July 15, 2012 by Dan Swinhoe
Following on from our focus on IT security in East and West Africa, we turn our focus onto South Africa. Fighting to become one of the biggest emerging markets, it is struggling with various issues. Rural areas lack proper communications infrastructure, connection speeds are incredibly low, and despite relatively low numbers of internet users it ranks higher than it would like on cyber-crime statistics.
While the number of viruses in the country are relatively high, the good news is that the figures are declining, albeit slowly. The number of worms decreased in the last quarter of 2011 by 0.9%, while trojans were also down. According to Microsoft’s Malicious Software Removal Tool (MSRT) there was malware detected on 8.1 of every 1 000 computers scanned in SA in the fourth quarter of 2011, compared to the worldwide average of 7.1 for the same period. While still unacceptably high, it has been declining steadily all year, so progress is being made.
This report on SA security by WolfPack provides some really useful insight into how businesses approach security.The good news is 93% of companies have tools to capture and report on risks, and around 60% expected a rise in their security budget next year. However some worrying stats show almost a third of companies have no defined cyber forensics process, and over half have problems with budgets, enforcing policy and security, data leakage and lack of commitment from management. The most common incidents on the rise include online fraud with over 20% reporting an increase in the last twelve months, while second was device theft (also rated as decreasing the most).
Pirates & Hackers
While software piracy stands at around half the levels of its BRIC counterparts, around a third of all software is pirated, slightly above the average for Europe and way above the United States. Using pirated software always runs the risk of introducing viruses, and needs tackling if SA wants to improve its security standards. Althoughstudies into piracy in emerging markets have indicated this may be difficult.
Despite the hacking of the ANC Youth Leagues website last year, hacking in general hasn’t quite reached the same levels as other countries (There’s no ‘Anonymous SA’ for example), with an average of one or two major stories hitting the news each year. So far this year’s big hacking story was a cyber-bank robbery on New Year’s Day, where the thieves managed to steal $6.7m over 72 hours. While there are no concrete figures for the cost of all cyber-crime in SA yet, estimates put it in the billions of Rand. And although the number of Phishing attacks on the country are down by 11% year on year, they still run into the millions.
People & Policies
Though this lack of attacks sounds like a good thing, it may be a result of South Africa’s low number of internet users, which makes up around 15% of the population (though growing quickly). There is also a skills shortage in the IT sector, which needs addressing. The World Economic Forum’s Global IT Report said of SA: “Important shortcomings in terms of basic skills availability in large segments of the population and the high costs of accessing the insufficiently developed ICT infrastructure result in poor rates of ICT usage,” despite efforts on the from businesses to integrate IT into the workplace.
Rural areas of the country are especially at risk, after one study found “a large portion of the South African population that has not had regular and sustained exposure to technology and broadband internet access [could] expose local communities to cyber threats. ” According to iC3 figures, SA ranks 7th in the world for cyber-crime, and has hovered around the same position on the list for a good few years. These numbers are surprisingly high for a country with relatively few internet users.
Despite some of the problems, back in Pretoria the government is taking steps to improve security. Its new cyber-security policy aims to create a more secure digital environment through awareness programs aimed at both the public and businesses, better research and skills, and establishing a National Cyber-Security Centre.
In comparison to the other two spotlights on security, South Africa fares well. It has less trouble with hackers and both businesses and governments are taking steps to improve education and protection. But problems with viruses and fraud remain. Strong government intervention should address the latter, and as is addressing the skills shortage that the country faces should help with the former.