SA Ranks World’s Third Highest Cybercrime Victims
While technological introduces greater variety and convenience into our lives, it also opens more and more avenues for people to be targeted by cyber criminals.
According to Professor Sebastiaan von Solmes, Director of the Centre for Cyber Security at the University of Johannesburg, no one is immune from cybercrime. “Every individual and every company is a potential victim,” he says. Typically, cybercriminals target the end user, because they represent the easiest point at which to hack into a company’s systems. “Cybercrime is an international problem, rated by the World Economic Forum’s 2015 Global Risk Report as the fifth highest risk on a likelihood/impact scale,” Von Solmes informs.
Cyber crime in SA
How does South Africa compare to the rest of the world when it comes to cybercrime statistics? “It’s difficult to say, as it is not compulsory to report cybercrime in South Africa,” Von Solmes says.
According to the 2013 Norton Report, South Africa has the third highest number of cybercrime victims worldwide. The data was exposed through a presentation made at the 2015 Security Summit, held in Johannesburg in May 2015, where it was revealed that, during a six-week period leading up to the Summit, South Africa suffered more cybercrime attacks than any other country in Africa.
What’s more, according to an article by Chad Fichardt, titled ‘Just How Big a threat is Cybercrime to SA’ and published on BDLive in June, “ South Africa is starting to feel the heat from attackers across the globe.” The consequences of these attacks are far-reaching and significant as R2.2bn is lost every year to internet fraud and phishing attacks according to the South African Banking Risk Information Centre (SABRIC).
Equally concerning is the fact that Antonio Forzieri, Cyber Security Practise Lead: EMEA at Symantic, is quoted in the article as saying that “one in 214 emails sent in South Africa during 2014 was a spear-fishing attack.” Rudi Steenkamp, Head of IT at Strate, and Dale Connock, the organisation’s Head of Risk, point out that South Africa is not alone in facing the threat of cyber criminals. Moreover, the country is not targeted as frequently or aggressively as other nations. “Of course, that’s not to say that we are not at risk,” they acknowledge. “We all need to be prepared to face this ever-present threat.”
What’s being done?
Government is currently waiting for approval for the Cybercrimes and Cyber Security Bill. The advantage of the Bill, writes Mongezi Tshongweni, an Executive for Legal and Regulatory Affairs at Internet Solutions on BDLive.com, is that it will “bring South Africa in line with international laws dealing with cybercrime”.
“At present, South Africa has no legislation that addresses cybercrime, whether to describe what constitutes a cybercrime, to stipulate how to enforce the law governing cybercrime or to determine appropriate correctional sentencing for those convicted of offences,” Tshongweni observes. The Bill addresses this by creating a number of structures to deal with threats. These bodies will fall under the auspices of the departments of finance, telecommunications and defence, state security, and defence. Also included in the Bill are definitions of offences and details of the penalties to be imposed on cyber criminals.
While cybercrime is on the government’s agenda, individuals and organisations also need to protect themselves by promoting awareness amongst all users. Von Solmes, Steenkamp and Connock agree collaboration is key. “Effective protection against cybercrime can only be achieved through co-operation and education,” say the Strate team. And Von Solmes concurs: “The latest approach to cybercrime sees everyone in a company, from the board of directors to secretaries and cleaners, getting involved,” he says.
Computer security incident response teams need to be implemented, to watch and warn one another of threats and activities says Von Solmes, Steenkamp and Connock. “We believe that it is imperative that we all make it as difficult as possible for criminal elements (regardless of their motive) to gain access to any part of our environment, and to achieve this collaboration is imperative. Skills shortages and naivety on the part of the general workforce (those not directly involved in cyber security) leaves us all exposed to easy access.”
They point to phishing as an example of how being ignorant of cyber threats can have a massive impact on an organisation. “The onus rests on those who have technological knowledge to educate those who don’t.”
Until industries mobilise and present a unified front against cyber criminals, there are several practical steps organisations and individuals can take to protect themselves.
Criminals will almost always look for the easiest way in. “After a quick initial scan of boundary defences to determine their strength, criminals are more likely to attack the human element. This gives them authenticated and undetected access to systems,” Steenkamp and Connock warn. These attacks become more sophisticated all the time.
The solution? Go back to basics, Von Solmes advises. “Simply by making end users aware of the risks inherent in cyberspace, and teaching them the fundamental rules that make financial and social media transactions safer, cybercrime can be reduced,” he concludes.