Cyber security in SA: Rising attacks, weak defences, growing urgency

Traditional defences are no longer sufficient.

---

South Africa is facing a wave of escalating cyber threats that mirror global trends but expose uniquely local vulnerabilities. From record-breaking distributed denial of service (DDOS) campaigns to surging ransomware and banking Trojan infections, the country’s digital infrastructure and economy are increasingly at risk. Yet law enforcement and regulatory capacity remain dangerously out of step with the scale of the challenge.

According to security researchers at Netscout Systems, over 8 million DDOS attacks were recorded globally in the first half of 2025. The Europe, Middle East and Africa (EMEA) region bore the brunt of more than 3.2 million strikes, many targeting critical infrastructure in communications, energy, transport and defence. Hacktivist groups such as NoName057(16) continue to weaponise cyber attacks as geopolitical tools, launching hundreds of co-ordinated disruptions every month.

South Africa has not escaped this surge. Experts warn that the same vulnerabilities exploited elsewhere – weak perimeter defences, unsecured IOT devices and poor patching – are being leveraged by both global threat groups and domestic cyber criminals. The accessibility of DDOS-for-hire services means even unskilled attackers can now launch large-scale digital assaults.

Beyond DDOS, malware infections are climbing steeply. Research by Kaspersky shows that in the first half of 2025, South Africa endured more than 6 million online attack attempts and 10.3 million malware-related incidents. Nearly one in five users was targeted, from individuals falling victim to phishing and fake WiFi networks to enterprises battling ransomware and industrial malware.

The data is stark:

• Backdoor attacks increased by 123% compared with 2024.
• Banking Trojans surged by 136%.
• Password stealers rose by 122%.
• Spyware infections grew by 3.6 times.

Infostealers such as SparkCat and its variant SparkKitty represent a growing risk. Both have been identified spreading through legitimate app stores, underscoring the difficulty of trusting even official platforms. These malicious tools can exfiltrate sensitive files, device data and personal images, opening new fronts in the fight against cyber crime.

The financial toll is already severe. The South African Banking Risk Information Centre reported that in 2024, cyber criminals launched more than 100 000 attacks on bank accounts, draining around R1.8 billion from victims. Yet the South African Police Service recorded just 544 cyber-related fraud cases in the same period.

This yawning gap between actual incidents and formal investigations points to systemic weaknesses. Under-resourced police units, limited technical training and a struggling Information Regulator mean most attacks go unreported or unresolved. Criminals know they face little risk of prosecution, emboldening further attacks.

Political pressure is mounting. The Democratic Alliance (DA) has tabled a Private Members Bill to establish an Office of the Cyber Commissioner, a new Chapter 9 institution that would oversee cyber crime prevention and response. While the proposal has strong backing from the private sector and academia, government support remains lukewarm.

Advocate Glynnis Breytenbach, DA Spokesperson on Justice and Constitutional Development, has warned that without urgent reforms, South Africa risks becoming a haven for cyber criminals: “Cyber crime is growing at a pace our institutions cannot match. Unless we build capacity now, we will fall further behind.”

Alongside calls for reform, global technology companies are stepping in to help bolster South Africa’s cyber defences. In 2024, Microsoft announced a R5.4 billion investment into expanding its cloud infrastructure and digital skills programmes in the country. The initiative is aimed at improving both capacity and resilience, with a strong emphasis on cyber security readiness.

Microsoft is rolling out advanced cloud-based security services to South African organisations, providing tools such as real-time threat intelligence, AI-driven monitoring and incident response frameworks that are already being used by governments and enterprises worldwide. The company is also investing in local skills development through training programmes designed to address the shortage of cyber security professionals in the region.

This dual approach, combining technology deployment with human capital development, is seen as a vital step in closing South Africa’s cyber security gap. By enabling businesses, government agencies and individuals to adopt world-class defences, Microsoft’s investment is positioning the country to better withstand the next wave of cyber attacks.

Experts stress that traditional defences are no longer sufficient. The rise of AI-driven malware, malicious large language models such as WormGPT, and automated phishing campaigns mean attackers can adapt faster than defenders. South African organisations, from banks to state-owned enterprises, must move towards intelligence-led, layered security.

Key recommendations include:

• Stronger authentication and patch management.
• Deploying endpoint detection and response tools for early detection.
• Limiting unnecessary remote access.
• Maintaining robust backups.
• Training employees to recognise phishing and deepfake attacks.

But these measures will not be enough without systemic change in enforcement and governance. South Africa’s cyber resilience will depend as much on political will and investment in law enforcement as on the latest security technologies.

With cyber attacks targeting financial institutions, utilities and critical infrastructure, this is no longer just an IT problem. It is a national security issue. The longer South Africa delays strengthening its defences, the greater the risk that hostile actors, whether criminal or geopolitical, will exploit the country’s weaknesses to inflict economic and strategic harm.