Lax security makes SA easy prey for hackers, warn experts in wake of Experian data breach
Johannesburg - Consumers’ personal data and money is compromised as international cyberhackers make South Africa their new hunting ground.
The security data breach at Experian, a consumer credit reporting company, this week highlighted the country’s lax information technology (IT) that has made South Africa the third-highest country in the world to be hit by cybercrime.
The hacking of Experian has exposed 24million consumers and almost 794 000 business entities whose information can be used to commit fraud and theft.
Matthew Gaskel, business analyst at Synthesis Software Technologies, told The Star that there was no such thing as being “completely secure with your data”.
He warned that hackers would keep coming with new resources and skills, pouncing on websites and corporate systems.
“We are starting to see more international hackers now in the country and this is due to lack of security.
“Also, given the amount of money we have within our banks and entities, international hackers have found a juicy spot.”
He said the Experian incident was a social-engineered attack at corporate level.
“This is more of a corporate level vulnerability. It raises questions as to how Experian communicates with its clients.
“It means there’s an agreement that they share, but the security of this communication is coming under the microscope.”
Gaskel said a data breach means that data was exposed and not stolen.
“It requires continuous operation and maintaining security, as the system evolves we need to make sure that it’s secure. Due to the Covid-19 pandemic, the transition to remote working has also attracted hackers, which might expose a number of corporates.”
A report released by Accenture on May 27 shows South Africa has the third most cybercrime victims globally, losing R2.2 billion a year.
The report said that the problem was significant and the country had experienced a cross-industry spike in attacks last year. “Threat actors may perceive South African organisations as potentially having lower defensive barriers than those of more developed economies. They may also think they face a lower chance of incurring consequences for their malicious activity.”
The report asserted that minimising of cybercrimes included making use of security and threat intelligence, protecting against internal threats and people-based attacks, and focusing on compliance, applying standards and best practices.
Last year, the City of Joburg was hit with a similar experience when it detected a network breach, which resulted in unauthorised information entering its network system, forcing it to shut down its website and e-service as a security measure.
The hackers demanded four bitcoins with an estimated value of R500000 and threatened to leak the residents’ information.
Striata security expert Alison Treadaway said the Experian attack was another example of how vital it was for security to be a priority across the organisation.
“This shows just how important it is that organisations which hold customer data have the right policies and procedures in place, but also educate their staff on what kind of information they can give out and when they can do so.”
Treadaway warned consumers to be more vigilant than before.
“They should be even more vigilant around phishing attempts than usual. Cybercriminals are more sophisticated than ever, especially when it comes to convincingly spoofing bank emails and websites. Your real bank will never, however, ask for your password or PIN,” she said.
Maher Yamout, senior security researcher at Kaspersky, a global cybersecurity company, said such threats can jeopardise users’ personal information and make them subject to online identity theft and phishing attacks.
“We urge all users who think they might have been affected to stay vigilant and careful online.”
Major banks have also advised their customers to be vigilant and provided guidelines to keep them safe.