Cybercrime is an issue that has plagued South Africa for many years, with the scale increasing significantly during the Covid-19 pandemic. The cyber exposure index ranks South Africa sixth on the list of most-targeted countries for cyberattacks. An Accenture report found South Africa had the third-highest number of cybercrime victims last year, despite ranking 25th in terms of population size.
This is despite advances in legislation and regulation, and millions of rands spent to secure IT services and the personal information of customers.
Such vulnerability to cybercrime presents financial risks and challenges for the continent’s most advanced economy, especially at a time when every rand generated is desperately needed. Indeed, in 2015 already the World Economic Forum estimated losses of R5.8-billion to the South African economy from cybercrimes, with the figure likely to be much higher today.
High-profile South African businesses are high-value targets for cybercriminals: last June, a cyberattack against the Life Healthcare Group drew the attention of the international press. Four months earlier, Nedbank had warned that the information of about 1.7-million clients had potentially been affected by a data breach. These two examples highlight the inadequacy of some of the country’s critical infrastructures. Recently, computer security firm Kaspersky said 10-million malware attacks had occurred since the beginning of the year, thus positioning South Africa as the second-most targeted country, just behind Kenya.
The antifraud firm Evina highlighted that, in July 2020, 31% of mobile subscription requests in the country were fraudulent, underlying a “massive mobile fraud problem”.
The scale of the challenge in South Africa requires a rethink of the solutions and infrastructures deployed to protect citizens and businesses against this increasingly potent economic threat.
Digital attacks call for digital solutions based on real-time data collection and analysis to detect potential phone fraud and suspicious electronic money transactions. Technology, applied toward a clear objective, and within clear rules and frameworks, is key in this fight.
In undertaking an in-depth reform of the country’s digital security architecture, three levers must be activated: regulation, skills, and technology. This was underlined in a note by the United Nations Economic Commission for Africa on cybersecurity in Africa.
Regarding the regulatory aspect, South Africa has already deployed a legal arsenal to address cybercrime, supplementing it with a national cybersecurity policy framework (NCPF) in 2012. More recently, the National Council of Provinces adopted the cybercrimes bill, which facilitates the fight against cybercriminals by empowering the South African Police Service.
As for the human factor, there are still gaps to fill in terms of public awareness on digital security. The 2019 KnowBe4 African Cybersecurity Report highlighted that, while 74% of South Africans are concerned about these risks, many are still neglecting their own data protection.
Although South Africa has taken bold steps in promoting cybercrime regulation, perhaps the technological aspect is lagging, and should be considered as a priority.
While South Africa’s legal framework against cybercrime is indeed comprehensive, this alone is insufficient if not backed by investment in advanced technologies to monitor and secure the IT sector, especially in this (almost) post-Covid era, which has provided criminals with a first-class playing field.