A leading cyber security firm says companies in South Africa are increasingly susceptible to cyber attacks.
The cyber security firm Fortinet said between 2022 and 2023, over 80% of South African organisations experienced more than one cyber attack that can be partly attributed to the cyber security skills’ shortage in their teams.
Cyber threats in South Africa are increasingly intensifying, making the need to bridge the skills shortage gap a higher priority than ever before.
This week, the latest cyber security victim was the National Health Laboratory Services. The public institution said it experienced a security breach in its information technology that compromised its systems and infrastructure.
According to South African Banking Risk Information Centre (SABRIC), South Africa loses around R2.2 billion a year to cyber attacks.
The country is host to a great number of major banking and retail headquarters, making it enticing to cyber criminals.
Private companies, government organisations and individuals remain the main targets for cyber criminals trying to infiltrate the South African IT systems.
Phishing emails remains the most common attack that not only businesses experience.
A recent report by KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, revealed that Human Resource (HR) and Information Technology (IT) related emails account for more than 42% and 30% of top phishing email subjects respectively.
These emails are likely to contain dress code changes, tax and healthcare updates, training notifications and other similar subjects that are guaranteed to capture employees’ attention and deceive them into providing an immediate response that may include sensitive information, without thinking twice about the emails’ legitimacy.
After gaining access to company systems through the employees, cyber criminals may steal financial data, intellectual property or trade secrets.
They may perform ransomware attacks where they encrypt sensitive information and demand payment in exchange for the decryption key. Furthermore, they could delete, modify or corrupt company data in order to disrupt business operations.
On a more personal capacity, these phishing attacks often come in the form of emails that contain subjects such as tax returns, healthcare plans and subscription services such as Apple Pay, as well as through SMSes that appear to be from your bank, or the most common one currently making rounds where you are told about an anticipated delivery or job opportunity from a recruiter.
You would then be required to click on a link which diverts you to a fraudulent website where any private information entered on this page, such as banking details or password is accessed by cyber criminals to scam you.
Microsoft published a Digital Defense Report in 2023 in which it reinforces that 99% of cyber attacks can be prevented through basic security hygiene practices, such as:
Enabling multi-factor authentication (MFA). This simple yet effective step makes it significantly harder for attackers to breach your systems
Implementing software to detect and automatically block attacks and thereafter provide insights into how the attack occurred in the first place.
Monitoring and updating security systems. Outdated systems are a key reason many organisations fall victim to an attack.
Cultivating a security culture by constantly educating all employees about cyber threats, the implications and training them on what steps to take if they encounter an attack, both at work and in their personal capacity.
Additionally, bridging the skills gap and building a robust cyber security workforce, should be a priority for South African organisations and the government.
A collaborative effort to invest in education such as comprehensive skills development programmes that are geared towards equipping young people especially with the necessary knowledge and technical ability to excel in the field of cyber security, would be a big step in the direction of overcoming the increasing cyber threats and safeguarding the country’s digital infrastructure.
Without a vigorous pool of cyber security professionals, the country remains vulnerable to cyber-attacks, data breaches, and other malicious activities.