A number of reports in the last two years revealed that the BRICS economies (Brazil, Russia, India, China and South Africa) were found to be amongst the largest victims of cybercrime. For example, China, Russia and Brazil are among the top countries prone to malware infection. India and Brazil are countries in which users are most attacked by ransomware.
In that context, South Africa is listed as one of the ten globally most vulnerable countries to cyber-attacks. It is, for example, estimated that data breaches cost South African companies on average R1 632 per lost or stolen record.
On the other hand, it was reported that general cybersecurity awareness among the workforce and citizens in South Africa is at a very low level. A recent huge data leak in one South African organisation and many unreported security disruptions strongly hinted that our public and private organisations were and still are cybersecurity disasters waiting to happen. The most recent reports by News24, which stated that the notorious hacker, known as Paladin, has successfully attacked and shut down a number of government websites, just confirmed our unpreparedness to shield against cyber attacks.
Particular warring is the state of cybersecurity of the national critical infrastructure as highly-connected regions of the world such as South Africa are and will be lucrative targets for various adversaries. The number of cyber-attacks against critical infrastructure is rising fast all over the Globe so that many consider cyberspace as the new battlefield. Hence, protecting this infrastructure should be the utmost task if South Africa is to avoid cybersecurity Armageddon.
One of the biggest cybersecurity problems in South Africa is a feeble awareness among our workforce, including all level managers, and citizens. While some South African organisations are launching cybersecurity awareness programs, citizens are rarely offered such a programme or campaign. In this regard, government responsibility cannot be ignored but governments cannot do the job alone. Instead, the collaborative action of public, private, non-profit and educational sectors is needed for effective advocacy, leadership and skilling cybersecurity actions.
There is also an immediate need for improving cybersecurity culture at the organisational and societal level, which must include clear guidance on what it means to be a ‘cyber-aware’ or ‘cyber intelligent’ employee or citizen.
Finally, preventing and mitigating cybersecurity attacks requires skilled people, which are in a severe shortage all over the world. Are South African secondary and tertiary institutions currently ready for producing an adequate number of cyber specialists? It does not seem so. As the cyber skills shortage continues to increase, enterprises will recognise that they need to create their own cyber talents rather than waiting for educational institutions to produce them. Companies are also likely to begin promoting public dialogue towards more cyber skills education at an earlier age.
So, are we currently ready to prevent a cybersecurity Armageddon in this country? It does not seem so - but, as the old Chinese proverb says: ‘The best time to plant a tree was 20 years ago. The second best time is now’. We hence need an urgent and effective cybersecurity intervention in South Africa now.