Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Not enough businesses take cybercrime seriously

Issue 1 2025 Information Security

By Ivan Jardim, Account Manager at Insight Consulting


Ivan Jardim.

Interpol recently revealed that cybercrime, specifically ransomware incidents, cost the South African economy up to 1% of the country’s GDP, while the Council for Scientific and Industrial Research estimated the loss at R2,2 billion a year. At the end of last year, it was revealed that South Africa was hit by 2679 reported cyberattacks in the past two years, but that only 83 were passed to the National Prosecuting Authority (NPA) because of capacity constraints, with a shortage of more than 150 cybercrime detectives.

This paints a grim picture for South African businesses, who clearly need to do all they can to protect themselves. Cybercrime is not treated urgently enough by many businesses in this country. Here’s a look at the state of the nation regarding cybercrime and how businesses could improve their prospects of remaining protected:

Lack of awareness and proactive measures

Despite alarming headlines about the cost of cybercrime or high-profile ransomware cases that make the news, there is just not enough awareness about how serious the problem is or how close to home it is. Many South African businesses are more focused on day-to-day operations, or even survival, rather than investing in proactive cybersecurity measures.

This is because many businesses operate under the illusion that they are safe. They have a false sense of security that emanates from relying on basic digital hygiene, such as passwords and biometric recognition, to access their devices. More businesses must understand the extent to which their data and activities are being accessed, exploited, and shared, even through seemingly innocuous actions like connecting to public Wi-Fi networks.

The facts are clear and unambiguous. In a global environment where cybercrime is surging, and where South Africa is an open playing field for criminals, there absolutely needs to be an investment in proactive and agile cybersecurity measures.

AI’s impact on cybersecurity

Cybercriminals are not just people who wake up one morning and decide to take a chance on a quick win. They are highly organised cartels of criminals who use increasingly sophisticated means to achieve their goals. Cybercriminals are increasingly leveraging generative AI to create highly sophisticated phishing attacks. They are using AI to exploit vulnerabilities in South African businesses.

AI is making it easier for attackers to target business insiders to gain access to systems, giving them the ability to get right through basic security measures like passwords or facial recognition. This is a huge threat, and compared to their counterparts in other markets and regions of the world, local businesses often lack the necessary cybersecurity awareness and infrastructure to detect and respond in time to AI-powered attacks. AI can and should be leveraged as a defence against these sophisticated attacks.

Exploiting South African vulnerabilities

For example, a local business that was hosting its customer systems on a local internet service provider suffered a major performance degradation as a result of cyberattacks. What the business did not anticipate when hosting with the ISP was the relentless hacker bot attacks on the ISP's infrastructure, which then severely impacted the business’s own operations. This shows that criminals specifically target South African businesses and their supporting infrastructure.

South Africa’s banking and financial services industry is highly competitive and innovative, and ironically, this has put a target on the backs of businesses in these sectors. Innovation is prime real estate for cybercriminals who seek to exploit the latest technologies and data-driven business models.

The attack that is detected too late

Cybercriminals are professionals at would be easier to detect. A growing trend is where the initial attack occurs a long time, sometimes months, before the actual ransomware event.

This makes it extremely difficult for businesses to recover their data – even with robust backup systems. The wake-up call for local businesses is that these sophisticated, long-term attacks are particularly prevalent in the South African context, where many businesses do not have the necessary security infrastructure to detect and respond to attacks in a timely manner. Criminals know this, so they play the waiting game.

More education and awareness

The first big education job needs to happen at an executive level. South African business decision-makers need to become acutely aware of the state of the cybersecurity landscape, and just how vulnerable their businesses really are. This is critical to avoid businesses carrying on as usual under the illusion of security.

South African employees, too, have shown themselves to be easily tricked into providing sensitive information or granting access to systems, even in the face of basic security measures. Factor in generative AI that can make attacks seem more believable than ever before, and the problem is compounded. Yet, organisations tend to rely on the trustworthiness of their employees and the perceived safety of their devices.

South Africa plays in the same digital arena as the rest of the world, but South African businesses are not exposed to the same level of awareness and education as in other regions. Attacks that could be thwarted easily in other markets, are often successful on these shores. This makes us an attractive target.

The need for a holistic cybersecurity strategy

One would never find a physical business with valuable and sought-after stock in South Africa protected only by burglar bars, an alarm system and solid security gate. The same should be true for cybersecurity. It needs to cover all the bases. Businesses need a platform with comprehensive security solutions, 24/7 support, and rapid detection and response capabilities.

Furthermore, the best cybersecurity solutions are brand agnostic, meaning they can integrate with a wide range of existing security infrastructure and devices. Not being tied to particular vendors allows businesses to develop more comprehensive strategies.

Lastly, businesses would do well to seek out platforms and partners that provide advisory services and tailored solutions that address their specific vulnerabilities. A holistic cybersecurity strategy is non-negotiable in an environment where criminals hide deep in a world we cannot see, yet they need to be detected and stopped in time.




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Want effective Attack Surface Management? Think like an attacker.
Information Security
Effective ASM requires companies to think like attackers, anticipate risks, and act decisively to reduce exposure by knowing their environment, deploying a structured approach, leveraging capable tools, and addressing both internal and external risks.

Read more...
The growing role of hybrid backup
Infrastructure Information Security
As Africa’s digital economy rapidly grows, businesses across the continent are facing the challenge of securing data in an environment characterised by evolving cyberthreats, unreliable connectivity and diverse regulatory frameworks.

Read more...
POPIA non-compliance puts municipalities at risk
Information Security Government and Parastatal (Industry)
Digital responsibility must go beyond POPIA compliance to recognising that privacy and service delivery are fundamentally linked. Despite this, only 51 out of 257 municipalities submitted their mandatory data protection and access to information reports in 2024.

Read more...
Choicejacking bypasses smartphone charging security
News & Events Information Security
Choicejacking is a new cyberthreat that bypasses smartphone charging security defences to confirm, without the victim’s input or consent, that the victim wishes to connect in data-transfer mode.

Read more...
Most wanted malware
News & Events Information Security
Check Point Software Technologies unveiled its Global Threat Index for June 2025, highlighting a surge in new and evolving threats. Eight African countries are among the most targeted as malware leaders AsyncRAT and FakeUpdates expand.

Read more...
Welcome to the new cyber battleground
Information Security
The Iran-Israel conflict is rapidly redefining modern warfare, pushing the boundaries of cyber capabilities and creating a new, borderless digital battlefield. Fortinet’s CISO, Dr Carl Windsor, offers a critical, in-depth analysis of the escalating tactics and global implications in his latest report.

Read more...
African industries may overestimate cyber defences
Information Security
A significant perception gap exists in security awareness training: 68% of leaders believe training is tailored to roles, yet only a third of employees feel adequately trained. Many organisations only conduct annual or biannual generic training that may not effectively change behaviour.

Read more...
SMARTpod talks to Sophos and Phishield
SMART Security Solutions Technews Publishing Sophos Videos Information Security News & Events
SMARTpod recently spoke with Pieter Nel, Sales Director for SADC at Sophos, and Sarel Lamprecht, MD at Phishield, about ransomware and their new cyber insurance partnership.

Read more...
Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Corporate and academic teams can register for Kaspersky contest
Kaspersky News & Events Information Security
Kaspersky has announced the registration opening for its new Kaspersky{CTF} (Capture the Flag) competition, inviting academic and corporate teams from around the globe to compete in a battle of skill, strategy and innovation.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.