In late January, South Africans discovered their national weather service had been taken offline by a cyberattack from an unknown source.
The attack that took down the weather service on January 26 followed a failed attempt the day before, according to South African officials. The breach did not block the service from using its weather forecasting technology, but it did block the service’s ability to report aviation and marine forecasts and shut down its email system and website. The cyberattack also affected Mozambique, Zambia and other countries that rely on South Africa for weather forecasts.
The attack against the South African Weather Service is part of a broader pattern of cyberattacks across the continent. Attacks rose by 37% in 2024 compared to 2023. Worldwide, attacks rose about 30%, according to cybersecurity company Check Point Software Technologies.
As one of the continent’s countries with the highest internet connectivity, South Africa has become a major target for cybercriminals.
“The attack surface has increased, while the attacks by cybercriminals have grown in frequency, strength and severity,” Adius Ncube, a senior advisor with South Africa’s Oliver Wyman risk management company, wrote for the Daily Maverick.
Cyberattacks are also increasingly targeting the nation’s critical infrastructure, including health care systems, utilities and ports, he noted. In 2024, South African organizations and government agencies, on average, each experienced 1,450 cyberattacks a week.
Among the attacks on government institutions, cyberattacks:
- Shut down blood testing at the National Health Laboratory Service, which screens for tuberculosis, HIV/AIDS, mpox, among other things.
- Breached the Companies and Intellectual Property Commission, which handles registration of businesses and intellectual property rights.
- Hacked the Government Employees Pension Fund, Africa’s largest pension fund, worth more than $85 billion.
Even the State Security Agency, which tracks foreign and domestic threats, was not immune from attacks The agency was hacked just days before the 2023 BRICS economic summit.
In a presentation to South Africa’s Parliament last July, Minister in the Presidency Khumbudzo Ntshavheni acknowledged the “exponential increase” in cyberattacks on government institutions and the impact they can have on the economy.
“In our efforts to strengthen cybersecurity, we are hard at work building and strengthening our capabilities and capacity to proactively combat emerging cyberthreats and potential cyberattacks on our communications environment,” Ntshavheni said.
The government will speed up the implementation of its decade-old National Cyber Security Framework to improve the response to attacks, she said
Critics of South Africa’s cybersecurity say that even though the government has made some strides in cyber readiness, including creating a military Cyber Command, more must be done.
“The reality, however, is that other issues have been consistently ranked above cybersecurity,” analysts Joe Devanny and Russell Buchan wrote in 2024 for the Carnegie Endowment.
Ncube is among those calling for the government to invest more in cybersecurity and to take a more strategic approach to protect its online resources.
“While South Africa has yet to experience a truly devastating attack, it’s certainly not immune to one,” Ncube wrote. “Experts agree that in the case of South Africa, as with most countries, it is only a matter of time before the country experiences a highly disruptive attack.”
Even as the government pledges to step up high-level cybersecurity efforts, the true defense against malicious hackers starts with individual users, Ncube noted. For that reason, the government and businesses must educate internet users about the risks they face from cyberattacks. The majority of cyberattacks begin by tricking an individual internet user into opening an innocent-looking email or message.
“While an integrated approach won’t stop every attack, it will prevent many more than allowing organizations in charge of critical infrastructure to each take care of their own cybersecurity needs,” Ncube wrote. “Moreover, such an approach can also help mitigate the impact of any such attack.”