As if Covid-19 wasn’t a scary enough time for the health industry, on Tuesday we learnt that Life Healthcare was the target of a cyberattack.
Reuters reported that “admissions systems, business processing systems and e-mail servers” were affected, forcing the group onto backup systems. The extent of the hack is still being investigated, but the timing of the event for a health-care provider is just cruel. It’s the third major SA company to fall victim to targeted cybercrime in 2020 — that we know of. The others are Nedbank (with 1.7-million client records potentially affected) and Omnia Holdings.
As Business Day previously reported, a recent release from Accenture demonstrates that SA has seen a “cross-industry spike in cyberattacks”. It says SA has the third-highest number of cybercrime victims in the world.
The research also shows how “South Africa” is a buzzword phrase in the last place you want to be “buzzy”: the dark web. Mentions of the country on the dark web have increased dramatically in recent years.
“Some threat actors may view SA as a testing ground for malware. Cybersecurity measures are not as robust in the country compared to other countries globally,” claims the report.
In the release, Clive Brindley of Accenture in Africa said: “Our research found that approximately R2.2bn a year is lost to cyberattacks.”
Top of the pops in terms of fraud losses was credit card fraud (or card-not-present fraud). And drawing on data from the SA Banking Risk Information Centre they claim a 100% increase in mobile banking app fraud.
Cybersecurity firm Kaspersky reported in March a 10-fold increase in attacks on digital networks since SA declared a state of disaster. Another category of cybercrime storming up the charts in 2019 was malware attacks, which increased by 22%, “translat[ing] to 577 attempted attacks per hour”.
There are a lot more of these. Honestly, there’s always a new cyber threat and incident report coming at you these days.
It is increasingly clear that we — SA — are an attractive target. What is less clear is why; has the evident digital divide in this country made us complacent or naive? Are we in dire need of effective leadership herein?
We’d need to marry psychology, cybersecurity and both quantitative and qualitative research to come anywhere near to answering why South Africans seem particularly vulnerable to the lure of phishing, or ill-equipped to secure their profiles. If anyone is digging into this area, please get in touch.
It can’t help, though, that the country has been slow to get our digital ducks in a row. The Protection of Personal Information (Popi) Act was supposed to finally come into effect on April 1, but this was, once again, delayed. The information regulator reported to the portfolio committee on justice & correctional services in May that several sections of the act had not been implemented. This saga has been dragging on for the best part of a decade.
And the cops don’t seem equipped either. If you walk into a police station anywhere in this country right now to report a crime you’re likely to be stepping into an almost tech-free zone where statements are handwritten on paper. Of course there are exceptions: some tech is being deployed in aid of policing locally, including body cams, licence plate recognition software and audio-monitoring (such as gunshot detection).
But there is a huge gap in training on a growing category of crime. That’s the lack of systems, and then there’s knowledge and willingness. Anecdotally, I know someone who tried to open a case against a known individual who was stalking and harassing them online, and they were met with incredulity on the part of the officers in their local police station. The attitude seemed to be that because it was happening online it was not real, or at least less real.
As all aspects of our work and social lives shift more and more online, the impact of cyberbullying, stalking, hacking, fraud and even corporate espionage is considerably amplified.
Goliath in this version of the story is a complex, interconnected but independent system tending towards more and more sophistication, employing artificial intelligence and social engineering in its arsenal, and driven by financial gain. And David? Officer David works on paper, uses Facebook to chat to his old school friends, and needs his daughter to help him when his mobile phone runs out of storage. He’s underpaid and undereducated, and not exactly incentivised to tackle revenge porn when he’s drowning in a caseload of homicides and home invasions.
I don’t think this one will end the way the parable does, unless the leadership ups its game dramatically.
• Thompson Ferreira is a freelance journalist, impactAFRICA fellow and WanaData member.
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.