South African government departments, organisations across industry sectors regardless of size, and even private individuals online all face the constant risk of being victims of a cyberattack, according to Russia-based international cybersecurity firm Kaspersky.
While this is not a unique challenge to the African country, it is certainly a growing one that requires the “reprioritisation” of cybersecurity countermeasures, it says.
“If we have a look at the local market, the types of cyberattacks we are seeing impacting businesses, and across different industries, reinforces the need to be vigilant and educate employees on what constitutes cybersecurity best practice, especially as cybercriminals tactics and methods evolve,” says James Gumede, SADC Territory Account Manager at Kaspersky.
From ransomware to the challenges of coordinating a proper cyber-response, here are the 4 largest cyber-threats currently affecting SA’s institutions:
- The Challenge of Ransomware
Kaspersky research found that from January to April this year, ransomware attacks in South Africa have doubled over the comparative period of 2021.
In fact, ransomware has become the most significant cyberthreat of our time. As the name suggests, ransomware locks a system until a ransom is paid for its release.
“The attack on Transnet last year showed that a successful ransomware breach can stop any business dead in its tracks, resulting in devastating financial and reputational repercussions. But just imagine what could happen if the likes of a hospital, or other critical infrastructure, should fall victim to a compromise. Not being able to access data and systems then becomes a matter of life and death,” adds Gumede.
- APT: The Long-Term Danger
Another growing concern in the South African region is that of Advanced Persistent Threats (APTs) which can often stay undetected for months and even years. These complex attacks typically focus on high-value targets such as well-known companies and government departments. The goal of an APT is to steal information over a long period of time.
“Our research has found that governments, diplomatic entities, and education institutions are increasingly being targeted by APT groups,” adds Gumede.
“Such is the extent of this threat that South Africa has joined Nigeria and Egypt as the three most targeted countries on the continent. We have found that one of the most active threat actors in this regard is TransparentTribe. This group focuses on diplomatic entities, educational institutions, government departments, and the military. It uses macro-based malicious documents to penetrate organisations and USBs that can steal data from air-gap networks,” continues Gumede.
- Threat Actor Groups
Threat actors are the criminal individuals who actually cause cyber-attacks and take advantage of people and organisations connected to the internet. They have no real scope and threat actors from any country can affect people living anywhere in the world.
For example, it is alleged that an Eastern European threat actor group was responsible for the attack on Transnet last year.
Another group very active in South Africa, according to Kaspersky, is the North Korean hacker group “Lazarus”. This threat actor focuses on stealing money and sensitive information possibly for national security purposes. It targets everyone from the military and government to telecoms and pharmaceutical organisations.
“Lazarus has a long history of being behind some of the most devastating attacks in the world including the Bangladesh heist in 2016. Having such an influential threat actor active in the country is cause for major concern,” adds Gumede.
- The Difficulties of Safe-Guarding Business Systems
Gumede says that tracking, analysing, interpreting, and mitigating against these constantly evolving cybersecurity threats can place a massive burden on already strained company resources.
He says it is for this reason that using an integrated threat intelligence portfolio of solutions is so critical for large organisations.
“By integrating up-to-the-minute threat intelligence feeds containing information on suspicious and dangerous IPs, URLs, and file hashes into existing security systems, security teams can inject a level of automation into the process that significantly frees up their time. This enables the organisation to improve and accelerate its incident threat response and forensic capabilities,” he says.
Using a threat intelligence solution empowers the company to prevent the exfiltration of sensitive assets and intellectual property from infected machines.
Having the ability to detect infected assets quickly will help ensure the business can stay ahead of malicious threat actors.
“Effective cybersecurity has evolved beyond just anti-virus and firewalls. It now requires threat intelligence to be incorporated into the entire defensive footprint of a company to safeguard itself from the most significant threats facing them today,” concludes Gumede.
African Countries Need to Invest in Proper Cybersecurity Practices in the Public Sector
Public sector organisations (PSOs) in Africa are continually targeted by cybercriminals. In 2021, South Africa’s Department of Justice was attacked, causing a huge delay in court cases.
The truth is: These incidents are preventable, public organisations just need to be equipped with the right know-how to defend themselves.
If your public organisation is digitally connected, like all successful modern enterprises should be, then you cannot afford to miss the Public Sector Security Summit 2022 (#PubliSec2022), to be held on 2nd and 3rd August 2022.
Register now for #PubliSec2022 and learn from top local and international cybersecurity experts to prepare your public organisation before the attack comes.
To learn more, click here.