By Damian Viviers
Cybercrime has become a global pandemic, with South Africa leading the charge in terms of countries that have become a hot spot for cybercrime, earning us the dubious honour of being labelled the cybercrime capital of Africa. In this article, we touch on some of the issues and risks South African businesses face concerning cybercrime.
With apps, online platforms, social media and the increasing reliance on and use of technology in everything we do continuing to expand exponentially, it is no surprise that the prevalence of cybercrime parallels the exponential growth. Add in the growing sophistication of cybercriminals, the ability to commit cybercrime on a global scale, and the lagging vulnerability of institutions and businesses to stay ahead of the criminals, with adequate security measures, and you have the perfect environment for opportunistic and organised cybercriminals to flourish in.
Cybercrime involves criminal activities (most often related to the theft of money or data), involving the use of technology, such as computers, tablets, smartphones and networks. It may also involve traditional crimes that are advanced via the internet.
Although rapidly waning, many South African businesses suffer from the belief that they will be spared from falling prey to cyberattacks and that only the large and wealthy will be targeted. This, unfortunately, is far from the truth as individuals and businesses, large and small, are increasingly being targeted by cybercriminals using sophisticated technologies to expose young and old, poor and wealthy to the risk of being victims of cybercrime.
Recent South African judgments have highlighted the impact of cybercrimes, showcasing how persons and businesses fall victim to scams, hacks, phishing attempts, cyber ransoms and more. For businesses, this also poses the risk of being held liable by victims. With cybercriminals often operating from cross-border jurisdictions, the ability to identify and bring such criminals to justice is limited. This leaves victims who have suffered losses and face the challenge of not being able to recoup losses from criminals, to instead try take legal action against the businesses that have acted as intermediaries in financial transactions that have led to cybercrimes occurring.
Victims have been successful in legally holding businesses accountable, creating a real business risk for businesses unwittingly made a party to crimes against clients of the business by clever cybercriminals. Think here of the loss of personal data or passwords by a business that may grant criminals access to personal accounts or transactions of individuals. Not only the danger of financial claims but also reputational damage is a massive threat to every South African business.
The following list, although by no means exhaustive, is a few examples of cybercrimes that may be committed.
Phishing scams, where a victim receives an e-mail, message or other electronic communication that appears to come from a known or well-known source but comes from a fraudster, intending to get the victim to disclose sensitive data, such as their bank account numbers, residential address, credit card details and passwords. The information is then used to access important accounts and platforms.
Hacking, involves fraudsters gaining unauthorised access to a victim’s technological device(s) and their data, with the intent of using such to gain access to passwords, and confidential information and even impersonate the owner of the device.
Ransomware, can often also follow hacking where cybercriminals use malicious software to attack the victim’s devices and block access and systems until a ransom payment is made to the criminals.
Electronic funds transfer fraud often involves fraudsters either initiating or redirecting a money transfer, with the fraudster generally providing instructions to a financial institution or intermediary, posing as the victim or another relevant third party, and instructing payment of funds to the fraudster.
Social media profile cloning, where the fraudsters create a fake social media profile, using the victim’s images and personal information to impersonate the victim and try to solicit money or further information from the victim’s colleagues or connections.
Although South Africa has promulgated a new Cybercrimes Act 19 of 2020, which criminalises cybercrimes, prosecuting cybercrimes is notoriously difficult. This makes prevention better than cure. Businesses and individuals should take all reasonable steps to protect themselves and their businesses from falling prey to cybercriminals. Unfortunately, given the highly sophisticated nature of cybercrime and the capability of the criminals, there is no easy fix and the best advice is to remain up to date with security requirements and best practices, as well as engage the services of competent technology professionals to help secure your business against attacks.
Additionally, for businesses, cybersecurity policies as well as regular employee education and training, together with information technology security measures, are all part of putting a structured environment in place to mitigate the risk of cybersecurity attacks. Don’t be caught off guard or underestimate the prevalence and growing danger of cybercrimes. Engage cybersecurity specialists to help ensure your business has the necessary safeguards and frameworks in place.
* Damian Viviers is a commercial director at PH Attorneys.