South African business, especially small and medium enterprises (SMEs) are besieged by an increasing number of cyber attacks and need to invest in defensive technology while the state urgently needs to enact legislation and enforcement capabilities, cybercrime experts have warned.
This is as about 43 percent of cyber attacks target small businesses, particularly those in the financial, healthcare, retail, insurance, and legal sectors.
Cybercrime expert, Neil Hare-Brown, CEO of Storm, a private enterprise dedicated to addressing issues of cybercrime in the country said South Africa was especially vulnerable on the continent because of its advanced internet technology, advanced economy and the lack of appropriate technology and enforcement to deal with attacks, often by people safely outside the borders where they could attack with impunity.
Among the most recent attacks were on the South African National Blood Services (SANBS), logistics utility Transnet which was put off-line for two days, the National Space Agency in Pretoria as well as some financial institutions.
The attacks are costing the local economy more than R2.2 billion a year in malware, ransom attacks and other disruptive aggression that leaves businesses at odds and ends.
Globally, there is an attack every 11 seconds, heightened odds for South African business with the vulnerability exposed by the lack of expertise in cybercrime.
According to a survey conducted by Storm, South African businesses perception of cyber attacks is low, with nine out of 33 businesses surveyed declaring the terrorism to be “very low”, 17 answered “moderate”, a further 6 stated they considered it to be “good”, with just one business group estimating their members to have an “excellent“ level of cyber security.
“This clearly indicated a general low level of effective cyber-risk management capability, and that business groups have some work to do to ensure members cyber resilience does not unduly expose their businesses,” Hare-Brown said.
Almost half the respondents were unable or unwilling to answer, while a third claimed the figure to be above 10 percent of their members. Some went so far as to claim that as many as 50 percent, 65 percent, and 90 percent of their members had suffered a cyber attack in the last 12 months.
"Most businesses have not considered this critical question and expecting their IT provider or law enforcement to help them in such circumstances will likely lead to considerable unnecessary loss and disappointment,“ he said.
The company had launched CyberCare, a cyber incident response hotline service for South African SMEs to serve business with a range of options for both IT and senior management, in the investigation and recovery of their business from potentially damaging cyber incidents.
Hare-Brown said it was essential to introduce cyber security training to the workplace, and even the classroom, to help organisations to address the skills gap.
“Businesses must attend to the lack of sufficient IT security budgets and make efforts to keep abreast of cyber threats. More onus is needed on African governments to look into a long-term strategy that identifies the problem at its root and help SA businesses to stay resilient,” he said.
"Most organisations see cybercrime as a black swan event that it does not affect them," he noted.
Speaking at a recent South African Business United Confederation webinar on the subject, Carl Beck, an expert in the field, said South Africa had a blasé approach to cyber education, yet the country was being used as a testing ground for malware attacks.
He said the working-from-home trend enforced by compliance with Covid 19 control regulations had also exposed businesses as workers took equipment like laptops home, leaving them vulnerable to attacks they could only report to IT departments when the matter was far graver.
“There is poor awareness of shadow IT, people download documents right at their homes for jobs requirements and in the process open up to applications that come with viruses,” Beck said.
BUSINESS REPORT ONLINE