South Africa will be 2016's top target for cyber crime in Africa, according to Control Risks.
This emerged in the company's Riskmap 2016, an international report on the most significant underlying trends in global risk and security, which Control Risks has compiled for more than 20 years.
"The five African nations with the highest number of active malicious IP addresses are South Africa, Egypt, Kenya, Tunisia and Botswana," said John Nugent, senior analyst for Control Risks' Cyber Threat Intelligence.
Nugent identified hardware compromise, criminal targeted attacks, advanced persistent threat operations, ransomware and data leaks as the five most impactful cyber attack techniques of 2016 globally.
Regarding South Africa's specific risk profile, he said "the major concern is really cyber crime, primarily from internal (South Africa-based) but also external actors".
Criminal targeted attacks
He said banks and financial institutions would remain the principal targets of cyber criminal activity. "There have been a number of highly public incidents affecting banks in South Africa, but any other businesses that hold large amounts of customer information ? such as retailers, hotels and leisure companies and healthcare providers ? also face a considerable threat.
"Extortion groups that use ransomware are less discriminating and will typically deploy this malware opportunistically, choosing targets with poor defences, though we have increasingly seen an increase in more targeted attacks of this nature against large financial services firms and other major multinationals because of their perceived ability to pay larger ransoms." Nugent said this is likely to be replicated in South Africa.
More broadly, he said the overall scope of the nation-state threat to South African businesses is "moderate and focused on targets in the key extractives, manufacturing sector and agriculture sector, all industries in which some of the main perpetrators of cyber espionage have a demonstrable interest".
Cyber activist threat is low
"While cyber activists do frequently conduct attacks, they are typically limited in their technical sophistication. Unlike cyber crime, cyber activism is often less target-specific and therefore any organisation can potentially face campaigns driven by nebulous motives that can be hard to foresee.
"This is as true of South Africa as anywhere else. However, the extractives industry, media organisations and governmental institutions are routinely targeted the world over by cyber activists."
Why SA leads the pack
Nugent identified four core drivers for SA's high risk for cyber crime. First was the country's comparatively high levels of Internet connectivity, resulting in "a larger attack surface than many other nations on the Africa continent".
A second factor was the country's wealth and particularly its high GDP per capita compared to that of other nations in Sub-Saharan Africa. A third factor was the "relatively poor levels of cyber security education and preparedness among businesses and the wider populace".
Lastly, he pointed to South African law enforcement agencies being "poorly equipped to prosecute the perpetrators of cyber attacks, whether they are locally or internationally-based".
Insurgence and disruption
The report states the world had entered "the Age of Insurgence". Asked how this played out in Africa, Chris Torrens, senior managing director for global risk analysis, said: "Signs of insurgence and 'disruption' are manifesting themselves in various ways across Africa.
"Perhaps most interesting is the emergence of 'people power', which in 2015 had a positive impact by challenging the authority of entrenched leaderships. For example, popular protests helped to stave off a military coup in Burkina Faso in late 2015, while in DRC president Joseph Kabila's efforts to revise the constitution were met with huge protests."
With nearly a dozen of the incumbent leaders forecast to win out of the 16 presidential elections scheduled for this year, he said it remained to be seen whether this disruptive momentum will be maintained. (The #FeesMustFall and #RhodesMustFall movements are local examples.)
"In the commercial world, too, we are seeing disruption to conventional business models, as illustrated by the success of taxi operator Uber and Airbnb, which is posing a challenge to major hotel chains. An even more significant disruptor would be Capitec, which through its lean, low-cost retail banking model is taking on the industry establishment and winning," Torrens said.
No real prosecution
George Nicholls, senior managing director for Southern Africa, said although South Africa was one of 28 countries that had a government cyber security policy, it did not have "a real ability to prosecute".
Nicholls said more than R2 billion a year was lost to cyber crime, and that the government should work closer with the business community, which did have the skills to investigate cyber crimes. "This is certainly not an issue in South Africa only, but cooperation between government and business [to respond to cyber crime] is somehow better in the United States, for instance."
He said Control Risks expected the number of national states actively involved in cyber espionage to move to 45, and the level of cyber crime to move beyond phishing.
"What is more likely is a focus on industrial control systems. We envisage at least one successful compromise of hardware globally, with something like an electricity grid or other important infrastructure," he said, referring to known attempts in Germany and Ukraine. He was not aware of any specific attack of this nature to date in South Africa.