion of South African customers were affected. However, 15 months later it became evident that a huge number of customers have been exposed in the data leak of identity numbers, contact details, physical address and transactional account numbers. This is a typical example of the unwillingness of companies to disclose the occurrence or full extent of cyberattacks due to possible brand damage.
The increase in cyberattacks and especially ransomware attacks clearly shows how vulnerable South Africa and organisations are to cybercriminals and ransomware attacks. This poses an immense threat to the economy, infrastructure and people. Despite the Cybercrimes Act enacted in 2021, it was recently reported to Parliament that "cyber capabilities are seriously lacking" in the SAPS and the Hawks, which means that as in many other instances, South Africans are on their own.
As we embrace the digital world, consumers will have to become more aware of their privacy and the increased risk of cybercrimes since the damage can be devastating. With almost everything interconnected, attacks will become more frequent and intense, and ransom demands will rise.
Interestingly, the danger is not always from an external source, but very often an internal source or trusted insiders such as employees or third parties who have access to the systems and data, as in the case of Absa.
Perhaps it is time that consumers who experienced the exposure of valuable personal data as in the case of the Justice Department, Absa and TransUnion consider class actions as elsewhere in the world, in particular where cybersecurity is known to be substandard.
Cyberattacks in South Africa will continue to increase since there is a "critical absence of cybersecurity protocol, cyber resilience as well as mitigation and prevention measures for individuals and businesses" in Africa and South Africa, according to the October 2021 Interpol report.
Organisations will have to keep up with important new trends and implement rigorous cybersecurity measures to protect their data and systems. Employees will have to be made aware of the risks and should be educated on basic security measures in order to protect themselves and the organisation.
Unfortunately, many companies and government institutions do not have a clear cyber assurance programme, strategy, or governance in place. Until companies and government ensure that cybersecurity is properly managed, consumers will remain vulnerable and their personal data and money will never be totally safe.
Professor Louis CH Fourie is a technology strategist and an extraordinary Professor at UWC.