With high levels of national cyber crime dominating the headlines in the last few years, the signing into law of the Cybercrimes Act 19 of 2020 is a welcome step in protecting businesses and consumers from cyber criminals. Although the President has yet to give an effective date for the Act, it’s worthwhile staying on top of developments to ensure you know exactly what cyber crime is, and how you’re affected.
What’s the deal with cyber crime in Africa?
A recent Interpol report identifies the most prominent threats in Africa, based on input from Interpol member countries and data drawn from private sector partners.
According to the African Cyberthreat Assessment Report 2021, the top five threats are:
- Online scams: such as fake emails or text messages claiming to be from a legitimate source for the purposes of tricking individuals into revealing personal or financial information.
- Digital extortion: through which victims are tricked into sharing sexually compromising images which are then used for blackmail purposes.
- Business email compromise: where criminals gain unauthorised access to email systems to gather intel on corporate payment systems for the purposes of tricking employees to transfer funds into the criminal’s bank account.
- Ransomware: An attack through which cyber criminals block access to the computer systems of institutions, with the intention of demanding a ransom to restore functionality.
- Botnets: The use of networks of compromised machines that are put to work as a tool to automate large-scale cyberattacks.
What does the Cyber Crimes Act aim to achieve?
This Act aims to protect the public and categorises certain actions as criminal offences. Penalties include a fine and imprisonment of up to 15 years or both for guilty parties.
The Act does this by –
- Creating criminal offences in terms of which offenders can be prosecuted.
- Criminalising the leaking of harmful data messages.
- Establishing a central body to act as a Point of Contact for cyber crimes.
- Assigning the power to investigate and enforce the Act.
- Imposing obligations to report cybercrimes.
The Cybercrimes Act 19 of 2020 specifically address cyber crimes and malicious acts of communication, such as:
- The unlawful access or interception or interference with data or computer programs and systems.
- Cyber fraud, forgery and uttering, extortion and aggravated offenses.
- The distribution of any data message that incites or threatens persons with damage to property or violence, as well as the disclosure of intimate images of a person (aka ‘naughty nudies’).
As mentioned, some of the offences covered by the Act include:
- unlawful interception of data
- cyber fraud,
- forgery and uttering
For the first time, the unlawful and intentional access of a computer system or storage device (aka hacking) has been written into legislation as a criminal offence, with section 54 imposing obligations on organisations in terms of which electronic communications service providers and financial institutions, for example, must report such cyber offences within 72 hours of becoming aware of them.
Why does South Africa need the Cybercrimes Act?
In the period of January 2020 to February 2021 an Interpol partner, Micro Trend, recorded millions of cyber threats:
- Email: 679 million detections
- Files: 8.2 million detections
- Web: 14.3 million detections
With 230 million threat detections in total occuring in South Africa alone, this number puts SA in third position for highest number of cybercrime victims globally and costs R2.2 billion annually. Furthermore, with the risk posed by ransomware and other denial of service attacks to public and healthcare infrastructure particularly, highlights the clear and urgent need to define cyber crimes, write them into statute and create and empower law enforcement entities to investigate and prosecute such cyber crimes.
Cyber criminality is spreading like wildfire. There has been a 100% increase in mobile banking application fraud, which is estimated to run as high as 577 malware attacks an hour. The South African Banking Risk Information Centre (SABRIC) showed that gross fraud losses on South African cards skyrocketed by 20.5% from 2018 to 2019, but this number doesn’t even factor in the massive increase in Covid-19 related phishing attempts, and statistics don’t account for the financial, emotional and mental impact on victims. Another rising concern is cryptocurrency scams, in which cyber criminals attempt to trick victims out of their cryptocurrency, with two of the world’s largest scams taking place in South Africa in the past year.
FinGlobal: trusted global financial services provider
With so many cyber threats out there, you’ll feel much better knowing that we take every security precaution necessary to ensure that your data and your money is secure.
- We are a licensed Financial Services Provider (# 42872) with the South African Financial Sector Conduct Authority (FSCA) and registered as an accountable institution with South Africa’s Financial Intelligence Centre (FIC).
- We are authorised to act as a Treasury Outsourcing Company by the South African Reserve Bank (SARB).
- We run an SSL Security Certified website to provide for secure online connections and ensure that all our client interactions with us are encrypted and remain completely private.
- We take compliance with the Consumer Protection Act 68 of 2008 (CPA) and the Protection of Personal Information Act 4 of 2013 (POPI) very seriously.
Interested in learning more about FinGlobal? Leave us your contact details and we’ll be in touch.