Cybercrime attacks are becoming a fairly regular occurrence in South Africa, with some research pegging the cost at R2.2 billion annually. What is causing this surge in attacks and how can this problem be tackled?

Last week, streaming platform Showmax confirmed that a hacker had accessed 27,000 customers’ data, mostly login credentials, eventually offering them for sale on a hackers forum. Prior to this incident, JD Group, one of South Africa’s largest retail conglomerates, was also hacked, with over 500,000 customers’ personal data exposed.

Hacking incidents in the country have become quite frequent, with the likes of Shoprite, DisChem, Liberty Insurance,TransUnion, and even government departments  falling victim to cybersecurity breaches in recent months.

“The reason attacks seem to be getting more prominent nowadays is that attack time is a lot quicker than it’s ever been before and the reason for that, among others, is encryption technology, which is now so progressive and available to businesses and consumers, is equally as available and can be leveraged by bad actors. This technology is so much faster than it’s ever been, meaning that security breaches can also happen much quicker. Back then, the dwell time for attacks, which is the time an attacker needs to make a break-in, was in the 290-day ballpark range. Nowadays, this has been reduced to about 84 minutes on average,” said Kate Mollett, senior director of southern Africa operations at Commvault, a cybersecurity firm.

Mitch Adams, a cybersecurity professional who has done cybersecurity work for some of the country’s most prominent tech startups and corporates, believes that the advent of COVID-19 which pushed more people online and tough socio-economic conditions like unemployment, are the main reasons for the surge in cybersecurity over the last two years.

“During COVID-19, work from home became so common, and it still is, which saw people taking their work away from firewalled work computers to at home with no any security whatsoever. Additionally, South Africa has high unemployment rates and technology professionals who cannot get a job can sometimes be tempted to exploit lax security measures in order to try to earn a living,” Adams told Techcabal over a call.

According to INTERPOL’s 2022 Africa Cyberthreat Assessment report [pdf], South Africa leads the continent in the number of identified cybersecurity threats, with 230 million total threat detections. In second place was Kenya with 72 million. Phishing attacks, ransomware attacks and business email compromise (BEC) attempts were identified as the leading modes of breaches in the country.

Research by Accenture also illustrates the severity of the cybersecurity landscape, with the country recording the third highest number of cybercrime victims worldwide, at a cost of R2.2 billion a year.

The scale of cyber criminality in the country is further evidenced by the fact that the country is estimated to suffer 577 malware attacks an hour. The South African Banking Risk Information Centre (SABRIC) reported [pdf] that “gross fraud losses on South African-issued cards increased by 20.5% from 2018 to 2019” due to CNP fraud and banking malware attacks, putting South Africa as second only to Russia in this regard.

Crypto fuelling the fire

The mainstreaming of cryptocurrencies over the last three years seems to have fuelled the occurrence of ransomware attacks in the country, with retailer Shoprite falling victim to such an attack last year. RSAWeb, Transnet, and most recently, the Development Bank of Southern Africa, have been hit by ransomware attacks.

Ransomware is a type of malware that encrypts a victim’s data and synchronises it to a remote node or blocks its access while a ransom is demanded. The average ransom demanded for the data is at least $300,000, mostly in crypto.

“Ransomware criminals exploit the international nature of virtual assets like cryptocurrencies to facilitate large-scale, nearly instantaneous cross-border transactions, sometimes without the involvement of traditional financial institutions that have anti-money laundering and counter terrorist financing (AML/CFT) programs. Criminals further complicate their transactions by using anonymity enhancing technologies, techniques, and tokens in the laundering process, such as anonymity enhanced cryptocurrencies and mixers,” says the Financial Action Task Force (FATF).

Another growing cybersecurity concern for South Africa involving crypto are scams, in which threat actors seek to defraud victims of their cryptocurrency. Over the last two years, South Africa has recorded two large-scale crypto scams.

The first was a Ponzi scheme where thousands of investors were allegedly scammed out of $588 million in Bitcoin by the company Mirror Trading International in 2020. The second case involved the trading company Africrypt, whose founders allegedly absconded with $3.6 billion from investors in April 2021.

Cryptocurrency scams seem to be quite lucrative in South Africa, one of the top ten countries worldwide where threat actors received the highest volume of cryptocurrency from illicit addresses. Additionally, South Africa was second only to the US in the list of countries from which most crypto scams emerge.

Staying safe amidst the wave of attacks

According to Mollett, the best way for businesses to stay safe during this wave of cybercrime attacks and breaches is to treat cybersecurity measures as a necessity for each and every business, not a privilege reserved for big companies only.

“The prevalence of smartphones, through which both your staff and customers do everything from accessing emails to using banking apps, means that there is a huge risk factor for a breach and just education and awareness will not suffice. As a business, a breach always reflects back on you, so it’s best to take proactive measures to ensure safety. Recovery is great. What is so much better than recovering from something is preventing it in the first place. So Commvault made a key acquisition early last year of an organisation called ThreatWise, which is able to assist organisations with something we call “active defence”. And what that does is it provides early warnings of an attack within your environment before it even happens,” added Mollett.

Adams also believes being proactive in combating attacks before they even happen is crucial in the fight against cybercrime attacks.

“The problem is that small businesses are of the mentality that cybersecurity attacks won’t happen to them because on the news they only read about attacks on big companies. But this is not true because one always thinks it won’t happen to them until it inevitably happens to them. It’s best to invest in cybersecurity before an attack because addressing an attack which has already happened will be much more expensive than having been proactive,” said Adams.

Startups playing their part

Startups are also playing their role in trying to ensure cybersecurity in the country. One of those is Sendmarc, a Johannesburg-based cybersecurity startup specialising in anti-phishing solutions. In February, the company raised a $7 million Series A round to scale its solution. The company’s technology relies on email authentication methods, including the Sender Policy Framework (SPF) and the Domain-based Message Authentication, Reporting, and Conformance (DMARC), globally-recognised email security standards that protect domains against email spoofing.

The startup claims to serve over 1,000 paying customers including South African stock exchanges, law firms such as Bowmans, insurance companies, tech startups, banks, and law enforcement agencies across North America, Europe, Australia, South Africa, and Latin America, with its technology. Additionally, 80% of its clients are based in South Africa.

Another startup is Port443 which raised an undisclosed amount of funding from technology investment firm Iziko2.0, with supporting funding from RMB Ventures last month. The Johannesburg-based startup specialises in security automations and integrations. Through its custom platforms and OneView dashboards, it gives management and technical teams at-a-glance views of the status of their security estate, to help them proactively manage vulnerabilities and respond to breaches.

Other startups which also have cybersecurity offerings include TakeNoteIT, which offers early detection technology productions, and Octarity which offers cybersecurity solutions specifically for small businesses in the country.

The prevalence of cybercrime attacks despite the presence of regulatory frameworks such as the Cybercrimes Act and the Protection of Personal Information Act (POPIA), is perhaps proof that the fight against such attacks will take more than just effort from lawmakers and law enforcement branches. Mollett agrees with this hypothesis.

“Those legislations are of course vital in the fight against cybercrime attacks, but in most instances, you realise that they are the last line of defence. Innovative solutions are what is really effective to fight attacks as they happen or even before they happen, and not just as a remedy against attacks which have already affected customers and destroyed a business’ reputation,” concludes Molett.

The steadily increasing rates of South Africa’s internet, smartphone, and crypto adoption rates are a double-edged sword as, despite fostering digital inclusivity, also present an even larger pool of possible victims for bad actors. 

But on the bright side, the prevalence of these attacks also presents an opportunity for innovators, including corporates and startups, to build solutions which will protect South African citizens and businesses from these attacks.  According to data by Statista, the largest market within cybersecurity is security services with a projected market volume of US$349.00m in 2023. Revenue is expected to show an annual growth rate (CAGR 2023-2028) of 8.81%, resulting in a market volume of US$949.30m by 2028, showing the amount of opportunity for innovators in the space.

Get the best African tech newsletters in your inbox