South Africa on Alert: Surge in cyberattacks highlights urgent need for cybersecurity

In the lead up to the elections, South Africa experienced a surge in cyberattacks. This is evidenced by recent breaches at the Government Pensions Administration Agency (GPAA), Companies and Intellectual Property Commission of South Africa (CIPC), and even the Electoral Commission of South Africa (IEC) itself. “These attacks, which may have compromised sensitive data like personal information or financial records, highlight the vulnerability of critical infrastructure and spotlight the urgent need for advanced threat prevention as the severity and frequency of attacks continue to escalate,” says Reabetswe Motsamai, Marketing and Communications Manager at MakwaIT Technologies.?

?“The risk not only applies to the public sector but the private sector too, with South African businesses said to be attacked over 1,000 times per week on average according to Check Point,” she points out. “Worse still, while 73% of organisations believe that a cybersecurity incident will disrupt their business in the next 12-24 months, only 7% are adequately equipped to navigate the evolving threat landscape.”?

Citing research from the 2024 Cisco Cybersecurity Readiness Index, Motsamai highlights that cyberattacks are becoming more sophisticated, widespread, and frequent - outpacing current business defences. “Security is paramount for organisations in today's digital landscape. With the increasing prevalence of cyber threats, data breaches, and other security risks, organisations must continuously evolve and strengthen their security measures. This means adding advanced solutions that provide comprehensive visibility, deep threat analysis, and rapid response capabilities.”?

Interpol warns of two of the most rapidly expanding threats affecting organisations on the continent: ransomware and business email compromise (BEC).??

Ransomware on the rise?

Last year, 78% of South African companies suffered ransomware attacks, with targets including Porsche and TransUnion. “These attacks, which were behind the recent breaches at the CIPC and GPAA, use malware to prevent businesses from accessing important information, ranging from individual files to entire databases, potentially causing leaks of sensitive data. To regain access, some companies are forced to pay ransoms,” explains Motsamai.?

Despite the dangers, she highlights that only 19% of organisations see ransomware as a threat in the next year. “With the average cost of a ransomware attack estimated at USD 5.13 million (over R93.7 million), can businesses afford to ignore it?"?

Some of the most common ways ransomware infiltrates an organisation include phishing emails, downloading infected file extensions or malicious attachments, and exploiting system and network vulnerabilities. Motsamai emphasises a multipronged approach to prevent ransomware damage, which includes training staff members to be more cybersecurity savvy (especially as most attacks start with a convincing phishing email sent to an employee’s inbox), implementing email and endpoint security for robust protection, and deploying advanced malware protection for comprehensive defence. Regularly backing up critical data to an external drive or cloud storage is equally crucial.”??

Beware AI-powered email fraud?

Referring to Mimecast’s 2024 State of Email & Collaboration Security report, she highlights a significant increase in BEC, a dangerous form of phishing, which has nearly doubled in the past year. “Unfortunately, 57% of South African companies have fallen victim to these attacks including the Passenger Rail Agency of South Africa (PRASA) which lost R 30.6 million as a result.”??

“BEC,” Motsamai cautions, “is swiftly becoming a major threat especially with advances in AI making attacks more sophisticated and difficult to detect. Scammers use the technology to impersonate legitimate contacts like contractors, suppliers, or senior management. They achieve this by either hacking into a real email account or by using an email address that closely matches the legitimate one. Their goal is to trick a company's payment team into making urgent payments or redirecting future payments to a new account.”?

She encourages vigilance when it comes to unexpected payment requests. “Always verify any unplanned or urgent instructions, or changes to account details, by contacting the sender using trusted contact information. Additionally, consider implementing email authentication tools and training AI to learn individual emailing behaviours and detect anomalies.”?

“Unfortunately, these and other threats will continue with their focus shifting from political agendas to financial crimes. The potential impact is vast, ranging from financial losses and reputational damage to fines for non-compliance with data protection laws and, in extreme cases, national disruption as in the 2021 Transnet cyberattack. However, by implementing advanced threat prevention strategies and fostering a culture of cybersecurity awareness, public and private organisations can reduce their risk,” Motsamai concludes.?