Share

What SA is doing to tackle cyber crime

This article first appeared in The Conversation.

LAST year South Africa had the most cyber attacks of any country on the continent. In 2014, losses reached an estimated R5bn annually through cyber crime. The year before, the Norton Report rated South Africa third on the list of the number of cyber victims in the world. Russia and China topped the list.

It is difficult to objectively determine the level of cyber crime in South Africa as there is currently no legal requirement to report cyber-related crimes.

But there is general acceptance that the country faces a major challenge. South Africa’s laws have been improved to deal with emerging threats in cyber space. This was underscored by the recent tabling of the Cybercrime and Cybersecurity Bill.

The number of data protection laws in Africa has also increased. But only after they have been implemented can further studies be done to check how successful they have been.

In addition, the African Union last year accepted the Convention on Cyber Security and the Protection of Personal Information. Though far from perfect, the convention highlights the African Union’s concern with cyber issues. There have not been any real developments over the last year even though most, if not all, member countries have signed the convention.

Criticism of the bill

The South African bill defines a wide range of cyber crimes and proposes a range of penalties for infractions. It also creates a number of cyber structures that would provide a wide range of services.

READ: Concern raised over SA cyber security law

The cyber hub allows anyone to report any cyber crime. All complaints will be investigated. The complainant will receive feedback. The cyber hub will also, for example, provide cyber-awareness campaigns in South Africa.

In theory, the bill is a step forward for South Africa, making the country more cyber-safe. But serious criticism can be levelled at some aspects of it. The most important is the cyber capacity challenge. Does South Africa have the knowledge and expertise in the cyber field to properly implement the bill?

READ: SA-China cyber security pact worries DA

Cybercapacity skills are scarce internationally. South Africa is also facing a challenge.

To properly and efficiently implement the bill, there must be a massive national initiative to develop the necessary skills. For such capacity-building, there needs to be political will. And financial resources are required.

Without these, the bill, if enacted, will only look good on paper, and not have the desired effect.

Another negative aspect of the proposed legislation is the decentralisation of cyber-related responsibilities to a number of government departments. This is likely to create a silo-based approach to cyber governance. It will lead to inefficiencies and duplication of effort. By combining some, or all, of the new structures in the bill, scarce technical resources should be better used.

What are your thoughts on SA's cyber security efforts? Tell us by clicking here.

End users are the weakest link

Most enterprises in South Africa, especially banks, have been hardest hit by cyber crimes. They have launched consumer awareness initiatives and spent large amounts of money on cyber security.

As a result, would-be cyber criminals turn their attention to the weakest link in the cyber chain: The end user, a lucrative and often naïve target. All types of socially engineered attack methods are used to lure the end user into a situation where personal login information is compromised. This happens not only for financial transactions, but also for social networks and other applications.

The business sector, government and non-governmental sector in South Africa have been involved in consumer education interventions, the results of which can be measured in time.

The biggest efforts are centred around phishing. Phishing is a method of deceitfully obtaining personal information such as passwords, identity numbers, credit card details and sometimes – indirectly – money.

Typically, phishing emails request that users obtain, verify or update contact details or other sensitive financial information by clicking on a link in the email that directs users to a spoofed website (a website designed by criminals to fool users into thinking that it is legitimate).

Elsewhere on the continent, Angola and Mozambique have recently been subjected to an increase in phishing attacks. One recent target in Mozambique was a major African financial institution. Customers received an email, appearing to come from a bank in Mozambique. The email subject read “Mensagens & alertas: 1 nova mensagem!” (Messages & alerts: 1 new message!). A URL contained within the body of the text led to a fake version of the bank’s website. It asked the target to enter the banking details that would allow the attacker to take over the account.

One of the main dangers of phishing is the ease with which attackers can set up scam sites. And their modus operandi seems clear – follow the money to unsuspecting consumers.

That is why establishing the legal platform to fight cyber crime is an urgent necessity, accompanied by public awareness campaigns. But South Africa, along with the rest of the continent, still has a mountain to climb in policing cyber crime.

*Basie von Solms is the Director, Centre for Cyber Security, University of Johannesburg.     

We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
18.92
+0.1%
Rand - Pound
23.88
+0.1%
Rand - Euro
20.41
+0.1%
Rand - Aus dollar
12.32
+0.1%
Rand - Yen
0.13
+0.1%
Platinum
908.05
0.0%
Palladium
1,014.94
0.0%
Gold
2,232.75
-0.0%
Silver
24.95
-0.1%
Brent Crude
87.00
+1.8%
Top 40
68,346
0.0%
All Share
74,536
0.0%
Resource 10
57,251
0.0%
Industrial 25
103,936
0.0%
Financial 15
16,502
0.0%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders