Cybercrime has become a national crisis, said South African Centre for Information Security CEO Beza Belayneh on Tuesday, equating the scale to that of South Africa’s prevalent HIV/Aids pandemic.
Speaking at a Neotel/Mail & Guardian business breakfast, he said that South Africa had ranked the third-most “fished” country in the world, and was open to attack in a well-connected society.
“Cybercrime is no longer a criminality, it is a national crisis,” he said, adding that this was an event that should bring together all the Cabinet Ministers, banks and consultants, besides others.
“Governments are hacked, police websites are hacked, banks are losing millions – the statistics are that South Africa loses R1-billion a year, and it now threatens human life,” he said.
The International Telecommunications Unions attributed losses of about $100-billion a year worldwide to cybercrime.
Everyone was affected and the data breach was growing, he said, citing reports over the past several months of hackers increasingly gaining access to private companies’ and government websites, the most notable being the South African Police Service (SAPS) website last month.
SAPS had commented that the information published by international “hacktivist” group, Anonymous, in response to the massacre of 34 protesting miners at Marikana, was already in the public domain and that no important case information was compromised.
Anonymous had revealed the names and details of the whistle-blowers.
State Security Minister Siyabonga Cwele affirmed that the nation, along with the rest of the world, was “vulnerable” to cybercrime, and that the government was progressing a cybercrime policy aimed at mitigating the challenge.
The high incidence of cybercrime in both the private and public sectors, particularly within a relatively small economy, was worrisome, and required a comprehensive framework.
“We currently have an uncoordinated response [to cyberthreats] as a nation, as a whole,” he said.
The much-delayed Cybersecurity Policy would be published by August for public comment.
Cabinet approved the proposed framework last year to combat cyberwarfare and cybercrime; deal with national security threats in cyberspace and develop, review and update existing substantive and procedural laws to ensure alignment.
A National Cybersecurity Committee would oversee the implementation of the policy, while the Department of State Security would accelerate an “awareness” drive.
The aim was to create widespread awareness of cybercrime, to ensure citizens and public servants were enabled to respond to threats quickly and report the crime, and to enable the government and private sector to assess the scale of the attacks and formulate appropriate prevention plans.
“A challenge … is that people [from State departments or companies] keep quiet and count their costs. They need to be vocal and report the incidents ... so we can try and find ways of preventing [further breaches] and alert other countries [of the threat],” Cwele added.
He commented that a Cybersecurity Hub would be established within the Department of Communications in the near term to pool public- and private-sector threat information and process and disseminate information to relevant stakeholders in the industry and civil society.
Cwele, along with the other panellists, stated that government could not combat cybercrime on its own, and greater collaboration, as well as upskilling and public awareness would be essential as the country moved to eliminate the threats.
Belayneh added that South Africa should follow the lead of the US, which admitted it could not defend cyberspace on its own and called on all hackers to aid the nation.
Government should open its arms and invite the academia, private sector, cyberwarriors or defenders, besides others, to partner it. This would enable the country to assess what cyberskills the country had and tackle the multidimensional challenge of cyberattacks and threats.