Cybercrime has become a global pandemic with South Africa leading the charge in terms of countries that have become a hotspot for cybercrime, earning us the dubious honour of being labelled the cybercrime capital of Africa. With October being international cyber security awareness month, we touch on some of the issues and risks which South African businesses face with respect to cybercrime.
With apps, online platforms, social media and the increasing reliance on and use of technology in everything we do continue to expand exponentially, it is no surprise that the prevalence of cybercrime parallels this exponential growth. Add in the growing sophistication of cybercriminals, the ability to commit cybercrime on a global scale and the lagging vulnerability of institutions and businesses to stay ahead of these criminals with adequate security measures, and you have the perfect environment for opportunistic and organised cybercriminals to flourish in.
Cybercrime involves criminal activities (most often related to the theft of money or data), involving the use of technology, such as computers, tablets, smartphones and networks. It may also involve traditional crimes which are advanced via the internet.
Although rapidly waning, many South African businesses suffer from the belief that they will be spared from falling prey to cyber-attacks and that only the large and wealthy will be targeted. This unfortunately is far from the truth as individuals and businesses, large and small, are increasingly being targeted by cybercriminals using sophisticated technologies to expose young and old, poor and wealthy to the risk of being victims of cybercrime.
Recent South African judgments have highlighted the impact of cybercrimes, showcasing how persons and businesses fall victim to scams, hacks, phishing attempts, cyber ransoms and more. For businesses, this also poses the risk of being held liable by victims. With cyber criminals often operating from cross-border jurisdictions, the ability to identify and bring such criminals to justice is limited. This leaves victims who have suffered losses and face the challenge of not being able to recoup losses from criminals, to instead try and take legal action against the businesses which have acted as intermediaries in financial transactions that have led to cybercrimes occurring.
Victims have been successful in legally holding businesses accountable, creating a very real business risk for businesses unwittingly made party to crimes against clients of the business by clever cybercriminals. Think here of the loss of personal data or passwords by a business that may grant criminals access to personal accounts or transactions of individuals. Not only the danger of financial claims but also reputational damage is a massive threat to each and every South African business.
The following list, although by no means exhaustive, is a few examples of cybercrimes that may be committed.
- Phishing scams, where a victim receives an e-mail, message or other electronic communication that appears to come from a known or well-known source, but actually comes from a fraudster, intending to get the victim to disclose sensitive data, such as their bank account numbers, residential address, credit card details and passwords. The information is then used to access important accounts and platforms.
- Hacking, involves fraudsters gaining unauthorised access to a victim’s technological device(s) and their data with the intent of using such to gain access to passwords, confidential information and even to impersonate the owner of the device.
- Ransomware, can often also follow hacking or where cybercriminals use malicious software to attack the victim’s devices and block access and systems until a ransom payment is made to the criminals.
- Electronic funds transfer fraud often involves fraudsters either initiating or redirecting a money transfer, with the fraudster generally providing instructions to a financial institution or intermediary, posing as the victim or another relevant third party, and instructing payment of funds to the fraudster.
- Social media profile cloning, where the fraudsters create a fake social media profile, using the victim’s images and personal information to impersonate the victim and try and solicit money or further information from the victim's colleagues or connections.
Although South Africa has promulgated a new Cybercrimes Act 19 of 2020, which amongst other things criminalises cybercrimes, prosecuting cybercrimes is notoriously difficult. This makes prevention better than cure and businesses and individuals should take all reasonable steps to protect themselves and their businesses from falling prey to cyber criminals. Unfortunately, given the highly sophisticated nature of cybercrime and the capability of these criminals, there is no easy fix and the best advice is to remain up to date with security requirements and best practices as well as engage the services of competent technology professionals to help secure your business against attacks.
Additionally, for businesses, current cybersecurity policies as well as regular employee education and training together with information technology security measures are all part of putting a structured environment in place to mitigate the risk of cybersecurity attacks. So don’t be caught off guard or underestimate the prevalence and growing danger of cybercrimes and engage cybersecurity specialists to help ensure your business has the necessary safeguards and frameworks in place.Disclaimer: This article is the personal opinion/view of the author(s) and is not necessarily that of the firm. The content is provided for information only and should not be seen as an exact or complete exposition of the law. Accordingly, no reliance should be placed on the content for any reason whatsoever and no action should be taken unless its application and accuracy have been confirmed by a legal advisor. The firm and author(s) cannot be held liable for any prejudice or damage resulting from action taken on the basis of this content without further written confirmation by the author(s).