South Africa Second Most Targeted Cybercrime Country

Posted August 8, 2018
Written by Mark Heyink
As South Africans the incidence of crime and even violent crime reported in our media daily has caused us to some extent to be numbed to the devastating effect it has on our country and the victims of these crimes. At one level this is a perfectly understandable defence mechanism. If we were to react otherwise we would spend our lives in outrage. Similarly, the well-publicised and in many cases undeniable, corruption and fraud perpetrated by politicians and administrators in government is also in our face on a daily basis. The magnitude of the greed which has motivated senior politicians and administrators to “sell our country” is beyond the comprehension of most citizens. It is also an indisputable fact that the failure of governance, to the extent of the ruling party has protected its leaders for political ends, has contributed significantly to the lack of accountability and the flaunting of the rule of law that has allowed our economy to be plundered for the benefit of an elite few.

In this regard the Global Economic Crime and Fraud Survey 2018 – Sixth South African Edition-- published by PWC and available at https://www.pwc.co.za/en/assets/pdf/gecs-2018.pdf makes enlightening reading. The report highlights many of the issues important to the combatting of fraud generally but that apply equally in approaches that we may take to protecting personal information and combatting cybercrime.

In the first instance South Africa ranks number 1 in the top 10 countries reporting most economic crime, the incidence of 77% of organisations being adversely affected by fraud. Dealing with the category of cybercrime, South Africa ranks second in the world and the headline provided by PWC is “Surprisingly, while the instances of reported cybercrime shows a small decrease in the South African context, it retains its second place in the global rankings, albeit at a lower rate of occurrence than 2016”.

Looking to the future, the report states “... more than a quarter of South African respondents (26%) believe that cybercrime will be the most disruptive economic crime to affect their organisations over the next 24 months.” This is extremely significant and the report poses the question “In light of investigating fraud costing up to 10 times as much as the fraud itself, potentially amounting to millions of Rand, are we not still being too reactive?” The answer to that question lies to some extent to the attitude taken by boards and senior executives to the protection of personal information and compliance with legislation in this regard. Very often the “tone at the top” referred to by PWC consists of the “right words”. Once that veneer is scratched the failure to act on those “rights words” belies the true motivations of C-suite and senior executives. We have seen in many other countries the damaging effect reported breaches of personal information may have on a company. Indeed, recently the Liberty Life hack resulted in a sharp drop in the share value of the company. This reinforces what PWC are saying and in the light of bad behaviour being discovered “... both company and leadership could lose much of their goodwill faster than they acquired it.”

The reaction of Liberty Life in controlling the damage of the discovery of the hack it to emphasise that there was no financial loss to clients. This deflected from the fact that it failed miserably in protecting sensitive personal information of its clients. As the raw material of cybercrime is personal information, their seeming disregard for the other consequences of the hack by Liberty is quite astounding. The generalised and vague answers to clients’ questions and its reluctance to provide the specifics about the personal information that may have been affected, to which clients have a right, simply reinforces the subordination of the clients’ constitutional right of privacy to a lesser consideration than maximising financial results. This is contrary to the Twin Peaks model that the financial sector claims should be the measure of a company’s actions.

A similar instance occurred with Standard Bank and the credit card fraud perpetrated against it. Aside from a reported R300 million loss and the fact that the bank’s clients did not suffer any loss, we know nothing more. What actually went wrong? To what extent may their clients have been indirectly compromised? These are questions that would be answered had the implementation of the Protection of Personal Information Act had not been patently delayed by the powers that be and an independent Information Regulator been operationally functional.

The question for organisations in South Africa relating to the protection of personal information and combatting cybercrimes is, will they follow the example of the ruling party’s failure in governance and its reluctance to act against senior politicians and officials resulting in enormous damage to the South African economy at the expense of South African citizens? Or will they act proactively, take responsibility and be accountable for how the organisations protect personal information and combat cybercrime? It is a choice to act properly and lawfully or by failing to do so, to aid and abet criminals that may attack your customers. As PWC observes: “Your customers are the lifeblood of your business. As business models continue to evolve through the digital revolution, many are getting exposed to payment fraud for the first time. How you handle that fraud will profoundly affect your own outcomes.”

©Mark Heyink 2018

www.privacyonline.co.za

Subscribe
Unsubscribe  
news
  • 08 August 2018 - 13:41:00
    On the 25th July 2018 as a result of announcements that were made by Facebook relating to its future revenues the market value of Facebook dropped by US$ 148 billion (or R1,95 trillion). This is almost half of South Africa’s total GDP in 2016.

    While there may be several reasons for the decline in Facebook’s revenue which led to the sell-off of shares, one of the three primary factors for the decrease in projected profitability of Facebook is the focus on privacy and security

  • 08 August 2018 - 13:36:00
    As I wrote in a previous article, South Africa according to the PWC Global economic crime and fraud survey of 2018 suffers the second highest number of cybercrimes of all the countries in the world. While I have no statistics to support this I would suggest that internet banking fraud must rank as one of the primary attack vectors for cybercriminals.

    The Ombudsman for Banking Services of South Africa (Ombud) reported that for the first time in 2017 internet banking fraud was the category of crime that was most prevalent of the disputes that the Ombud has been requested to deal with. No less than 1377 internet banking complaints were closed by the Ombud in 2017. It is clear that significantly more citizens are victims of internet banking fraud as not all of the matters have been referred to the Ombud.