Mteto Nyati, CEO of listed technology firm Altron, which has been shedding its other African customers to focus on cybersecurity in SA, says the country is "not ready at all" for the sort of cyberattacks that have proliferated since the start of Covid-19.
It's a scary situation, he says.
"But what is even scarier is that our government is the least prepared. And this is where most of our key information is. This is the most worrying part."
The massive cyberattack on state logistics firm Transnet in July was a wake-up call - and he believes it was just one of many on government entities in the past few months.
"Almost every week there is an attack like that in government. They're not always reported but these things are happening every week. Not necessarily on that scale, but we're going to get there if government chief information officers are not moving in the right direction to protect their IT infrastructure.
"From our assessment in terms of readiness, that's where most of the vulnerability is. But these guys are so sophisticated these days they can attack environments which we think are highly protected."
R4.76bn
What listed technology company Altron is valued at
Growing attacks have caught many companies off guard, he says.
"Covid-19 has forced them to rely more and more on online transactions, which has created a big opportunity for cybercriminals."
The infrastructure of both private and public sector companies is not well protected against this threat, says Nyati, whose company monitors cybersecurity breaches closely.
"Every week there is a breach, key websites being taken over by criminals taking personal data of customers and using that information to drive their criminal activities.
"That is happening in government and in the private sector. And we as a country are not ready at all."
But while SA as a country is lagging behind developed countries in terms of cybersecurity, the financial services and retail sectors are "right up there with the best in the world", Nyati says.
"They're way ahead of other private and government sectors."
Altron partners with the big banks and retailers to strengthen their cybersecurity measures, which he says is a continuous process.
"The problem with this thing is you can never sit back and say, 'I'm done.' You're never done in the cybersecurity space because the criminals are forever looking for ways to outsmart you."
Even the best-protected banks get hacked from time to time, he says.
"The key is being able to pick up when criminals have entered your network and then being able to respond immediately and appropriately."
Banks and big retailers are taking cybercrime "very seriously, because it can destroy them". Not to mention their customers.
"What the criminals want is data. Once they get it they can do massive damage. They take your digital identity and then go to [the South African Revenue Service] or open up digital accounts pretending to be you."
Banks are constantly looking for ways and means to protect this environment.
Many have appointed professional hackers (performing so-called "ethical hacking") to test if their structures are resilient enough.
"We monitor their environments because we're their partners, and the number of attempts to breach these environments just keeps spiking. The good thing is that they have multiple layers of protection."
The majority of entities, private and state-owned, have "not paid too much attention to cybersecurity, and this is something we are sensitising them" about.
The risk of cyberattacks has to be elevated to board level and managed there, whether in private companies or state-owned entities such as Transnet or Eskom, where, Nyati, says, the consequences of a successful cyberattack don't bear thinking about.
"I think government understands the big consequences linked to a cyberattack. What may be an issue here is the ability to respond quickly enough to prevent it in other departments.
"When I look at their track record it says to me it is very likely they will be reactive instead of taking proactive steps. And reactive is too late. You cannot afford to be reactive."
He says a lack of technical skills in the cybersecurity space is an opportunity for Altron to grow its business, but limiting that growth is the unavailability of skills in the South African market.
When I look at their track record it says to me it is very likely they will be reactive instead of taking proactive steps. And reactive is too late
— Mteto Nyati
"What makes the problem worse is that global players, because you can work from anywhere, are coming into our market and hiring our skills."
They offer recruits good money and the chance to work for clients in the US and UK without having to leave SA.
"So we're not just competing with local players for these skills, we're competing with global players. This drives up the cost, so it is becoming increasingly difficult for us to compete with them."
The upside is it's an opportunity for the country to drive down youth unemployment by giving focused training to young graduates sitting idle so they can be productive in the security space.
He says the experience of Covid last year made Altron, which is valued at R4.76bn, realise that its capabilities in SA were "way ahead" of what its customers in Africa were looking for.
"Our customers in SA have growing needs in cloud computing and around data. Underpinning these trends is a need for strong security."
In line with its focus on cybersecurity, last year Altron bought Ubusha Technologies - which specialises in identity management - for R360m. In March it paid R245m for small, home-grown company LAWtrust, which has built cutting-edge cybersecurity technology.
"So now we don't have to take technology from the US and try and implement it in SA. We've now got technology that is world-class, that was developed by South Africans.
"And we want to shout it from the rooftops because the more this little company from SA can be successful and its technology be used globally, the more we can employ people in SA to continue to develop similar kinds of products that we can export to the rest of the world."
He says the success of LAWtrust, which began as a small start-up 23 years ago and now has about 50 private- and public-sector clients, shows why "we need to pay attention to these start-ups, feed them and help them. Because they can be global players. From South Africa."
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.