South Africa has in recent times become a playground for cybercriminal activities, with syndicates targeting South Africans, companies, and organisations, stealing personal data by hacking into computer systems and causing data breaches. This poses a threat to the country’s economy and infrastructure, leaving the entire state vulnerable to attacks.
Nearly 80% of the South African population is now online with an increasing number of devices, networks and servers bringing about new opportunities for cybercriminals.
Interpol recently released its report which states that there is a “critical absence of cybersecurity protocols, cyber-resilience as well as mitigation and prevention measures for individuals and businesses” in Africa.
South Africa in particular has in the past 20 years become one of the increasingly targeted countries for these crimes with a National Cyber Security Index ranking of 89, indicating its lagging preparedness to prevent threats and proactively manage incidents.
The KPMG African Cybersecurity Outlook highlighted that South Africa experienced at least 230 million cybersecurity threats in 2021, making the country the third highest ranking country with the highest number of cybercrime victims worldwide, at a cost of R2,2-billion a year.
Keep sensitive information secure
According to Siyabonga Mabuza, head of cybersecurity at the Fourth Industrial Revolution Incubator (4IRI), many organisations in South Africa have one of the lowest downtime in the world, making it exceedingly difficult for cybercriminals to get easy access, and whilst this is somehow preventative in some measure, it has also meant that cybercriminals find sophisticated ways to penetrate defences. “The only way to stay in control of data security and privacy is through robust data protection methods and a strong contingency plan.
“Data security and data privacy are used interchangeably; however, there is a clear distinction between the two”, says Mabuza. “Data protection is all about the mechanisms for preventing the corruption of data, compromise, or loss, while data privacy encompasses everything to do with the rules and regulations of data handling. Both are critical to the protection of sensitive information and organisations need to understand and easily implement them.”
Mabuza warns that the nature of the problems that can be incurred during a security breach are many: “From loss of key information, adverse publicity, loss of trust, legal action by customers, and official censure by regulators. All these can be easily avoided with a little forethought and a professional attitude to the use of data.”
Mabuza offers some simple tips that can help to ward off criminals:
* Changing Passwords Regularly – Some of the most basic forms of security are still as effective, many data breaches are connected to password theft. Changing one’s password regularly and installing multi-factor authentication where possible or even strictly adhering to strong password managers can prevent future breaches and attacks.
* Backing-up data regularly – In the rise of cloud and data infrastructure, secure data backups have become more accessible and affordable and can prevent organisations from being held ransom by cybercriminals who somehow hijack business information and technology infrastructure. Backing up is a great means to recover and retain critical data during disasters such as fires or systems crashing or even technology and upgrades and changes.
* Virtual Private Networks (VPNs) – Choosing a reliable and trusted technology application to guard your network infrastructure can help individuals and employees within an organisation interact privately and securely. VPNs are critical when operating within public networks of WiFi.
* Updating all software and changing data regularly – In the 21st century cyber-attacks as a result of an individual or firms’ unwillingness to update critical software are common and becoming regular every day. Updates to the firewalls and antimalware can fill gaps in previous versions and greatly reduce the chances of cybercriminals getting access to critical systems and sensitive data.
* Encrypting data – As strong as the network perimeter defences may be, intruders can be able to get through them. A vast majority of the incidents where unencrypted databases were improperly accessed or stolen were preventable occurrences.
* Securely empowering SMMEs and individuals through technology – There is a growing need for individuals and businesses to learn about digital technologies and the best ways to remain secure online.
The 4IR Incubator was established in response to this need to develop capability and capacity in the digital learning industry. It is currently running cybersecurity programmes that serve to promote individual and organisational preparedness to proactively manage and possibly circumvent data and security challenges brought forward by current and futuristic 4th Industrial Revolution technology requirements.