South African organisations are reported to have experienced on average security 19 incidents within a year, according to Kaspersky’s latest IT Security Economics report.
In 2024, globally, 467 000 malicious files were detected by Kaspersky daily, marking a 14% increase from the previous year.
Presenting report findings at the 25th Cyber Security Summit South Africa in Johannesburg, Kaspersky reveals that 34,2% of its users in South Africa encountered web-borne threats in the past year. Banking and financial malware surged by 34% in 2024 when compared to the previous year.
At the same time, password stealer detections increased by 14%, while the number of exploit attacks rose by 55% and backdoors spiked by 42%.
The crimeware ecosystem has become increasingly dynamic and adaptable, with affiliates adopting a “multi-platform” approach. Cyber attackers spread their operations across regions.
As an example, Kaspersky warns of the Grandoreiro banking trojan expanding from Latin America to Asia and Africa. In 2024, the threat targeted more than 1,700 financial institutions and 276 cryptocurrency wallets across 45 countries and territories.
Among countries affected in Africa were South Africa, along with Algeria, Angola, Ethiopia, Ghana, Ivory Coast, Kenya, Mozambique, Nigeria, Tanzania, and Uganda.
Kaspersky experts highlight several growing concerns for businesses. The rise of AI-enhanced cyber threats means attackers are using AI-powered phishing scams, malware development, and automation to launch more sophisticated attacks.
At the same time, cloud security risks continue to rise, as businesses increasingly adopt cloud-based services but fail to secure them against data breaches and misconfigurations.
Meanwhile, as social engineering techniques are widely used by attackers, human error remains a major cybersecurity risk, that involves cyber threats ranging from phishing to deepfakes.
To mitigate these growing threats, Kaspersky advises businesses to take a proactive approach to cybersecurity. That should involve gathering threat intelligence relevant to their industry, geography and software profile; implementing advanced security solutions that reflect the security demands of businesses depending on the levels of IT maturity.
Employee training is also critical, as many cyberattacks exploit human error. Additionally, organisations should perform regular threat assessments and penetration testing, identifying vulnerabilities before they can be exploited.
“With the rise of AI-assisted cybercrime and increasingly targeted attacks on businesses, decision-makers should have a comprehensive security strategy that combines robust cybersecurity solutions for IT assets, employee education, and acquiring threat intelligence,” says Dmitry Berezin, Global Security Solutions Expert at Kaspersky. “By integrating intelligence-driven security measures, companies can better protect their assets, customers, and reputation in an increasingly hostile digital landscape.”