South Africa Must Pay More Attention to Cybercrime

Efforts such as the South African Police Service’s (SAPS) recent ‘Safer Festive Season’ campaign may have increased public awareness of threats such as armed robberies and cash-in-transit heists, but how many South Africans considered their vulnerability to cybercrime during the recent holiday season?

Internet penetration in the country is rapidly increasing. According to recent reports, the City of Tshwane intends to provide free Internet access to residents so that ‘every household, every street and every corner’ has Wi-Fi connectivity. Across South Africa, the use of mobile devices with Internet access has grown exponentially. People are using the Internet to engage in social and political activity, access government services, purchase goods and services and also to conduct financial transactions. According to a research survey conducted by First National Bank and Rand Merchant Bank’s eBucks rewards programme, more South Africans would have purchased holiday gifts online during this festive season than during previous years.

While the increased reliance on the Internet offers many benefits, it also provides new opportunities for criminals to exploit cyber-security vulnerabilities. This has become a significant problem in South Africa. The US Federal Bureau of Investigation (FBI) listed South Africa as sixth most active cybercrime country in the world and informal consensus places it third behind Russia and China. At one cyber-security forum last year, information security consultant Beza Belayneh noted that cybercrime in South Africa is a crisis that the government should respond to in the same way that it has responded to the HIV and AIDS pandemic.

A recent study by Wolfpack Information Risk found South Africa’s annual loss resulting from cybercrime in three sectors to be R2.65 billion. While comprehensive statistics are not currently available, examples of recent high-profile incidents confirm that cybercrime is a growing and significant problem in South Africa. For example, a criminal syndicate reportedly used malware known as ‘Dexter’ to attack a wide range of local retailers and steal tens of millions of rands. The malware was used to intercept payment details from point-of-sale terminals and create fraudulent duplicate cards.

Given the current threat landscape, South African policymakers should develop a cogent and multilayered response to cybercrime. Such a response begins with the government allocating clear cyber-security roles and responsibilities to particular entities. The Cabinet took a step in that direction by approving the Cyber Security Policy Framework on 11 March 2012, which identifies areas of responsibility for governmental departments and tasks the State Security Agency with overall accountability for the development and implementation of cyber-security measures.