Following some of the major data breaches in 2022/2023 ,and others such as the CIPC breach in South Africa in February 2024, Cyber Security continues to be a major issue in Africa with monthly data breaches growing to over 150 a month in South Africa alone in early 2024, up from an average of 56 per month in 2023, according to the South African Information Regulator.
The Google H1 threat report 2024, also reports that threats have increased in both number and in sophistication and that they have targeted all IT environments— on premise, mobile, IT/OT, and cloud environments. The report found that Issues specific to cloud providers were often due to company’s security hygiene or misconfigurations rather than underlying vulnerabilities.
Leading causes of cyber and data breaches
Memory safety vulnerabilities are a leading point of attack and account for a significant number of the security breaches worldwide. New security testing and scanning tools such as MobSF, Wiz and Orca are helping to circumvent some of these attacks however, breaches continue as these kinds of issues are often difficult for a code review process to find.
One useful approach is utilising a memory safe programming language in your software development.
Memory safety is the state of being protected from various software security vulnerabilities when dealing with memory access, such as buffer overflows and dangling pointers.
Some examples of memory safe programming languages are Java, Rust, Pascal Ada and Swift.
Java is said to be memory-safe because its runtime error detection, checks array bounds and pointer dereferences.
Languages considered not memory safe and open to exploitation are the likes of C and C++ that have no provision for bounds checking and are considered memory unsafe.
Additional common causes of ransomware and data theft
- Weak credentials – Default password usage or lack of passwords in cloud applications and systems
- Misconfigurations and errors in cloud application and system security settings
- Weak storage defences such as anticipated bucket naming conventions
- Third-party issues in areas such as software supply chain risk, and insufficient access management
As business are facing unprecedented levels of cyber-attacks, it is critical that security strategies incorporate all of these areas of vulnerability and that active steps are taken to improve systems and IT structures.
