The Protection of Personal Information Act imposes specific obligations on businesses to maintain the integrity and confidentiality of the information that they process. This includes taking technical and organisational measures to prevent unlawful access to information in their possession or under their control.Implementing appropriate safeguards to address these risks ; and
As bad actors continue to update their techniques , businesses are similarly required to update their safeguards to address these new risks. These practices may differ depending on whether a business is, for example, part of the telecommunications, insurance or financial services industry.
A typical ransomware attack constitutes cyber extortion and fraud, and is considered an “aggravated offence” if the ransomware targets a “restricted system” . The South African courts have, however, yet to convict a cybercriminal under the Cybercrimes Act of 2013 for committing a ransomware attack.A victim of a ransomware attack is placed in a very difficult position.
The Cybercrimes Act, which makes it illegal to aid, abet, induce, incite, instigate, instruct, command or procure another person to commit an offence such as cyber extortion; and