SOUTH Africa’s fight against cybercrime has another challenge – qualified personnel in the ICT space are being snapped up by multinational firms, with local firms unable to compete for talent, says Bolang Lithebe, the head of CyberTech at Altron Systems Integration CyberTech.
He said global firms were allowing the specialists to work from home in South Africa, due to the Covid-19 pandemic. With the red tape of exporting South African talent now in the past, specialists did not have to leave South Africa and were being offered foreign currency packages.
“I work for a US company and I work from home. This has impacted on how ICT jobs are viewed. It is easy now for multinationals to poach South African resources.
“Before the Covid pandemic, people would have to leave the country and work at those base countries, now they just work from home,” Lithebe said.
According to research by Kaspersky researchers, South Africa has seen an increase of 24 percent in ransomware in the second quarter of this year, as well as an increase of 14 percent in crypto-miner malware. The recent cyberattacks in South Africa have led to chaos, disruptions and a high level of paranoia. This has raised questions of the government’s readiness to deal with such attacks which are becoming a lot more common all over the world.
Recent attacks include an assault on Transnet’s ENatis system in July.
It left the logistics state-owned enterprise unable to process imports and exports, causing damages, particularly of perishable goods, amounting to billions of rand.
Last week, the Department of Justice and Correctional Services suffered an assault, as did the South African Maritime Agency. Power utility Eskom and the Department of Home Affairs have not been immune either.
“These attacks used to be about one a month, now it is more frequent. Every week there is an attack on some organisation or the other,” Lithebe said.
Attacks may happen for many reasons, some for ransom, activists of various inclinations, religious aims and, sometimes, just for the dare. He said South Africa’s cybersecurity was ideally placed with the CSIR, which should monitor threats and advise on action, particularly for security agencies, but the country mostly responded to attacks that were under way.
“The attacks in terms of technique are not different, they break into your computer systems, use privileged escalation to gain access to sensitive files and, once the encryption of files starts, it is often too late to stop it.”
Lithebe said the solution was for the government and business to invest and be prepared to spend money on effective interventions and acquire the necessary equipment.
“For now, it is up to each company or entity to protect its network assets, we do not have a body with the mandate to protect across the board.”
He said available solutions included end-point detect response, which had inbuilt early-warning systems that deciphered what a user was doing and shut down if it detected an assault.
“Attackers are moving at a faster pace than the rest of the country, and we will keep on losing money, time and productivity if companies and entities do not understand the significance of the threats.”
BUSINESS REPORT