South Africa, known to be ‘the world’s most internet-addicted country,’ finds itself plagued by the internet’s dark underbelly: ransomware.
It is the most targeted nation in Africa for these cyber-attacks and places eighth globally, according to the South African Council for Scientific and Industrial Research.
Despite its digital dependency, the country’s cyber strategy is still critically underfunded, and the government lacks a clear position in cyber governance debates, Joe Devanny and Russell Buchan, two researchers at the Carnegie Endowment for International Peace, have argued in new analysis.
The pair have urged the South African government to prioritize cybersecurity and adopt stronger cyber leadership on the global stage.
South Africa’s Cyber Strategy Remains Under-Funded
With 9.5 hours a day spent online in 2022, South Africans are the most connected people in the world.
In 2023, the country was also the most targeted by ransomware and business email compromise (BEC) incidents in Africa, according to internet provider Seacom.
A 2023 briefing by the South African Council for Scientific and Industrial Research reported that the Rainbow Nation was the eighth most targeted country worldwide for ransomware.
The country has made some efforts to thwart these threats. South Africa’s national cyber strategy was introduced with the 2015 Cybercrimes and Cybersecurity Bill.
This law created significant government entities to fight against cyber threats, including the military Cyber Command and the Department of Telecommunications and Postal Services’ Computer Security Incident Response Team (CSIRT).
The National Cybersecurity Policy Framework (NCPF) was also introduced in 2015.
In 2020, cybersecurity was mentioned as a “central national priority” in the Department of Defence Strategic Plan for 2020–2025.
“There is still time to influence the future shape and direction of South Africa’s cyber diplomacy.”Joe Devanny and Russell Buchan
However, Devanny and Buchan noted that, behind public-facing commitments to fighting cyber threats, the South African government has long kept cybersecurity a low priority and appeared reluctant to invest in it.
One example of this underfunding is the Cyber Command.
“Due largely to the deprioritization of defense expenditure, including on cyber defense, in favor of other spending priorities, South Africa’s Cyber Command is, according to its commanding officer, under-resourced and has not been able to develop sophisticated cyber capabilities or procure all the capabilities it requires from the private sector,” the researchers wrote.
One cyber-attack against state-owned infrastructure firm Transnet in July 2021 showed significant shortfalls in South Africa’s cyber defenses, with reports saying that Cyber Command was running on “limited space” with no dedicated facilities.
Similarly, the researchers said there has been skepticism about how much the Department of Science and Innovation, responsible for developing, coordinating, and implementing the national capacity development program for cybersecurity under the NCPF, has achieved in this remit over the last decade.
Cyber Diplomacy: South Africa in the Crosshairs
In their paper, Devanny and Buchan highlighted the ambiguous geopolitical position of South Africa on the international stage.
While the country developed a post-apartheid foreign policy based on the promotion of fundamental human rights, democracy, justice, and the sovereign equality of states under Nelson Mandela’s leadership, some critics argue that Mandela’s successors’ foreign policy lost the country’s “reputation as a principled member of the global community.”
In cyber governance debates, South Africa sometimes sides with the US and European states, campaigning to maintain the existing multistakeholder approach to cyber governance.
For instance, it has participated in the UN Group of Governmental Experts (GGE) and the UN Open-Ended Working Group (OEWG). It is also a party to the Budapest Convention on Cybercrime, typically seen as a Western initiative.
In April 2022, South Africa and the Netherlands issued a joint statement on cyber policy.
“This emphasized the importance of international mechanisms for ensuring an open, free, stable, and secure cyberspace, such as the OEWG and the International Telecommunication Union,” the researchers wrote.
In other cases, it has aligned with Russia’s cyber governance initiatives. For example, South Africa has participated in negotiations for a new cybercrime treaty, a Russian initiative.
“Although [it] appears to be playing a mediating role between the two camps, looking to find a compromise between them on this issue,” Devanny and Buchan wrote.
While the South African government has always insisted on its non-aligned position, including regarding cyber-related matters, the researchers regretted that it has said little about how cyberspace should be regulated going forward.
“That is, whether existing international law is sufficient (as maintained by like-minded states) or whether new legal initiatives should be developed (as argued by China and Russia).”
“All this implies that there is still time to influence the future shape and direction of South African cyber diplomacy,” Devanny and Buchan concluded.
South Africa’s Major Recent Cyber-Attacks
July 2019: City Power, Johannesburg’s electricity utility company, was hit by a ransomware incident that disrupted power supplies.
June 2020: Life Healthcare Group, South Africa’s second-largest private hospital, was subjected to a cyber-attack that affected admissions, processing systems, and email servers.
August 2020: Experian, a South African credit agency, suffered a massive data breach, compromising the information of 24 million people.
July 2021: Transnet, a state-owned rail, port, and pipeline company, was hit by a ransomware attack, causing significant disruption to transportation and extensive economic harm.
September 2021: Threat actors encrypted the IT systems of South Africa’s Department of Justice and Constitutional Development.
August 2023: Orange Cyberdefense reported that the South African National Defence Force (SANDF) suffered a massive data breach. The hack was claimed by the Snatch threat group. Siphiwe Dlamini, a Department of Defence spokesman, denied there had been any leak, while SANDF’s Brigadier General Andries Mahapa dismissed claims about any leaked or stolen data as “fake news.”