MegaBanner-Right

LeaderBoad-Right

LeaderBoard-Left

Home » Industry News » Security Surveillance & Access Control & Cyber Security News » Cybersecurity threats in South Africa – why attackers keep targeting local businesses

Cybersecurity threats in South Africa – why attackers keep targeting local businesses

Cybersecurity threats in South Africa – why attackers keep targeting local businesses

By Adrian Ephraim

A Kaspersky researcher who tracks the world’s most patient attackers says local businesses are not being beaten by Hollywood style hacks, but by stolen passwords, trusted suppliers and a stubborn belief that security is something you buy.

“Our job is finding the needle in the haystack,” says Omar Amin, a senior security researcher in Kaspersky’s Global Research and Analysis Team, who sifts through millions of pieces of telemetry to pull out the attacks that matter, the quiet espionage campaigns, and the loud, expensive ransomware hits. He was in Cape Town and Johannesburg recently to share what that haystack is telling him about South Africa. His message is not a comforting one. The country is, and will remain, an attractive target.

A target by design

“If you run infrastructure, manage money, manage logistics or operate industrial systems, you are part of a target surface,” Amin says. South Africa also hosts a steady flow of foreign nationals whose data sits inside local government, energy, telecom and financial systems. The advanced persistent threat groups he tracks follow opportunity rather than borders. “They are not region locked,” he says. A shift in geopolitics or a single high profile event can swing their attention here within months.

That helps explain the run of public sector breaches, from the attacks on Stats SA and the Gauteng provincial government claimed by a group calling itself XP95, to a recent breach at a local dental provider. Amin is careful, because dark web data is hard to verify and criminals often chase clout. But the noise itself does damage. Once South African data is seen changing hands, more attackers come looking.

Loud ransomware, silent spies

Amin draws a sharp line between the two threats people tend to blur. “Ransomware wants the victim to know: we encrypted your systems,” he says. “The espionage groups want the opposite. Please don’t notice us, let us infiltrate in silence.” With ransomware, “the downtime is a weapon.” With espionage, “the silence is the weapon,” and time is everything. “Six months is bad. A year is a disaster. More than a year is catastrophic.” What unites them is rarely glamorous. Stolen credentials, phishing and exposed servers open most of the doors.

The weakest link

The threat that worries him most is the one a business cannot fully control. “What a company cannot prevent is the supply chain attack, because it all comes from the outside,” he says. Attackers break a trusted supplier first, often a managed IT provider with access to dozens of clients. “If they manage to impact one, now it’s game over.” Their real weapon is patience, researching every vendor a target relies on and working through them one by one.

Common sense over budget

His advice is unfashionably basic: multifactor authentication, phishing training, a full inventory of internet facing assets, prompt patching, and watching the dark web for leaked credentials. “Stolen credentials are behind most of the attacks, in Africa and all over the globe,” he says. For smaller firms without big budgets, he is reassuring. “It’s not about money at all. It’s about common sense,” he says. “Don’t expose your sensitive data to the internet. Don’t download cracked software, because that’s often where stolen credentials come from.”

AI scales the threat

On artificial intelligence he is measured. “It’s not magic. You can’t just tell AI to go compromise a government entity,” he says. What it does is scale the work. Attackers use it to write flawless phishing in local languages, run faster reconnaissance and generate malware. “They research videos of executives on YouTube, and in two minutes they can clone the entire voice,” he says. Yet he warns against writing these groups off as amateurs. “The human operator still matters. AI just makes the attacks faster.”

Spend on people, not just tools

This is his real message to South African boards. Security is not a shopping list of products. “If you have to invest in something, invest in your security teams,” he says. “Whatever stack you have, the people are what matter most in preventing these attacks.” In a country so attractive to attackers, that is the decision he wants boards to stop delaying.

To enquire about Cape Business News' digital marketing options please contact sales@cbn.co.za

Related articles

Capetrain Express pitched as Cape Town rail capacity falls short by 2050

Capetrain Express pitched as Cape Town rail capacity falls short by 2050 By Kris van der Bijl CAPE Town’s rail network will not keep pace with...

BMG pneumatic solutions drive efficiency, safety and productivity across industries

BMG pneumatic solutions drive efficiency, safety and productivity across industries COMPRESSED air has become a cornerstone of industrial productivity in many sectors, including automation, materials...

MUST READ

Pump innovations at the centre of water security solutions

Pump innovations at the centre of water security solutions Darryl Macdougall, Managing Director, Verder Pumps South Africa Untreated wastewater remains a major contributor to global water...

RECOMMENDED

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.