Is South African news media giving cybersecurity enough attention?

media update’s David Jenkin spoke to technology journalists to gauge their thoughts.

Clear and present danger

Ransomware is a form of malicious software that locks access to a computer system or a user’s data until a sum of money (in cryptocurrency) is paid. The practice has been on the rise globally, but the scale of the WannaCry attack, with over 200 000 victims in 150 countries, was unprecedented.

When asked if he believed the WannaCry attacks should have received more attention in South Africa’s mainstream news media, Brendyn Zachary, htxt.africa journalist, answered without hesitation: “Definitely.”

“The danger is clear and unless folks know that they are in danger, they can't do anything about it,” says Zachary. “I think what people forget is that the internet is inherently borderless, more so when dealing with cyber criminals. Just because we're at the bottom tip of Africa, doesn't mean that we aren't a target.”

As the WannaCry outbreak spread, the public were repeatedly warned not to click on suspicious links, but he equated that to putting on a warm jersey because it’s wet outside. “Sure, you’re warm,” he explains, “But you’re still getting wet. Cybercrime is just like that, telling folks to only focus on one area may open them up to other issues.”

Zachary believes there needs to be more awareness around cybersecurity in South Africa. Attack vectors are changing constantly, he adds, and people need to have their wits about them.

A lucky escape

Freelance technology journalist and consultant, Adam Oxford, says that it was by ‘some sort of miracle’ that South Africa wasn’t more severely impacted by the WannaCry outbreak.

“This isn't the first ransomware attack,” he says, “It probably won't be the biggest for long and just because we escaped this time, doesn't mean we're going to be okay next time.”

Part of the reason for South Africa’s escape, Oxford says, was a relatively low number of users still on Windows XP (the most vulnerable operating system to WannaCry) with a figure of 3.66%. In comparison, Russia, which was badly affected, has 7.14%. The timing of the outbreak, which occurred on a Friday after government workers had logged off, may also have helped.

“Hopefully this is a wake-up call. An attack that can disable the entire health system in the United Kingdom should make us all realise we're more vulnerable,” says Oxford. He admits, however, that he isn’t hopeful, given the paucity of coverage in South Africa’s media.

The media’s duty

While Oxford says he believes ‘absolutely’ that the media has a responsibility to educate the public about the security implications of using modern devices, he notes that this can only go so far. There are larger issues in the technology sphere that aren’t receiving enough scrutiny in mainstream media, the issues which put users at risk in the first place.

To illustrate, Oxford points to the way smart devices are imperilled once the manufacturer stops releasing updates - which can be after as little as two months. Governments develop malware or push for backdoors, and collect data irresponsibly. Also, those in the public or private sector that wilfully or negligently allow users to have critical data, or services put at risk, should be held to account in a meaningful manner, he says.

“What we see is that media houses are laying off, not willing to pay for, or simply not training journalists with specialist technical knowledge,” he despairs.

In the last five years in South Africa, Oxford says he has noticed a decline in the number of journalists capable of reporting on such issues intelligently, and there is a pervasive tendency to see these as niche or ‘nerdy’ issues best left to international experts at US tech sites.

“We need to cultivate local knowledge and understanding, and we're not.”

He adds, “The problem is that mainstream news sees this as a very complex issue and runs screaming from it, which is madness. This attack is really only a taste of the damage that can be done. As more of our lives are digitised, we become more vulnerable.”

Advising the public

Zachary says that, beyond merely being cautious of suspicious links, users need to look at things like a site’s URL, and to be careful of email attachments. They should also use a different password for every website, and be wary of the apps they download, install, and update.

“Updating software is a big one, especially in South Africa where data is rather expensive,” he says. “People don't want to use their data to download a 500MB patch for Android but the reality is that the update may contain important security patches.”

“Suspicious links are just one attack vector of hundreds available to cyber criminals and telling folks that [avoiding them] is all they need to do, is irresponsible,” he concludes.
Oxford says, “I'd like consumers to take more personal responsibility – to learn the basics of password protection, for example. But I'm sceptical it will ever happen on a scale capable of stopping this kind of attack.”

Want to stay up to date with the latest media news? Subscribe to our newsletter.

Interested in ransomware and cybersecurity? Read more in our article, Investec hosts US author and cybercrime expert, Marc Goodman