South Africa is ‘very attractive’ testbed for cyber criminals

Simnikiwe Mzekandaba
By Simnikiwe Mzekandaba, IT in government editor
Johannesburg, 07 Jun 2023

A trend that is increasingly becoming clear is that SA is an appealing testbed for cyber attacks internationally, says Christopher MacRoberts, legal director at Clyde and Co.

This, notes MacRoberts, is mainly driven by the country’s “fairly” sophisticated private sector, and strong banking, fintech and services sectors.

MacRoberts made the comments on day one of ITWeb Security Summit 2023, taking place this week in Sandton.

He formed part of a panel discussion, detailing some of the main cyber risks in SA. “Threat actor groups like LockBit can operate in South Africa with relative impunity. We are behind the curve when it comes to enforcement.

“There is certainly a huge role that the private sector can play in improving SA’s cyber resilience and being able to meet these threats. We’re certainly not in a safe harbour in South Africa; we’re subject to all of those forces,” he noted.

“Perhaps the recent developments in our geopolitical stance amplify those risks. If we start taking sides in current events around the world, we may find ourselves subject to that fifth domain of cyber and cyber espionage.”

MacRoberts explained that his company, which works with firms and insurers to resolve cyber incidents, is able to benchmark SA’s experience in dealing with cyber security incidents, particularly ransomware, to what is going on elsewhere.

“I can tell you with absolute certainty that the risks we are experiencing in SA, the kind of attacks that South African companies are being subjected to, are as sophisticated and as bad as anything that is going on anywhere in the world.

“I’m not saying this in a way to be a scaremonger, but because I think there are opportunities that come from that.”

The other panellists agreed that global cyber security threats are very much applicable to SA.

Top among the elements exacerbating the country’s cyber crime challenges is the lack of skills, noted Dr Jabu Mtsweni, centre manager for information and cyber security research at the CSIR.

According to Mtsweni, there is rapid movement of people with cyber security skills between different companies, posing risks for organisations because they are not stable in terms of workforce.

“Cyber security risks these days are multi-faceted. We’ve got a lot of blind spot issues in the country, and one of them is the lack of coordination between the private and public sectors. The private sector may think they are secure, but if government is not secure, ultimately there will be bystanders. Vice-versa, if government thinks they are secure but the private sector is not, then we have a challenge.”

State Security Agency GM for ICT security Katekani Hlabathi added the country faces the same cyber security risks encountered the world over. Notable among these are cyber crime, cyber terrorism and cyber espionage, with the latter conducted by advanced persistent threats that are nation-sponsored threat actors.

“That [cyber espionage] is actually the only thing which I might say is unique in our sector that we have to follow. Our mandate is to look at securing the state, which is South Africa as a whole. We’ve seen attacks on our ports…we’re upping our game and doing our best to respond to those risks.”

Hlabathi indicated ransomware remains a “real” headache that everyone faces. “We’re seeing this in the state as well.”

Susan Potgieter, chief risk officer at the South African Banking Risk Information Centre, said banks consistently have to deal with changing trends; listing ransomware, distributed denial-of-service (DDOS) attacks and phishing campaigns among those.

“When you look at how banking has been digitalised over the years, and how businesses and world trends are when it comes to doing business, it’s no secret that functions are sometimes outsourced. There’s always a drive to work smarter and [introduce] system integration, to see how things can be optimised from a service delivery perspective – those introduce risks.

“You can’t speak about third-party risk and not speak about data privacy. For example, a customer banks with a specific brand and information is shared with that brand. If that brand makes use of suppliers to execute some functions, it doesn’t excuse that brand from the data privacy responsibility.”

Potgieter added that banks will always be a preferred target because that’s where the money is and the economy needs banks in order for it to work.

South Africa has of late been recording unprecedented cyber security incidents, with the CSIR estimating financial losses of up to R2.2 billion per annum to the South African economy.

There has been a number of high-profile cyber attacks on the local front recently, including credit bureaus, healthcare and retail groups, several government departments, as well as highly-organised DDOS attacks on banks.

The country is said to be the eighth most targeted in the world for ransomware, with more than half of South African firms impacted by ransomware in the past year.