You are currently viewing our desktop site, do you want to download our app instead?
Moneyweb Android App Moneyweb iOS App Moneyweb Mobile Web App

NEW SENS search and JSE share prices

More about the app

Hackers up the ante on South African companies

SA second most targeted in the world – report.
It takes the average company 220 days to know it has been breached. Picture: Bloomberg

While financial services company Liberty may have suffered the biggest data breach ever in South Africa, losing between 20 and 40 terabytes of data contained in e-mails and attachments, it is not the only listed company to have been targeted by hackers.

JSE-listed construction materials firm Afrimat has been the target of several hacking attempts. Most recently a third party contractor inadvertently released a day-zero attack into its network. This is a cyber attack that occurs on the same day a weakness is discovered in software (which means no anti-virus software will pick it up), enabling hackers to exploit the gap before a fix becomes available from its creator.

“We became aware of the attack as it happened and were able to stop it at the point of infection,” says Johan du Plessis, GM of Technology Systems at Afrimat. Who the hackers were and what their objective was, one can only speculate. “These guys are almost impossible to trace,” he says.

In another attack, ransomware infected the company’s development server. This is malicious software that blocks access to a computer’s files until a sum of money is paid. “Our systems picked this up immediately and ensured that it could not be distributed to our other servers and devices on the network,” says Du Plessis. “We could then isolate the software before it could do real harm or cause a loss of production.”

Afrimat was not always so lucky. Two years ago ransomware infected its entire server environment. “The attack happened on Saturday and we discovered it on the Sunday. We were down for nine hours but we had a disaster recovery plan and were able to get the systems back up before operations began on Monday morning.”

At that point J2 came on board and we deployed their layered approach to cyber security. “It was a matter of time before one of these attacks caused real damage,” Du Plessis says.

According to PwC’s Global Economic Crime and Fraud Survey for 2018, South Africa is the second most targeted country in the world when it comes to cyber-attacks. The reason for this, says John McLoughlin, CEO of J2 Software, is a combination of naïve users, poor policing and immature laws.

While South Africa’s Protection of Personal Information (PoPI) Act was signed into law in 2013, it has not become fully operational as the Regulator is not yet operational. PoPI is also not as prescriptive as Europe’s General Data Protection Regulation (GDPR), which became operational at the end of May this year, says McLoughlin.

The GDPR requires that businesses take steps to protect the personal data and privacy of the EU citizens who are their clients. Unlike PoPI, if something goes wrong and private data falls into the wrong hands, that company is required to inform their clients within 72 hours.

“The reason you have never heard of data breaches at listed companies is not because they have not happened, it’s because they don’t have to tell you,” adds McLoughlin.

Afrimat came to recognise that most cyber threats are activated from within a network – so building the highest wall possible is not effective. “We started small, applying J2’s layered approach to security,” says Du Plessis.

The first layer included installing anti-virus software on every machine and mobile device that accessed the company’s network. The second layer saw Afrimat setting up a system to protect itself from the world wide web (the system advises which sites employees can and can’t visit and what software they can and can’t download). The third layer focuses on email – the number one way hackers target businesses and employees. “Every email is scrutinised by the software, with the result that about 60% of mails coming into the company are stopped because they are spam or malicious,” Du Plessis says.

He adds: “We have not taken these steps because we suspect our staff of malicious attacks. Very often the user acts innocently – by inadvertently clicking, downloading or opening something that is potentially dangerous.”

A year later Afrimat added another layer of security in the form of behavioural analytics. This does not mean a beefcake of a man is watching employees’ every move via hidden cameras. Instead a software system called Dtex monitors users’ online behaviour. “We have no interest in what our users are doing until they do something unusual, and it is this that the system flags,” says Du Plessis. “For instance, is someone copying large quantities of data? Are they saving it to an external drive? This is what we want to know.”

While Afrimat has not had to march anyone off its premises, one Cape Town based call centre operator has done so, says McLoughlin.

The call centre ran several concurrent campaigns for financial service providers, with Chinese walls separating each campaign, and one overarching manager. It turned out that one manager began accumulating user data from the different campaigns, which she compiled into a ‘work’ folder. She then uploaded this into her Google drive. This was unusual and the system flagged it as such. “Within an hour she was marched out the building,” McLoughlin says.

Visibility over your network and what your people are doing is like gold, he adds. The minute someone clicks on something that is compromised, you need to know. “Yet it takes the average company 220 days to know they have been breached.”

In Liberty’s case, the company knew there had been a breach of its systems because the hackers told them so, and then proved it by publishing some of the information – since removed.

“It’s scary out there,” says Du Plessis. “It’s not so much about cybersecurity – it’s about cyber resilience. It’s not if, it’s when. And then, are you able to bounce back within four hours with no loss – either physical or reputational?”

Please consider contributing as little as R20 in appreciation of our quality independent financial journalism.



Sort by:
  • Oldest first
  • Newest first
  • Top voted

You must be signed in to comment.


There is a difference between being attacked and having poor or no security policies. From the article above, Afrimat did not follow any IT best practises and the attacks were possible because:
– Corporate network had no antivirus
– No proper network firewall and intrusion detection
– IT staff (development team) accidentally installed ransomware and zero-day malware

This is probably the highest level of negligence you can have in any company’s IT environment.

It is surprising that despite all those incidents, Afrimat has not introduced any disciplinary action against any staff.

Were we reading the same article? Third-party compromise via contractors is one of 3 most common reasons for compromise along with insiders and email. Look it up.

The fact they could detect and respond before any damage was caused points to a far more mature security program than most businesses. Breaches cannot be 100% prevented – the ability to fix it without damage to the business is first prize.

Hackers globally come to realise, where there’s third world countries with ignorant populations having access to the web, it’s like taking candy from a child.

In SA we have a combination of a shortage of (good) IT skills, despite the few remaining techies doing a great job, and MOST ( did Malema state it? “most, but not all..”) of the SA population vastly ignorant. (..that excludes most Moneyweb readers *lol*)

Third world people coming into contact with developed world tech.

At least I keep my “Kas Perskes” up to date, to keep (some) of the fruit eating goggas away 😉

on the news, even the site been hack.

I have used the services of Investigators247. These guys are genius! They get the job done with precise and accurate information and within a good time frame. I wanted to be sure if my wife was having an affair I suspected with her gym instructor. I just needed to be sure. These guys helped me with a Phone hack, I think they are based in the United States. I wasn’t wrong because I saw the chats and text messages. When I confronted her she couldn’t lie about it. I was right! If you need any PI or hack services you can check their website. INVESTIGATORS247 DOT COM

i was scammed for a huge amount of money, devastated i started to search for help. someone referred me to hire the professional services of [B I T C O I N R E C O V E R Y @ Consultant. Com] an expert and private investigator, i sent emails stating my complains with evidences and as soon as I explained what had occurred they immediately gathered my case together, within a few days i got result. i got all my money back! Bitcoinrecovery Consultant Com IS very efficient and was honest they performed an amazing task, legitimately a group of professionals that guided me through the whole recovery experience and help do RECOVERY OF LOST FUNDS ON BINARY OPTIONS, Bank Accounts Loading ( Only USA Banks), Credit Cards Loading (Only USA CC’s)’, Keeping Tabs on Employees or Doing Online Background Checks, Retrieval Of Lost Files, Hacking Of Server, Database. I cannot thank them enough, I can now live happy again!w

End of comments.





Follow us: