The escalating global cybercrime wave has reached a critical point in recent years, and South Africa is not exempt from this peril. The situation demands our immediate attention and swift action.
Government departments and major private corporations like TransUnion, Experian, and DisChem have been victims of cybercrimes, with hackers demanding significant ransoms. These incidents underscore the scale and severity of the cybercrime threat, making it a matter of utmost concern.
In the attacks on TransUnion and Experian, the personal information of over 54 million credit-active people in the country was breached, as hackers demanded a ransom of over $15m in the TransUnion incident. Experian’s case exposed over 700,000 business entities and 24 million personal records. Many similar cases have occurred recently and demand our attention.
In a recent threat report by NETSCOUT, researchers said DDoS attacks across Southern Africa had increased significantly. In the first half of 2024, South Africa was one of the top five most targeted countries in the EMEA region. The researchers said this was due to hackers experimenting with new attacks devised to avoid signature-based detection from IT security experts.
With cyber attackers constantly evolving their methods, the potential consequences of an attack on companies can be devastating. This underscores the need for constant vigilance and preparedness in the face of cyber threats, making it clear that proactive measures are not just beneficial but necessary.
Cyber attackers continue to diversify their approaches, using bit-and-piece attacks to bring down target networks and infrastructures. SA’s technology landscape has become a testing ground for black hat hackers, where they can experiment with new attacks and techniques before launching them on their target end-users, making it a breeding ground for cybercrime.
Cybercrime has recently become increasingly popular in South Africa. According to the worldwide cyber security firm Kaspersky, South African organizations experienced an average of 19 cyber incidents in the past year. Globally, Kaspersky detected an astonishing 467,000 malicious files daily in 2024—a 14% increase from the previous year. In South Africa alone, 34.2% of users reported encountering web-borne threats. The financial sector, in particular, is under siege; banking and financial malware saw a surge of 34% compared to 2023.
Trend Micro’s biannual cyber security research has warned that South Africa is a haven for cybercriminals, ranking among the top 30 most targeted nations for malware attacks. In 2024, according to global cybersecurity company ESET’s biannual Threat Report, South Africa will be the most targeted country in Africa for info stealing and ransomware attacks.
Trend Micro has disclosed its remarkable efforts in thwarting over 86 million email threats, nearly four million malicious URLs, and more than 4,000 malicious mobile apps targeted at South African businesses and consumers during the first half of 2023. In 2024, according to global cybersecurity company ESET’s bi-annual Threat Report, South Africa will be the most targeted country in Africa regarding info stealing and ransomware attacks.
South Africa’s technology landscape is nearly equivalent to other countries, allowing black hat hackers to use it as a testing ground for cybersecurity attacks before launching them on their target end-users.
But the threat is evolving rapidly. Today’s cybercrime ecosystem is bolstered by organized crime syndicates and state-sponsored groups that leverage sophisticated tactics such as AI-generated deepfakes, multi-stage phishing campaigns, and ransomware-as-a-service (RaaS) platforms. These attacks are highly targeted and often rely on stolen credentials and social engineering — making traditional signature-based defenses obsolete. In addition, threat actors now use automation to identify vulnerabilities and launch attacks at scale.
Beyond the financial damage, the reputational fallout can be catastrophic. Customers lose trust, partners question reliability, and legal scrutiny increases — especially under compliance regulations like the Protection of Personal Information Act (POPIA). Recovery can take years, particularly for institutions that deal directly with consumers in retail, finance, and healthcare.
Public sector institutions in South Africa, often burdened by outdated IT infrastructure, are especially vulnerable. Many are still running on legacy systems not designed with cybersecurity in mind. As a result, attackers see them as easy entry points. A breach in one department could compromise interconnected systems, leading to a domino effect across government services. This makes cybersecurity a national interest, not just a technical issue.
This has always been a tricky topic; it is like paying to release your hostage from a terrorist. Should you do that? Can you compromise the life of hostages?
If a company has proper processes, procedures, and guidelines and follows cyber security standards, it should be easy for them not to pay if something happens. In the case of a potential ransom attack, police discourage companies from paying the ransom as it encourages continued criminal activity.
It is always recommended to contact a professional incident response team, law enforcement agency, and regulatory agency before talking to an attacker.
“So, the choices businesses have are – to prepare a cyber security strategy or pay for ransomware?“
For example, if a server is encrypted and the organization has a proper backup on a different platform, it can always rebuild the systems without paying a ransom.
For hackers, though, ransomware is a viable and profitable business model that puts all companies using technology at risk.
Ransom payments are often easier and cheaper than restoring from a backup. On the other hand, supporting an attacker’s business model only leads to an increase in ransomware, which is a caution we need to work with.
Beyond backup strategies, the human layer is often overlooked. Most breaches begin with human error—clicking on a phishing email, using weak credentials, or sharing information unknowingly. Regular cyber hygiene training and employee awareness campaigns can help minimize these attack vectors. Adopting multi-factor authentication (MFA), endpoint detection, and zero-trust network models can improve organizational resilience.
While large organizations are constantly threatened, small and medium enterprises (SMEs) are not spared either. They are increasingly targeted due to their typically weaker cyber defenses and lack of internal expertise. Many SMEs mistakenly assume they are too small to be noticed by hackers, but to cybercriminals, they represent low-hanging fruit. Cybersecurity-as-a-Service (CSaaS) offerings and government-backed security programs can play a key role in safeguarding this segment of the economy.
Another pressing issue is the glaring shortage of cybersecurity talent in the country. Many firms find hiring and retaining professionals capable of anticipating and responding to advanced cyber threats challenging. There’s a growing need for investment in cyber education and certifications, starting from secondary schools to universities. By fostering partnerships between government, academia, and the private sector, we can build a robust talent pipeline equipped to handle future cyber challenges.
Organizations should also embrace real-time threat intelligence platforms, which offer early warnings and shared insights on evolving tactics used by attackers. Additionally, cyber insurance is emerging as a tool for risk mitigation. While it shouldn’t replace proactive cybersecurity measures, it can help organizations recover from the financial damage of a breach — provided they meet baseline requirements like encryption, patching, and logging.
Ultimately, South Africa needs a holistic and coordinated National Cyber Resilience Strategy. Such a strategy should focus on building sector-specific response frameworks, mandating threat reporting, funding digital forensics labs, and running public awareness campaigns. Cybersecurity is no longer a back-office IT issue – it is a boardroom priority and a societal responsibility.
Amritesh Anand – Vice President & MD, Technology Services
Blog Highlights
Surge in High-Profile Breaches: Recent attacks on major enterprises have exposed millions of records, revealing the growing sophistication and scale of cybercrime across sectors.
Cyber Threats Are Rapidly Evolving: From ransomware-as-a-service to AI-driven phishing, attackers are leveraging new-age technologies, making traditional defenses increasingly ineffective.
Small Businesses Are Not Immune: SMEs are frequently targeted due to limited security resources, highlighting the need for affordable and scalable cybersecurity solutions.
Call for a National Cyber Strategy: The rising threat landscape demands a unified response—public-private collaboration, regulatory readiness, and workforce development are now critical.
Other Blogs from In2IT
The Machine Learning Shift: Quiet, Bold, Inevitable
Machine learning (ML) has become a foundational technology shaping both our personal and professional lives. From spam filters and voice assistants to fraud detection and predictive maintenance, ML is delivering real-world value across sectors. Businesses are leveraging it to drive efficiency, personalization, and strategic insights. However, successful ML adoption requires high-quality data, the right tools, cross-functional collaboration, and ongoing model governance. As ML applications expand into cybersecurity, healthcare, and agriculture, it’s clear that this isn’t just a trend—it’s a long-term capability essential for innovation and agility.
Optimizing Costs and Enabling Growth in the Tech Era
Staying competitive in today’s fast-paced business environment means embracing technology not just for efficiency, but for strategic growth. This blog dives into how AI, automation, and cloud solutions empower organizations to streamline operations, reduce costs, and drive smarter decision-making. It explains the growing role of low-code platforms and RPA in democratizing innovation across teams. The piece also highlights how predictive analytics and AI personalization are unlocking new revenue streams. With a strong focus on agility and cybersecurity, it emphasizes why businesses must evolve their IT strategy. Lastly, it explores how third-party IT providers are enabling companies—especially SMEs—to scale securely and cost-effectively.
Multi-Factor Authentication: A Must-Have for Businesses
As cyber threats grow more sophisticated, Multi-Factor Authentication (MFA) has become a vital component of business security. By requiring multiple forms of verification, MFA greatly reduces the risk of unauthorized access—even when passwords are compromised. It plays a key role in preventing data breaches, ensuring compliance with global data privacy regulations, and reinforcing customer trust. MFA also supports secure remote work environments, protecting access across devices and locations. From finance to healthcare, implementing MFA is now a strategic necessity, not just a technical upgrade. With the right tools and guidance, organizations can strengthen their cybersecurity posture and stay ahead of evolving threats.
The Future of Channel Partners in Cloud Transformation
The evolution of hyperscale cloud computing is redefining the role of channel partners. No longer limited to traditional reselling, partners are now strategic advisors offering hybrid solutions, vertical expertise, and managed services. With cloud adoption accelerating, new revenue models like subscriptions and consumption-based billing are helping partners ensure financial stability and scalability.
However, navigating multi-cloud environments and addressing compliance concerns remain critical challenges. By embracing Security-as-a-Service, upskilling their workforce, and collaborating with hyperscale providers, partners can stay agile and competitive. This shift is not just about technology—it’s about building long-term value and enabling digital transformation for clients.
About In2IT
We are a fast-growing leading authority in IT Consultancy, Cloud Computing, Managed Services, Application Development and Maintenance, and many more. We have a keen eye for building solutions with new-age technology and ensure our clients get the best in technology and continue their onward journey of success.
