At the annual ITWeb Security Summit 2025, technology professionals used the opportunity to reflect on changes in SA’s cyber security ecosystem and what issues need to be addressed to help this market advance.
Speaking to ITWeb TV, Bevan Lane, CEO of Infosec Advisory Group, said SA’s 1994 election was a poignant moment – not just politically, but also from a cyber security point of view.
Lane explained that a hacker accessed data and attempted to change information on spreadsheets. “He got into the network, got into the forms and was taking votes from the ANC, removing them and putting them into another form for the Conservative Party, or whoever it was at that time. It was obviously some sort of idea to change all the votes and destabilise everything.”
The 1999 Edcon logic bomb incident was another noteworthy milestone in SA’s cyber history, said Lane, and it laid the foundation for the introduction of cyber security legislation.
The case involved a disgruntled Edcon employee who used a logic bomb (a piece of code that is intentionally integrated into a software system to trigger malicious events) to bring down retail stores.
“I don’t think there’s been a similar case in South Africa ever where somebody internally wrote software to bring down (stores) – and he brought down every single store. He damaged the hard drives of a lot of these stores by doing what he had done. He deleted all the information, stopped the stores from operating. I worked it out in today’s terms; it cost about R80 million to R90 million in damage that he did back in those days.”
The police battled to charge him, said Lane, because the case occurred before there were any cyber laws in place, so they had to consider charges like trespassing or damage to property.
“A large reason why the ECT Act and cyber law came about was because of that incident,” he added.
Today’s complex landscape
Craig Rosewarne, MD of Wolfpack Information Risk, said the cyber crime industry has morphed over time, impacted by numerous trends, but its progress has been slowed down by ongoing issues.
“Our biggest problem is crime, which has now morphed into cyber crime as well. So, it’s financially motivated attacks – whether it’s organised crime or small little groups operating. South Africa is still a wealthy country on the continent and if our defences are not as good as European or Israeli or Asian countries, we definitely become a target or test bed for criminal activity.”
The threat landscape has obviously become a lot bigger as well, he said.
Challenges impacting cyber security professionals
While SA has made progress in developing resources to address evolving cyber security challenges, issues like the ongoing skills shortage and fragmented legal and regulatory frameworks continue to have an impact.
Speaking to the reality that any business operating in today’s digital economy is faced with cyber security risks, Charl van der Walt, head of security research at Orange Cyberdefense, said if he could go back in time, he would advise business leaders to slow down and understand the reality of the situation. “You’re just responding to an outside influence. So, play the game at your own speed. And then I would have said we need to work on the quantification of risk reduction.”
One of the key takeaways from the 2025 summit was that while South African cyber security professionals have mostly managed to keep up with changes in IT environments and cyber security trends over the past 20 years, there is still a great deal of work to do.
There are 30 video interviews with many of the key speakers from this year’s summit: click here to access ITWeb TV’s full playlist.
Share