In an increasingly digital world, South Africa finds itself grappling with a surge in cybercrime, as revealed by a recent report from cyber security company Surfshark.
The country has been ranked fifth globally in cybercrime density—the proportion of cybercrime victims among internet users—marking an 8% increase from the previous year, 2021.
With approximately 56 out of every million internet users victimised, this accounts for about 2,000 individuals affected by cybercrime in South Africa alone during 2022.
The Surfshark report underscores a worrying global trend, noting that a staggering 801,000 people fell victim worldwide to cybercrime last year.
This information is drawn from Surfshark's Data Vulnerability Thermometer, developed by combining open-source FBI data with sophisticated research algorithms to assess and evaluate the risks associated with cyber threats.
According to the CSIR’s (Council for Scientific and Industrial Research) Cybersecurity Resilience Report, which focused on public sector organisations, only half of South Africa’s public entities are conducting daily cyber threat checks.
The collaboration with the Cybersecurity Hub under the Department of Communication and Digital Technologies paints a bleak picture of the nation's preparedness against these rising threats, highlighting that a staggering two-thirds of cybersecurity roles remain unfilled.
Gerhard Swart, Chief Technology Officer at Performanta, elaborated on the findings, asserting that the unique challenges faced by the public sector often mirror those seen in the private sector.
"For example, all sectors have issues with filling cybersecurity roles, and criminals frequently target their data systems.Though the CSIR's report focuses on the Public Sector, there are valuable insights here that every organisation should consider, Swart notes.
The report comes on the heels of a cyber-attack against the National Health Laboratory Service (NHLS), which confirmed an information technology (IT) security breach in June 2023.
The preliminary investigation revealed that, while the attack employed a ransomware virus targeting specific IT system points, no patient data was compromised, providing a semblance of reassurance amidst a crisis.
Delving deeper into the survey results, Swart shared some of the more unsettling trends.
Nearly half (47%) of organisations reported experiencing between 1 and 5 cybersecurity incidents in the past year, with 88% of respondents acknowledging at least one security breach. Shockingly, 90% of those affected have been targeted multiple times.
The report also indicated that over half of the attacks utilised malware or phishing tactics, while a third were related to insider threats or social engineering, showing the multifaceted nature of contemporary cyber threats.
Swart was quick to identify the overarching concern: “Organisations are encountering issues with capacity and training, with over 63% of cybersecurity roles remaining unfilled or only partially filled.”
He added that many cybersecurity professionals have left their roles seeking better remuneration, echoing a troubling reality that extends beyond mere statistics. Furthermore, a significant 68% of employees lack adequate cybersecurity awareness training, illustrating a critical knowledge gap that criminals are all too eager to exploit.
Despite these stark findings, Swart expressed optimism, acknowledging that while organisations remain under siege, they are beginning to respond more effectively.
“The cybersecurity market has evolved significantly in recent years, adapting to challenges such as staffing shortages and the financial constraints faced by security teams. Risk-first strategies are becoming the norm, with responsible security providers now crafting tailored security blueprints based on individual business risks rather than attempting to cover every contingency at once.”