In recent years, South Africa has become a playground for cybercriminal activities with syndicates targeting everyone from individual South Africans to SMEs, large corporates and public entities

This, says Siyabonga Mabuza, head of cybersecurity at the Fourth Industrial Revolution Incubator (4IRI), poses a threat to the country’s economy and infrastructure, leaving the entire state vulnerable to attacks.

Nearly 80% of the South African population is now online with an increasing number of devices, networks and servers bringing about new opportunities for cybercriminals.

Interpol recently released a report which states that there is a “critical absence of cybersecurity protocols, cyber-resilience as well as mitigation and prevention measures for individuals and businesses” in Africa.

South Africa in particular has in the past 20 years become one of the increasingly targeted countries for these crimes with a National Cyber Security Index ranking of 89, indicating its lagging preparedness to prevent threats and proactively manage incidents. The KPMG African Cybersecurity Outlook highlighted that South Africa experienced at least 230-million cybersecurity threats in 2021, making the country the third highest ranking country with the highest number of cybercrime victims worldwide, at a cost of R2,2-billion a year.

Keep sensitive information secure

According to Mabuza, many organisations in South Africa have some of the lowest downtime in the world, making it exceedingly difficult for cybercriminals to get easy access – and while this is somehow preventative in some measure, it has also meant that cybercriminals find sophisticated ways to penetrate defences: “The only way to stay in control of data security and privacy is through robust data protection methods and a strong contingency plan.

“Data security and data privacy are used interchangeably; however, there is a clear distinction between the two,” says Mabuza. “Data protection is all about the mechanisms for preventing the corruption of data, compromise, or loss, while data privacy encompasses everything to do with the rules and regulations of data handling. Both are critical to the protection of sensitive information and organisations need to understand and easily implement them.”

Mabuza warns that the nature of the problems that can be incurred during a security breach are many: “From loss of key information, adverse publicity, loss of trust, legal action by customers, and official censure by regulators. All these can be easily avoided with a little forethought and a professional attitude to the use of data.”

Mabuza has some tested and simple tips that can ward off these criminals:

Changing Passwords Regularly

Some of the most basic forms of security are still as effective – many data breaches are connected to password theft. Changing one’s password regularly and installing multi-factor authentication where possible, or even strictly adhering to strong password managers, can prevent future breaches and attacks.

Backing-up data regularly

In the rise of cloud and data infrastructure, secure data backups have become more accessible and affordable and can prevent organisations from being held ransom by cybercriminals who somehow hijack business information and technology infrastructure. Backing up is a great means to recover and retain critical data during disasters such as fires or systems crashing or even technology upgrades and changes.

Virtual Private Networks (VPNs)

Choosing a reliable and trusted technology application to guard your network infrastructure can help individuals and employees within an organisation interact privately and securely. VPNs are critical when operating within public networks of wi-fi.

Updating all software and changing data regularly

In the 21st century cyber-attacks as a result of an individual or firms’ unwillingness to update critical software are common and becoming regular every day. Updates to the firewalls and antimalware can fill gaps in previous versions and greatly reduce the chances of cybercriminals getting access to critical systems and sensitive data.

Encrypting data

As strong as the network perimeter defences may be, intruders can be able to get through them. A vast majority of the incidents where unencrypted databases were improperly accessed or stolen were preventable occurrences.

Securely empowering SMMEs and individuals through technology

There is a growing need for individuals and businesses to learn about digital technologies and the best ways to remain secure online.

The 4IR Incubator was established in response to this need to develop capability and capacity in the digital learning industry, believing that the key to empowerment is creating learning programmes that teach new, relevant, and critical skills to enable the workforce of the future to adapt to the fourth industrial revolution work environment.

The Incubator is currently running cybersecurity programmes that serve to promote individual and organisational preparedness to proactively manage and possibly circumvent data and security challenges brought forward by current and futuristic 4th Industrial Revolution technology requirements.