By Servaas du Plessis, CEO, XTND

We are well aware of the physical dangers that exist in South Africa. This is the headline in the majority of media outlets: the contact and violent crimes we face on a daily basis. People who can afford it spend a significant amount of their after-tax money on physical security, safety fences, home, business, and vehicle security, and the more security we have to protect ourselves and our property, the larger the discount we receive from insurers.

The risks we face right now are largely invisible to the general public. Since COVID-19 and the new way of working, this threat has expanded to become the greatest in the world.

Contact crimes in South Africa have increased by around 15% over the past year, but cybercrime has increased by more than 200%, suggesting that nameless hackers are much more active.

Cybercrime, like contact crimes, is a crime category. It is more than just a single incident description because it takes many forms with various approaches and goals. To bring this closer to home, I believe it is critical to avoid jargon and technical explanations so that people can understand what it truly means and why we should be concerned.

A practical example

Let’s take a look at a real-world example of cyber risk exposure. Most of us nowadays carry smartphones in our pockets. These mobile devices have a computing power 100,000 times that of the technology used to land the first man on the moon. In most cases, our personal mobile devices also serve as a gateway into your business network. Most people receive emails from their employers on their smartphones. 

People don’t realize that their mobile phones are, in most cases, an open front door to the inner workings of the company for which they work.

In 2021, CISO magazine published the results of organizational threat surveys. According to the findings, cybercriminals used mobile threats in a variety of ways to attack 97% of organizations.

Employees not only bring their phones to work, but they also use them to send work emails, store corporate data, and call clients and partners.

Some of the recent hacks that have had a significant impact on people include hacking social media accounts, accessing a mobile device, and allowing a disgruntled employee to publish racial slurs on his social media account—despite being exonerated in the end, the user spent time in prison following his arrest and spent several thousand Rand on legal fees. His reputation, on the other hand, has been harmed and will continue to be harmed because not everyone is aware that he was innocent, and that part of the news is usually in small print somewhere on page 11 of the newspaper. We’ve seen how revenge postings, such as intimate photos and videos, have ruined people’s reputations in our own country and around the world. Not to mention the thousands of people who are still attempting to clear their names after cybercriminals stole their identities and used their credentials to rack up massive bills.

So, what can we do to avoid becoming a victim of cybercriminals?

Cybercriminals use a variety of attack vectors to hack mobile phones.

5 common cyber threats to mobile security.

#1 Social Engineering Attacks  

Phishing has become one of the most prevalent threats to mobile security. Phishing is not limited to emails only; we see this approach in gaming, messaging, and even social media.

#2 Mobile Malware

Mobile malware is ever-growing and specifically designed to hack your mobile phones. It comes in all forms: spam, rogue applications, weaponized links on various websites, etc. In fact, it is the second most prevalent malware type, affecting about 35% of organizations worldwide. The malware is used to monitor your activities, steal your data, and intercept your communication. (Source: Social Media Matters)

#3 Unsecured Wi-Fi

No, it is not only free public Wi-Fi – most home networks are not optimally secured with the same login and password as when they left the factory. If you use it to access personal or confidential information like bank accounts, it opens the door to man-in-the-middle attacks, and we have seen many examples of data leaks that occurred using this method.

#4 Poor Password Practices

The dreaded password practices, people can’t remember their passwords for the various platforms they use. An easy way out is to choose a simple password and replicate it across all your accounts. This makes your device vulnerable to cyber criminals hacking into your phone.

A very common mistake is to further try and think like a computer instead of humanizing your password.  Instead of using multiple characters, uppercase, and special characters to form a word, use a sentence that makes sense to you. For example, computers can’t think like us. Instead of using your dog’s name, i.e., Brutus@123, rather make it say something about your dog like – “Brutusis@bl@ckscottisht3rri3r”

#5 Outdated Security Mechanisms

Ensure that software update alerts are enabled on your mobile and update your device every time it indicates that updates are available. It is recommended that businesses incorporate end-point device security into their BOYD policy to ensure they maintain control over the devices connecting to the network.