With only a week to go before national elections, South Africa is facing an increase in cyberattacks – evidenced by recent breaches at the Government Pensions Administration Agency (GPAA), the Companies and Intellectual Property Commission of South Africa (CIPC), and even the Electoral Commission of South Africa (IEC) itself.

“These attacks, which may have compromised sensitive data like personal information or financial records, highlight the vulnerability of critical infrastructure and spotlights the urgent need for advanced threat prevention as the severity and frequency of attacks are expected to escalate,” says Reabetswe Motsamai, marketing and communications manager at MakwaIT Technologies. “The risk not only applies to the public sector, but the private sector too with South African businesses said to be attacked over 1 000-times per week on average, according to Check Point.

“Worse still, while 73% of organisations believe that a cybersecurity incident will disrupt their business in the next 12 to 24 months, only 7% are adequately equipped to navigate the evolving threat landscape.”

Citing research from the 2024 Cisco Cybersecurity Readiness Index, Motsamai highlights that cyberattacks are becoming more sophisticated, widespread, and frequent – outpacing current business defences.

“Security is paramount for organisations in today’s digital landscape,” she says. “With the increasing prevalence of cyberthreats, data breaches, and other security risks organisations must continuously evolve and strengthen their security measures. This means adding advanced solutions that provide comprehensive visibility, deep threat analysis, and rapid response capabilities.”

With elections taking place in 20 African countries this year, Interpol warns of two of the most rapidly expanding threats affecting organisations on the continent: ransomware and business email compromise (BEC).

Last year, 78% of South African companies suffered ransomware attacks with targets including Porsche and TransUnion.

“These attacks, which were behind the recent breaches at the CIPC and GPAA, use malware to prevent businesses from accessing important information – ranging from individual files to entire databases and potentially causing leaks of sensitive data. To regain access, some companies are forced to pay ransoms,” explains Motsamai.

Despite the dangers, she highlights that only 19% of organisations see ransomware as a threat in the next year. “With the average cost of a ransomware attack estimated at $5,13-million (over R93,7-million), can businesses afford to ignore it?”

Some of the most common ways ransomware infiltrates an organisation include phishing emails, downloading infected file extensions or malicious attachments, and exploiting system and network vulnerabilities.

Motsamai emphasises a multipronged approach to prevent ransomware damage which includes training staff members to be more cybersecurity savvy (especially as most attacks start with a convincing phishing email sent to an employee’s inbox), implementing email and endpoint security for robust protection, and deploying advanced malware protection for comprehensive defence.

“Regularly backing up critical data to an external drive or cloud storage is equally crucial,” she says.

Referring to Mimecast’s 2024 State of Email & Collaboration Security report, Motsamai highlights a significant increase in BEC – a dangerous form of phishing which has nearly doubled in the past year. “Unfortunately, 57% of South African companies have fallen victim to these attacks including the Passenger Rail Agency of South Africa (PRASA) which lost R30,6-million as a result,” she says.

“BEC is swiftly becoming a major threat especially with advances in AI making attacks more sophisticated and difficult to detect, Motsamai cautions. Scammers use the technology to impersonate legitimate contacts like contractors, suppliers, or senior management. They achieve this by either hacking into a real email account or by using an email address that closely matches the legitimate one. Their goal is to trick a company’s payment team into making urgent payments or redirecting future payments to a new account.”

She encourages vigilance when it comes to unexpected payment requests. “Always verify any unplanned or urgent instructions, or changes to account details, by contacting the sender using trusted contact information,” she advises. “Additionally, consider implementing email authentication tools and training AI to learn individual emailing behaviours and detect anomalies.

“Unfortunately, these and other threats will continue beyond the elections with their focus shifting from political agendas to financial crimes,” Motsamai says. “The potential impact is vast, ranging from financial losses and reputational damage to fines for non-compliance with data protection laws and, in extreme cases, national disruption as in the 2021 Transnet cyberattack.

“However, by implementing advanced threat prevention strategies and fostering a culture of cybersecurity awareness, public and private organisations can reduce their risk,” Motsamai says.