SA is more cybersecure than it was a year ago, but it’s still vulnerable

South Africa is moving in the right direction to becoming more cybersecure. This is according to a study released by computer and network security company Comparitech, on the cybersecurity of 76 countries across the world in 2020.

The countries were ranked from one to 76 with one being the least cybersecure country and 76 being the most cyber-secure.

South Africa, which was ranked in position 29 in 2019, is now ranked in position 31.

According to the findings, Algeria remained undefeated in its number one spot of being the least cyber-secure country in the world, while Denmark stripped Japan of its glory as the most cyber-secure in 2019.

Paul Bischoff, who is the director of Comparitech, said low cybersecurity posed a risk in the operations of a country.

“Cyberattacks vary widely, but in general a low score means people are more susceptible to attacks and malware. These attacks not only come directly from hackers, but also friends and family who unknowingly share malicious links and files. These attacks can lead to fraud, ransomware, account takeovers, and data breaches,” he said

Dr Jaco du Toit, who is the deputy director for the centre of cybersecurity at the University of Johannesburg, said that a country’s strength in dealing with cyberattacks lies in its ability to “identify, protect, detect, respond and recover from such attacks.

“These five aspects collectively show how mature cyber security is established in a country. Legislation and preparedness, two of the factors measured by the report, only provides half a picture,” he said.

He added that the adoption of fourth industrial revolution technologies and processes may put an individual’s personal information at risk.

“Company information and information assets become more exposed without proper cybersecurity controls to help mitigate risks.

“This will increase cases of online banking fraud, credit card fraud, identity theft and cyberattacks on critical infrastructures, such as economic systems, railway, water supply and treatment and many other critical services provided by government,” he said.

A long way to go

Despite South Africa improving on its ranking the country still needed to work hard to become more cybersecure.

In October 2019, a group which referred to themselves as Shadow Kill Hackers demanded a ransom of four bitcoins (more than R500 000) after hacking the operating systems of the City of Johannesburg.

In that same month, the South African Banking Risk Information Centre released a statement on several banks having been hit by cyberattacks.

Junaid Amra, director at Pricewaterhouse Coopers said that organisations first need to know who would want to attack them.

“Many organisations don’t know what kind of attackers would be interested in them.

Read: The war on the web: Are organisations ready for battle?

“There are state-sponsored hackers, organised crime hackers, hacktivists (activists who express themselves through hacking) insiders who work for service providers and have access to your personal information,” he said.

Organisations should prioritise cybersecurity before an attack happens

Du Toit said “South Africa has many socioeconomic problems, which means that cyber security is low on the agenda for many companies and government structures.

“Larger organisations in South Africa have shown that they take cyber security seriously and have invested in technology to address cyber security issues.”

Think before you click

Attackers look for the weakest organisations.

“We can use the analogy of burglars walking down the street. If your house is the one with the windows always open, it’s going to attract attackers faster.

“Individuals should not use the same password for every platform,” Amra said.

He added that organisations needed to invest in training their staff in using new technologies.

“Finding the right people to manage the security is important. Wrong people give your organisation the wrong sense of security.

“It is difficult to measure cybersecurity in SA because it’s not uniforms. We have pockets of excellence where some organisations are comparable and some who are really poor,” he said.

Sharing similar sentiments, Du Toit said: “South Africa has a shortage in cybersecurity education, skills and awareness. General IT skills, which should include aspects of cyber security should be promoted at school level.

“Government should invest more strongly in existing structures which promote cybersecurity, such as the Government Cybersecurity Hub. Political will is also lacking, since we have not seen movement in implementing the Cybercrime Bill.”

The country covered only two of the seven categories in the most up-to-date legislation, Bischoff said, and governments needed to play a role in tightening up this aspect.

“Legislation should provide funding and policies for cyber defence strategies. This not only guards against foreign attackers, but also sets security and privacy standards for individual and business data within the country,” he said.

Comments are closed.