This year’s hacking attacks have been some of the worst we have seen, and they have undoubtedly left a mark on the cyber world.
South Africa may not have been directly impacted, but the effect of these cyber-attacks is making people questions the protective barriers that are put in place, writes Drew van Vuuren, data protection officer at ESET South Africa.
WannaCry ransomware, a worldwide attack, targeted computers running the Microsoft Windows operating systems by encrypting data and demanding ransom payments in bitcoins.
A month later, another wave of ransomware infections hit targets worldwide. NotPetya was thought to have masked a targeted cybercrime against Ukraine. In fact, it hit Ukrainian infrastructure quite hard, disrupting utilities power companies, airports, public transit and the central bank.
With limited preparedness, South Africa has low to possibly moderate chances of being able to protect itself from such cyber-attacks.
There is an ongoing awareness that, as the telecoms and infrastructure developments continue, the country and its associated industries will become more of a target for compromise — not only by hackers but also by other nation states.
Though it is slowly increasing, there is still minimal knowledge on cyber-attack protection in South Africa. Government is in the process of drafting and adopting legislation that will assist in mitigating this attack – but it will take time for their level of knowledge to have a measurable chance of defence against it.
Hackers are always on the lookout for potential industries to target and, in South Africa, there are industries that are severely under resourced and slow to modernize but hold large volumes of valuable and sensitive data.
The industries that are prone to cyber-attacks are mainly local government, public health and manufacturing. Local government has aging infrastructure and poorly-managed systems that would make it hard for them to relieve any risks posed. Public health services are in a position where they lack finances and resources needed to add security to information systems, as they are finding it hard to even provide basic medical care. The mining and manufacturing sector is also a key targeted industry due to its slow modernisation of the different systems they use.
Government, in partnership with research bodies, has established a Computer Emergency Response Team (CERT) which is staffed by knowledgeable and experienced resources. It is a good start and the key is to ensure that communication channels are established and maintained, allowing collaboration in a public-private-partnership which can help with dealing with the fallout in event of a cyber-attack.
The way forward is dependent on user awareness and diligence: The popularity needs to be educated on protecting their own information as much as they protect themselves from physical harm.
There also needs to be sufficient investment in systems and robust infrastructure to protect the key industries that may be targeted, furthermore, protocols and readiness tools that will limit the impact of an attack need to be established.