A coordinated cyber attack against Standard Bank last week, which saw the company incur a R300-million loss through fraudulent transactions in Japan, is only the tip of the iceberg according to one expert.

In a statement regarding the incident Standard Bank said it had taken swift action to contain the matter, that the relevant authorities had been alerted and added that amount in estimated loss was prior to any potential recoveries that may serve to reduce the figure.

Henry Peens, Associate Director for Cyber Security at Deloitte says the attack on Standard Bank is a sign that the vulnerability of African businesses of all sizes has yet to be addressed adequately.

"We are completely underestimating the threat to Africa and South Africa at the moment. The fact that we do not have legislation that forces one to disclose cyber attacks does not mean that cyber attacks don't happen. There is a massive problem around cyber attacks and cyber crime and I think it is not only the banks that are under threat as we saw last week because they do their bit to defend against cyber attacks. I think the worst is yet to come. The attack that was focused on the bank last week was not really focused on client data or customer data but rather on the bank, and I think as soon as clients start experiencing cyber crime, the severity will be clearer. There is more to come in the next two to three years if we do not get our ducks in a row."

In the same week that Standard Bank was attacked, its competitor Absa launched ChatBanking, a service which allows customers to conduct banking through their Twitter account.

Peens says while innovations are always welcome, the pressure to innovate is putting business at an even greater risk. "If cyber security cannot evolve with business, then we are going to get left behind. If we cannot enable business then businesses will just carry on with their innovative plans. It is absolutely critical to keep track as businesses innovate due to the threat posed by disruptive technology."

Africa Cyber Intelligence Centre

Peens is part of the team that will launch Deloitte's first Africa Cyber Intelligence Centre in Johannesburg next week.

Three hubs are scheduled for rollout in the next 24 months in South Africa, Nigeria and Kenya.

"We cover the Western, Eastern and Southern region of Africa with the three cyber intelligence centres because we have found that clients would like to have their data reside in that region or country, and they want to visit and see what you are doing with their data to know that they are adequately protected. As Africa becomes more connected, the complexity of the attacks starts escalating and I anticipate that we will have more attacks that originate from Africa."

The Cyber Intelligence Centre in Johannesburg will go live on 9 June and will be part of the Deloitte cyber defence network, and will culminate in 22 connected centres globally.

"We will have a monitoring capability, a vulnerability management service, threat intelligence and we respond with forensic services. We will not only be looking at IT solutions, we will look at OT (operational technology) solutions as well in order to stop attacks from escalating."