Nothing underlines South Africa’s integration into the global economy more than the country’s increasing vulnerability to the growing incidence of cybercrime, says Neil Cosser, Identity and Data Protection Manager for Africa at Gemalto. This is set to continue into 2018, with new threats coming into the foreground.
“South Africa’s formal business sector and much of society are already highly dependent on digital platforms, with a strong emphasis on mobile technology, as is common in developing economies,” he says. “There were a number of high-profile cybercrime incidents locally in 2017, and while the proposed cybercrimes and cybersecurity legislation will go some way towards providing a framework for combatting crime, it is not necessarily perfect. In the digital sphere, law is on the back foot—we must all take responsibility for cybersecurity because it affects all of us.”
Gemalto says that 2017 was characterised by four main cybercrime trends, all centred on the key issue of data security. Perhaps the most high-profile of these was the outbreak of massive malware attacks, particularly involving ransomware. The WannaCry ransomware attack affected at least 200 000 organisations globally, while others included NotPetya and Bad Rabbit.
Major data breaches were a second feature of cybercrime in 2017. LinkedIn, Dropbox and Yahoo were global victims; locally, the personal records of around half the South African population were found on the Dark Web thanks to a hack of the Deeds Office and, in September, the South African branch of Web hosting company Hetzner was hacked, compromising client data.
The third trend in 2017 was the widespread use of hacking tools by both law-enforcement agencies and criminals. These tools, and people to operate them, are increasingly available, and professional hackers are expected to continue to push the boundaries of innovation in the coming year, says security company McAfee.
A fourth trend is attacks against cryptocurrency exchanges, driven by the huge leap in the value of Bitcoin and others.
Gemalto predicts that while these trends will continue into 2018 and will help set the cybersecurity agenda, South Africans should also keep an eye on two emerging trends that are likely to impact them particularly.
The first is mobile security. As the “app economy” continues to grow and given the fact that majority of South Africans use mobile devices to access the Internet and transact, hackers are likely to focus their attention on penetrating mobile networks.
Because people tend to use one mobile device to access all their networks, private and personal, the security of these devices becomes a high priority. In the future, individuals must take increasing responsibility for cybersecurity as every device can act as a gateway for criminals.
Greater individual vulnerability to cybercrime is also highlighted in the second trend: the risks posed by the growth of the Internet of Things. As homes and vehicles become smarter, and are connected to the network, myriad new vulnerabilities are being created. Experts have projected there will be anywhere from 20 to 30 billion of these by 2020, greatly increasing the overall “attack surface” and creating constant security challenges—especially as few of them will have been designed with security in mind.
“In 2018, businesses are not the only ones at risk. The digitisation of society and life is an ongoing and apparently unstoppable trend. As more of our personal environment is connected, so it becomes vulnerable. Personal information stored in smart devices is one attraction for criminals, but it’s not too far-fetched to imagine a scenario in which a smart appliance is held to ransom,” concludes Cosser. “Everybody who is connected to the network is vulnerable to an extent, and we must all play our part in keeping it secure.”