Cyber Crimes and the SA Cyber Security Bill

Nothing has moved on the adoption of the Bill, which remains before the National Council of Provinces, although it is hoped that the NCP will agree on the Bill and return it to the Assembly for adoption early in 2020. Meanwhile, the Cyber Crimes Hub, set up last year remains toothless. The situation is exacerbated by the non-implementation of the Protection of Personal Information Act (POPIA). The latest from that being that the Regulator is keeping itself busy by negotiating industry-specific codes of conduct. The official story is that there was not enough money allocated in 2019 to cover the costs of the Regulator if the Act was implemented (implementation requires notice from the Minister of Justice in the Official Bulletin).

Meanwhile, as this Newsletter has reported a number of times over the year, malware, ransomware and hacking attacks have increased steadily in SA – and throughout the world. Some of the most widely-recognized tech brands have suffered from data breaches, from increasingly sneaky malware to highly-targeted phishing attacks, which increased worldwide by 250% this year. It just takes one team member on the wrong end of a phishing campaign to ruin a startup-stage business overnight. And it is not just malicious actors that fintech and ecommerce startups need to be worried about, as there are threats coming from all angles. According to Verizon’s Insider Threat Report, 57% of database breaches involved some kind of insider threat from within an organization (usually due to bored or dissatisfied staff). One area which EFSA members need to consider carefully in 2020 is “Instant EFTs” which can allow unscrupulous players to “scrape” customers’ financial data and make off with it.