Modern businesses and even government entities still treat cybercrimes as petty vandalism that will go away while hackers are getting smarter and attack collaboratively for more impact.
“Cyber criminals are not sitting alone in a basement somewhere. These are organised business operations and run with the same ruthless discipline you’d expect from any commercial firm. They build strategy, pick an ideal ‘customer’, hone a go-to-market, and when a formula works, they scale it and repeat it,” said John Mc Loughlin, a cybersecurity expert and CEO of J2 Software.
Last week, Sowetan reported that the Office of the Tax Ombudsman was investigating a staggering 16,000 cases of SA Revenue Service (Sars) e-filing profiles hijackings that has seen taxpayers lose their tax returns to cyber-fraud criminals. The number of hijacked profiles has ballooned as criminals adapt tactics to breach the tax authority’s platform. This raises concerns about the security of taxpayers’ information with Sars.
The Ombudman started its investigation last year after hundreds of complaints it received. Also, last year, a Sandton-based IT firm lost about R20m after its e-filing profile was hijacked.
Loughlin told Sowetan that modern business must stop treating cybercrime as petty vandalism and rather build resilience across the primary areas of digital risk.
“Today’s attackers behave like corporate actors: they research markets, identify profitable verticals, build playbooks and scale the ones that work. Ransomware-as-a-service democratised access to criminal tooling; the current step is consolidation and specialisation.
“Some groups now specialise in initial access and reconnaissance, others in encryption and extortion, and still others in reputation-damaging data leaks. When these players co-operate, the result is a modular criminal supply chain that is faster, more effective and ruthlessly economical,” explained Loughlin.
He said such crimes change the economics of defence.
“The marginal cost of launching an attack can be tiny; the marginal gain for a successful criminal operation is enormous. Add automation and generative AI into the mix and you have tooling that reduces the technical bar for complex campaigns while increasing their speed and scale,” he said.
Private investigator Rick Crouch said SA is one of the countries prone to cybercrimes and that at least 70% of its residents had fallen victim to cybercrime and other risky behaviour, compared to 50% globally.
“In South Africa, we have become a target of cybercrime because these criminals not only know that our law enforcement agencies are not equipped to detect and fight cybercrime, but they also know that we are very lax when it comes to securing our devices and have that ‘it will never happen to me attitude’,” said Crouch.
In South Africa, we have become a target of cybercrime because these criminals not only know that our law enforcement agencies are not equipped to detect and fight cybercrime, but they also know that we are very lax when it comes to securing our devices and have that ‘it will never happen to me attitude’
— Private investigator Rick Crouch
Loughlin advised businesses to stop buying point products and start building resilience with a business mindset.
“Resilience begins with a simple pivot: measure success not by whether an attack was prevented – because some will get through – but by how quickly you can recover and how little business disruption you suffer. That pivot translates into a program that treats digital risk across five operational pillars: users, email, data, machines and the internet.
“Make each pillar accountable, measurable and testable. Invest in user behaviour visibility and least-privilege practices; deploy layered email defences and phishing response playbooks; ensure immutable and regularly-tested backups and recovery runs,” said Loughlin.
He said more importantly, harden and segment machines with containment-first controls and maintain continuous external-facing visibility to spot access brokers, leaked credentials and unusual exposures before they escalate.
“Here’s the uncomfortable truth: organisations that treat cybercrime as an IT checkbox will be the highest-value targets. Attackers chase return on investment the same way any business does. If your systems present a predictable, profitable target, you’ll receive attention,” said Loughlin.
SowetanLIVE
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.