With businesses increasingly digitising, Africa – especially South Africa – is becoming a world hotspot for cybercrime.
According to Kaspersky, there was a 24% increase in the number of corporate users affected by web threats – internet-based threats that expose people and computer systems to harm online – from Q2 to Q3 2023 in South Africa.
That said, when comparing Q3 2022 to Q3 2023, there was an 8% decline in the number of corporate users affected by web threats.
Phishing – a type of Internet fraud that seeks to acquire a user’s credentials by deception – also increased 134% between Q2 2023 and Q3 2023 and 16% compared to Q3 2022.
On a continental level, Africa sees some of the highest numbers of detected attacks on industrial control systems (ICS computers), which are used in the energy, mining and automotive industries.
In Q3, according to Kaspersky ICS CERT, there were attacks on 32% of ICS computers in Africa and 22% in South Africa.
There has also been exponential growth in attacks on the Internet of Things (IoT) devices, including wearables, smart home appliances, smart city systems, self-driving cars, automated retail checkouts, and other smart devices for home and business use.
Kaspersky said that cybercriminals use networks of infected smart devices to perform DDoS attacks or as a proxy for other types of malicious actions.
In Q3, South Africa accounted for 28% of attacks on IoT devices in Africa, and Kenya was second with 12%.
“In forecasting the development of the cyberthreat landscape for 2024, we anticipate a dynamic evolution of cyber threats marked by an upsurge in state-sponsored cyber-attacks, and ‘hacktivism’ will become one of the norms of cyber-warfare,” said David Emm, Principal Cybersecurity Researcher at Kaspersky.
“The prevalence of accessible generative AI is set to fuel an expansion of spear-phishing tactics, while the creative exploitation of vulnerabilities in mobile and IoT devices will be on the rise.
“Businesses today should be proactive and counter these cyber threats with advanced technologies such as threat feeds, security information and event management systems, endpoint detection and response solutions, and tools with digital forensics and incident response features.”
Kaspersky recommended the following things that businesses can do to protect themselves:
- Organisations should conduct regular cyber skill checkups among employees and offer competent training.
- Corporate users should be educated on potential privacy risks when working in virtual environments. Organisations should implement best practices in safeguarding personal and corporate data.
- Install updates for the firmware used on digital devices (including virtual headsets) as soon as they become available.
- Use Cyber Immune solutions for IoT protection on corporate networks. Use a dedicated IoT gateway that ensures inbuilt security and reliability of data transfer.