Cybercrimes Act aims to prompt probes
Criminals are taking advantage of negligence and weak control systems in South African organisations to mine sensitive data, with cyberattacks on the rise.
But the government and companies can no longer sweep cyberhacking incidents under the carpet, thanks to the Cybercrimes Act of 2020. The Act forces organisations to report cyberattacks so authorities can investigate.
Along with the Protection of Personal Information Act of 2020, the cyber law is key in the fight against mobile device and internet offences.
Director of the University of Johannesburg’s Centre for Cyber Security Basie von Solms said online security was becoming as important as personal security. He said companies were beginning to take data security seriously and in some instances, encourage end users in the company, such as an administrator, to become anti-hacking “soldiers” in and outside the work space.
“The criminals are getting more clever, prompting companies to get employees to be vigilant, because in most instances organisations are attacked through hacking of just one device owned by an employer or even a supplier.”
In the case of Dis-Chem’s data breach last week, the company was attacked via a supplier through whom criminals were able to access Dis-Chem’s data.
“Subcontractors, suppliers… SMMEs actually are targeted because they have less money and no proper skills compared to big companies to implement proper data security.
“The criminals are able to easily access small businesses’ systems and take it from there to attack the richer and big companies they work with.”
Credit bureau company TransUnion SA was also hit by hackers in March. The criminals accessed 54 million personal records and demanded a R224 million ransom. The hackers did this through the misuse of an authorised client’s credentials. Another credit bureau, Experian, was also targeted recently in a similar fashion.
Last year, work at the Office of the Master of the High Court and court proceedings countrywide ground to a halt after a ransomware attack at the department of justice.