A combination of increasingly sophisticated propagation technologies and continued economic uncertainties resulting from the COVID-19 pandemic have seen the number of financial malware attacks reported in South Africa during the first half of 2021 increase by more than 10 400 over the comparative period last year, according to Kaspersky research.
“Of these attacks, 24% targeted corporate users. This makes financial malware attacks a significant cybersecurity risk facing the local market today across both the consumer and business sectors,” says Bethwel Opil, enterprise sales manager at Kaspersky in Africa.
Local organisations have become susceptible to financial malware as more employees work outside their office premises.
Says Opil; “This increase seen in financial malware attacks in South Africa reiterates the urgent need for cybersecurity awareness training programmes and substantiates our focus around this into the corporate landscape. What is also interesting to note is that Kenya and Nigeria, two other African countries that we monitor closely, show a different picture, having seen a decrease in financial malware attacks by 68% and 35% respectively. Ethiopia on the other hand has seen a staggering 142% increase in H1 2021. In my opinion, this makes it difficult to pinpoint a particular targeted country or sector at any specific time. In fact, it emphasises our message that malware and other cybercrime is a global, persistent problem that we all need to guard against.”
Some of the best practices that must be employed include having employees only install applications from reliable sources, such as official app stores. Even so, they must always examine the permissions the application requests. If these permissions do not match the intended function of the programme, then it must be questioned and brought to the attention of the IT administrator. Companies and consumers alike must also install trusted security solutions on all their devices connecting to the internet to help safeguard against a range of financial cyber threats. And throughout this, it remains important to ensure all software has the latest security patches and updates installed.
Beyond the fundamental cybersecurity solutions and training, companies must consider using the likes of anti-advanced persistent threat (APT) and endpoint detection and response (EDR) technologies to further shore up the defensive posture of the network environment.
“With the landscape unlikely to change for the foreseeable future, it is best to combine sophisticated cybersecurity solutions with continuously evolving training to keep employees appraised of the latest threats, especially when it comes to financial malware”, Opils said.