What comes to mind when you hear someone speaking about “cybersecurity”? For many people, the term still brings to mind bespectacled tech geeks from the IT department, huddled together in a dark room with flashing monitors and beeping hardware, removed from the general operations of the business. This stereotype, however, fails to paint an accurate picture of the relevance of cybersecurity today: in an age where any device, from personal computers to digital printers, can be targets for hackers and cybercrime, cybersecurity is more important than ever.
Businesses today are increasingly reliant on technology. According to one survey conducted last year by Brother International Corporation, a tech giant in the USA supplying to the private sector, small business spending on technology has increased by 18% since 2010, and 66% of small business owners rely on mobile devices to manage daily operations. The rise in reliance on technology means that businesses should be proactive with their cybersecurity, with every device connected to the internet serving as a potential point of vulnerability for a hacker to exploit.
Although cyberattacks are less prominent than they were in recent years – according to cybersecurity company SonicWall – they pose one of the greatest threats to businesses, as individual attacks become more severe. The increase in the significance of cybercrime means that cybersecurity professionals are more in demand with every passing year, positioning it as a sustainable career path for the future. Below are 5 examples of recent cybercrime in South Africa that show how cybersecurity is not just an IT risk but a business risk, too, and how this paradigm shift has opened up opportunities for a career in cybersecurity.
Just as recently as a week ago, the website of the National Treasury of South Africa was the victim of a distributed denial of service (DDoS) cyberattack that left the site inaccessible. DDoS attacks flood a website’s servers with fake requests that overload them, making it difficult or impossible to respond actual requests. The perpetrator was a notorious hacker known as @VirusSec on Twitter, who has been responsible for other attacks on government websites in the past.
A website used by South Africans to pay their traffic fines online, ViewFines, was the source of a data leak in the early months of 2018 which exposed the personal records of over 900,000 South African motorists, with the records including ID numbers, e-mail addresses, full names and plain text passwords. The leak is unique in that it was not a breach of data: the administrators of ViewFines stored their backup database online on a public directory on the website for 12 hours while they made changes to the website, which made it an easy target for the cyberattack.
Earlier this year, in June, insurance provider Liberty Life notified its customers that it had experienced “unauthorised access to its IT infrastructure”, two days after the attack itself took place. The data breach, consisting of a compromised email repository, lead to a R1,68bn decrease in the market value of the company. Despite this, Liberty refused the ransom demands of the hackers, and countered the hack with the help of experts. The company did communicate with the external parties involved, but they remain tight-lipped about the exact nature of the attack, which was the biggest recorded breach of a South African financial services provider to date.
Not even one month after the Liberty Life breach, in early July, the website of the Presidency (thepresidency.gov.za) was hacked by a group identifying themselves as Black TeamX. The group attacked the website to display a message on its home page, which read “hacked by Black Team. Sahara is Moroccan. And Morocco is ur Lord!”. It is suspected that the message pertains to a land issue in the Sahara, where South Africa and the ANC have accused Morocco of occupying a Western region recognised as independent.
One of South Africa’s prominent cinema chains, Ster-Kinekor, had their website hacked in 2016 in what was the largest ever data breach in South Africa at the time. A security flaw lead to the leaking of more than 6 million user accounts, including information like names, addresses and plain text passwords.
While the above stories can be unnerving for anyone reading this on a smartphone or computer screen, it highlights how vulnerable one’s privacy really is on the internet, and the public and private sectors in South Africa should heed these stories as “calls-to-action” by strengthening their cybersecurity. Despite this, the Global Information Security Workforce Study estimates that the world will have 1,8 million unfilled cybersecurity roles by the year 2022, making it a field where candidates will be in high-demand. This, combined with more businesses recognising the importance of cybersecurity, makes it a particularly attractive career choice going forward, and should be considered by anyone looking for a sustainable, lucrative and engaging career.