South African mobile networks fortified against cyberattacks

South Africa’s major mobile networks are confident in their ability to mitigate cyber threats, with one revealing that it had increased its cybersecurity budget for 2025.

The severity of data breaches in South Africa has landed the county in fourteenth place on Allianz’s global rankings of states with the highest average cost of such an attack.

It costs South African firms R49 million on average, per the report.

Orange Cyberdefense’s latest CyXplorer report, which focuses on cyber extortion, revealed that Africa experienced a 100% increase in threats between April 2023 and April 2024.

The report noted that South Africa accounted for most incidents, highlighting the country’s increased vulnerability.

To find out whether the country’s mobile networks plan to increase their cybersecurity budgets to better mitigate these threats, MyBroadband contacted Vodacom, MTN, Cell C, and Telkom.

Of the four, only MTN reported that it had increased its cybersecurity budget for 2025.

“MTN SA has increased its cybersecurity budget for 2025,” MTN South Africa told MyBroadband.

“The additional investment is focused on advancing our zero-trust strategy, strengthening privacy controls, and improving operational efficiency through automation.”

The network mentioned that it plans to explore using artificial intelligence to improve its cybersecurity abilities and mitigate threats.

While South Africa’s other three mobile operators said they were enhancing cybersecurity measures, none mentioned allocating additional resources to the issue.

For instance, Vodacom said it was taking a more strategic approach to handling cybersecurity threats.

“Vodacom is taking further significant steps to enhance its cybersecurity measures,” a Vodacom spokesperson said.

“By continuously assessing potential risks and vulnerabilities, the company takes a proactive stance and aims to stay ahead of cybercriminals who are becoming increasingly sophisticated in their methods.”

On the other hand, Telkom said that while cybersecurity is of primary concern, it will not reveal budgetary details.

“While specific budgetary details are not disclosed, we can confirm that cybersecurity is a top priority for the company,” Telkom said.

“Telkom remains steadfast in its commitment to robust cybersecurity measures, continuously evolving our strategies to address emerging threats and safeguard our information assets.”

However, the mobile network said it is investing in technology to strengthen its ability to respond to incidents.

Cell C, which recently revealed that it had two terabytes of information stolen from its systems, told MyBroadband that it is aware that cybersecurity is a critical investment in today’s age.

“There is a continuous focus on enhancing our cybersecurity measures and IT environment to stay ahead and address evolving risks effectively,” Cell C said.

“We regularly review and assess potential risks to the data we process and implement proportionate, industry-standard security measures to mitigate these risks.”

The group behind the Cell C data breach, RansomHouse, infiltrates organisations through phishing attacks, exploiting vulnerabilities, or leveraging poor cybersecurity practices.

Fortunately for the South African mobile operator, the group, which emerged in March 2022, claims to focus on data theft rather than encrypting victims’ systems to distinguish itself from traditional ransomware groups.

This is according to Diana Selck-Paulsson, lead security researcher at Orange Cyberdefense, who added that RansomHouse exfiltrates sensitive data from breached systems and demands payment for not leaking it.

Rather than encrypting systems, this approach allows RansomHouse group members to avoid detection for longer, as there is no immediate operational disruption.

The group has significantly impacted South Africa in recent years, attacking Checkers owner Shoprite in June 2022 and Cell C in November 2024.

“However, given the fact that these Cyber Extortion (Cy-X) operations operate globally, we don’t see South Africa proportionally heavily impacted by this particular Cy-X operation,” said Selck-Paulsson.

She added that there are currently no other known RansomHouse victims exposed in South Africa but noted that the victimisation process can take several weeks or months.