Zaheer Ebrahim, Cyber Security Consultant at Trend Micro.

South Africa ranks among the top 30 most targeted countries for malware attacks and top 20 for COVID-19 -related email threats, according to Trend Micro’s biannual cybersecurity report, The Attacks From All Angles 2021 Mid-year Cybersecurity Report.

In a virtual presentation of the research, Zaheer Ebrahim, Cyber Security Consultant at Trend Micro, examined South Africa’s vulnerabilities to encourage increased cybersecurity defence measures amidst a 47% year-on-year increase in cyber threats globally.

The report highlighted a 47% year-on-year increase in email threats as well as malicious files and URLs in the first quarter of 2021 globally.

The research identified vulnerabilities across various device types and operating systems, illustrating an increasing need for a holistic and scalable cybersecurity solution at government, organisational and individual level that covers all angles of their security needs.

South Africa’s technology landscape is almost identical to that of other countries, which has seen black hat hackers using it as a testing ground for cybersecurity attacks before these are launched on their intended end-users.

Globally, ransomware remained the standout threat in the first half of the year. The pandemic has highlighted how easy it is to buy ransomware as a service (Raas) on the dark web.

Africa accounted for 1.7% of these attacks, with 1.05% being targeted at South Africa.

The company’s research also found that locally, South Africa was in the top 30 countries in the world (#27) to be targeted by malware attacks, and in the top 20 (#19) to fall victim to email threats related to Covid-19. The latter was also off the back of a 4% global increase in Business Email Compromise (BEC) attacks.

Until recently, cybersecurity was considered a rather expensive operational cost by many South African companies, however the rise in security breaches has highlighted the value of its cost- and time-saving capabilities, according to Trend Micro.

Cybersecurity spend among Trend Micro’s customer base in South Africa has increased by between 30-40% year-on-year, alongside an uptick in new customers.

“We expect to see the maturity of these customers increase sharply in the coming year because it's no longer a case of if you are going to fall victim to cybersecurity breaches, but rather a case of when,” the company added.

Traditional perimeter security disappeared

Trend Micro said pre-pandemic, when most of the workforce was office-based, it was easier to secure endpoints and a company’s datacentre. Traditional perimeter security has disappeared.

“It is now found wherever your workforce is located – at their homes, in hotel rooms, coffee shops or co-working spaces. Now, the task requires moving workloads to the cloud and securing every employee, their homes and personal mobile devices, all of which have become companies’ new datacentres. This has seen Virtual Private Networks (VPN) usage reached an all-time high in 2020. However, this sudden shift to the cloud and global reliance on VPNs has also seen an increase in phishing emails that appear to come from IT asking for admin login credentials, fake installers embedded within malware and malicious link baiting,” the company continued.

IT security experts at the company have emphasised that while the transition from on-premise to cloud-based working platforms has made virtual patching invaluable, it remains a very big challenge within the South African context that requires urgent attention.

“Much like a plaster that is placed over a wound, virtual patching allows the cybersecurity team to secure the company’s identified vulnerabilities, while the COS team restarts their servers and machines post update,” the company stated.

Trend Micro also highlighted the role of Security Operations Centre (SOC) teams in their effort to combat threats, particularly because of the increase in frequency and sophistication.

SOC teams must streamline their security processes without sacrificing reliability, the company explained.

“One way to do that is through Endpoint Detection and Response (EDR), which continually monitors and responds to mitigate cyber threats. EDR acts like a CCTV camera that records all the activities that occur at an endpoint. While it might not be able to prevent a cybersecurity threat, it can playback the breach to strengthen cybersecurity retrospectively and secure any vulnerabilities from future attacks.

Another approach is the Zero Trust model, which recognises that trust may be a vulnerability. It only authorises selective access to employees and devices based on the least required access that is needed to perform tasks to prevent cybersecurity threats.”

Trend Micro believes it is vital to consider the people, process and technology tri-factor upon which cybersecurity is built.

Despite having access to the latest cybersecurity technologies and an internal COS team that is supported by a third party cybersecurity suppliers, buy in and know-how from the employees within the organisation is key.