The rapid development of digital technology since the turn of the century has fundamentally changed the way business and society operates and interacts. In many ways, the COVID-19 pandemic not only drove acute systemic changes in consumer and business behaviors, it also presented a boon for the uptake of digital transformation across the globe, skyrocketing the rate of adoption for online services and mobile technologies.
Even before grappling with challenges brought on by the global pandemic, digital information executives faced an equally dynamic environment as they sought to protect increasingly valuable digital assets, without degrading their ability to innovate and extract value from technology investments.
As companies seek to create enhanced digital customer experiences, the digital operating landscape has also left many prone to opportunistic fraudsters as well as increased risk and impact of cyberattacks by criminals using increasingly sophisticated methods to exploit the online environment.
As with global counterparts, South Africans have not been exempted from this global crime phenomenon: the country’s lack of investment in cybersecurity, law enforcement training, and public knowledge of cyber threats has made the region a haven for cybercriminals.
The country now has the third-highest number of cybercrime victims worldwide, losing approximately R2.2 billion (US$147 million) a year to cyberattacks.
iDefense analysts found that between 2010 and 2014, it was rare for cybercriminals on the dark web to mention South Africa; but there has been a much higher focus on the country since 2016. This correlates with the increase of notable cyberattacks on State institutions and large, tech-driven businesses in the country. While sophisticated malware, ransomware, and hacking were used in these attacks, South African SMMEs are most vulnerable to more common cybercrimes including phishing scams, key logging, email fraud, botnets, digital extortion, and invoice fraud.
SMMEs are particularly targeted because they often (due to the nature of their “small-scale” organization) do not have access to the necessary digital security systems or third-party services to store their backup data, and therefore cannot effectively protect their client’s sensitive information like bank account details and Personally Identifiable Information (PII).
Given the fast-evolving and transnational nature of cybercrime, it is evident that the first line of defense lies in organizations reinforcing their IT standards and best practices and equally, with employees taking additional precautions with their devices and personal information.
HP Wolf Security highlights three important methods an organization can implement to be more cyber resilient. The first comes down to basics.
Organizations should be investing in multifactor authentication and other security controls like isolation technologies that do not hamper employee workflows. This will better control the types of software employees download onto their devices and eliminate risk from entire vectors.
Proactive planning is another crucial process that involves both the organization and its employees. Routine rehearsals to attacks help businesses identify problems in security systems, anticipate what tactics attackers might use, and improve more efficiently overall security apparatus. When instituted effectively, this not only prevents attacks, but bolsters recovery times should one occur.
All the tactics are not a one-sided affair and organizations cannot do this alone. Employees also have a part to play as continuous training becomes a prerequisite for them to understand the types of cyberthreats, social engineering, and preventative measures. This can be as basic as not using public or unfamiliar devices or Wi-Fi connections to access shared company files; ensuring passwords are strong by including a combination of letters, numbers, and characters; and never providing PIN codes, passwords, or sensitive information to anybody via telephone, email, or text. Frequent awareness campaigns like these reinforce threat resilient behaviors and practices, ensuring that employees are empowered to manage human risk elements themselves.
As digital technologies develop into the future, it is likely that cybercriminals will become more reliant on Artificial Intelligence (AI) and machine learning (ML) to generate targeted attacks directed at key individuals in an organization. It is only by instituting foundational cybersecurity models and practices now, can we hope to build upon these and ensure resilience against more sophisticated attacks in the future.