The Whitehouse announced in the course of January of this year that President Barack Obama and Prime Minster David Cameron have agreed to cyberwar games to assist the United States and the United Kingdom in finding constructive ways to combat cybercrime. This comes on the back of statistics in the past few years which reveal a spike in the number of cybercrime incidents recorded globally. The Norton Report presented by Symantec in 2013 puts into perspective the global prevalence of cybercrime, reporting on more than 500 million victims that have been affected by cybercrime in a year, at the cost of more than US$113 billion to the global economy.
South Africa is not immune to this scourge. To the contrary, the same report ranked South Africa as the third highest country, after China and Russia, out of the 24 countries surveyed. The report's finding that 73% of South Africans in 2013 were victims of cybercrime is astounding and definitely a cause for concern.
The ubiquitous spread of cybercrime in South Africa is further evidenced by a report late last year from the Gautrain Management Agency that their financial department has been hacked in an attempt to defraud the agency of R800 million. Unfortunately news of this nature does not bode well for South Africa when considering how well-equipped we are to address cybercrime.
Chapter 13 of the Electronic Communications and Transaction Act, No 25 of 2002 (Act) provides the original framework created by the Department of Communications in relation to cybercrime. Notably, s86 of the Act strictly prohibits unauthorised interception of data. This section further criminalises the willful use of a device or a program to override any security systems meant to protect data and any violation of these provisions may result in criminal prosecution.
South Africa also adopted the National Cyber Security Policy Framework in March 2012, which seeks to define measures that are designed to address cyber threats at national level. The framework seeks to strengthen " intelligence collection, investigations, prosecution and judicial processes, in respect of preventing and addressing cybercrime, cyber warfare, cyber terrorism and other cyber ills." The framework also introduces new institutional mechanisms to address cybercrime such as response committees and a cybercrime security hub.
Since the adoption of the framework little has been done, with the appointment of a National Cyber Security Advisory Council only taking place in October last year, some 18 months later. The Police Minister also announced in October last year that a draft cybercrime policy and strategy had been drawn up in order to forge a national policy and strategic approach to fighting cybercrime. Industry experts have continued to express concerns regarding the lack of implementation.
When considering that a significant part of the defence budget in many nations is now being re-directed to assist with cybercrime initiatives, South Africa will need to rethink its own approach to ensure that it starts to develop the necessary skill set and mechanisms to address cybercrime, and prevent the risk of being a target for cyber criminals.