Cybercrime in South Africa has increased exponentially over the past few years, with a recent study showing that the country now ranks fifth in the world in terms of cybercrime density, which has increased by 8% from 2021 to 2022.
Cybercrime density refers to the percentage of cybercrime victims among a specific number of internet users. According to research by Surfshark, in South Africa 56 out of one million internet users were reported to have fallen victim to cyberattacks between 2021 and 2022. This puts us behind the UK, the US, Canada and Australia.
“Cybercrime remains rampant in South Africa, and global trends confirm that we face and suffer the same risks and threats as other countries around the world. Unfortunately, cybercrime is a global phenomenon, and we are by no means immune to it,” says Ryan van de Coolwijk, Product Head: Cyber, at iTOO Special Risks.
He notes that over the past 12 months, there has been a further evolution of threat actor tactics in the form of “data theft only” extortion events, such has been the success of these cyber extortion attacks that in an increasing number of instances the hackers do not bother deploying encryption malware before leaving the network.
“This change in tactics and effectiveness in getting companies to pay the ransom under threat of publishing the data, highlights the reputational risks and potential impact to affected parties in having their sensitive data up for sale,” says van de Coolwijk.
“It could also be that once a system is encrypted, it results in operational disruption that requires the target organisation to communicate the incident at least to its staff and often also to external stakeholders.”
In some circumstances, he says, this could lead the targeted organisation to become less willing to pay on the basis that the event is already in the public domain. Cybercriminals may well be counting on the fact that victims will be more likely to pay a ransom on the basis that the event can be managed quietly.
At the same time, ransomware attacks are on the increase again in South Africa, in line with global trends. Between July 2022 and June 2023, ransomware accounted for the majority – 31.2% – of all incidents reported to the European Union Agency for Cyber Security (ENISA).
Join us at the African Insurance Exchange, as we celebrate 50 years of innovation, collaboration, and excellence in the insurance industry.
For more information on how to make special risk insurance less risky, visit sasria.co.za
“This is also the most expensive claim type we see in the South Africa context, with regularly reported ransom demands exceeding R10 million and demands are particularly high when data has been stolen from an organisation,” says van de Coolwijk.
“We have also noted that ransomware incidents are becoming more damaging and difficult to recover from – with organisations now running the increased risks of a greater amount of people being impacted by the data that has been lost or stolen.”
He points out that attackers are becoming increasingly innovative, and that the ransomware business model continues to evolve. Typically, when threat actors identify a potential obstacle to their usual attack flow, such as when organisations become more cyber resilient, they simply pivot their strategies to remain effective.
“The rise in data-theft-only extortion events and decline in encryption is a perfect example. However, encryption events remain prevalent.” says van de Coolwijk.
But he cautions that before making any ransom payment, it is crucial for organisations to thoroughly assess the risk of violating applicable sanctions and criminal laws. This necessitates taking reasonable precautions and ensuring that appropriate checks and due diligence screenings are carried out prior to making a payment.
From iTOO’s experience, van de Coolwijk points out that the top reasons why organisations pay ransoms include:
- If backups are not available and the decryption key is essential to unlock encrypted data and systems to mitigate business disruption,
- To confirm the scope of compromised data ahead of a data publication event and support targeted notifications to affected individuals,
- To prevent the publication and wider misuse of personal information about individuals,
- To avoid adverse publicity associated with incident details in the public domain and limit undue alarm and concern to stakeholders,
- To protect the dissemination of otherwise commercially sensitive or other protected information; and
- To stop hackers from engaging in escalated activities including secondary extortion tactics against other businesses and individuals.
“South Africa has become a target of cybercrime scuppering the ability for companies to focus on growth and seizing the ability to leverage the opportunities more digital environments can bring, hackers know that many organisations are still not fully protected against increasingly sophisticated attacks,” concludes van de Coolwijk.