Volume 21, Issue 1

A Note from Our Guest Editor


Styled image of the word Editorial

Winter 2022

Cybersecurity has evolved over the years, and today cyberattacks instigated by cyber-criminals, nation states, or insider threat actors are part of regular headline news. In South Africa and around the world, the number of cyberattacks or incidents in the public and private sectors have been on an increase over the past few years, but are more prominent since the emergence of the COVID-19 pandemic. The ransomware attacks and data breaches are more common. Recent research studies indicate that in 2020 countries such as India reported over 50 000 cybercrimes (12% increase from previous year) and Australia reported a 13% increase in 2020 with one in four of the cyber incidents targeting critical information infrastructure. In August 2021, the Information Regulator indicated that close to 40 organisations reported suffering a security breach in South Africa. All these cyber incidents come at a cost estimated to be at $500 billion per annum, negatively impacting 20% of the businesses; whilst in South Africa, the South African Banking Risk Information Centre (SABRIC) predicts cybercrime losses to be over a billion every year and that the attacks will be increasing. The developed countries are not protected either, as a recent study from Checkpoint indicates that ransomware attacks have increased by 93% in 2021 with Europe, the Middle East, and Africa seeing the highest growth. In the United States, authorities have also observed over 500 attacks in 2021 that have been perpetrated by the Conti ransomware.

National Cybersecurity Implementation in South Africa: The Conundrum Question


The key to a nation’s success is the development of workable strategies, security strategies, and especially a cybersecurity strategy. A problem identified, which this paper addresses, is that there is no visible National Cybersecurity Strategy for South Africa. In contributing to the resolution of this problem, an analysis of the implications of not having a National Cybersecurity Strategy in South Africa is presented in this paper. A combination of the process-based research framework, content analysis, and a subset of the National Institute of Standards and Technology (NIST) framework that we label ‘Prevent, Detect, Respond, and Recover’ (PDR2) are used to perform the analysis. 

Building an Integrated Cyber Defence Capability for African Missions


Cyberspace has been designated by organizations such as NATO as the fifth domain for battlespace, and many nations are already having and/or building their capabilities in the cyber defence environment in order to protect and defend their assets against any onslaught by their adversaries. It is a common belief that many African countries are not well positioned or prepared to respond effectively to cyberattacks against their citizens, critical infrastructure, and government. In many instances, the gap can be traced to the shortage of skills, lack of cybersecurity readiness and preparedness, and lack of investment in cybersecurity programmes, including policies within the military’s strategic, tactical, and operational environments.

Review of Cyber Security and Policy Implementation within South African Health Institutions


The evolution in digital technologies and the Internet, in particular, has had a profound effect on the way healthcare institutions operate, assist patients, and manage personal healthcare data. In the same vein, various healthcare systems, particularly Electronic Health Information Technology (EHIT), present new opportunities for different healthcare institutions. As the exposure to and use of the Internet in the health sector continue to increase, so have the opportunities and benefits offered to applicable stakeholders. However, threats to the security, privacy, availability, and integrity of healthcare data and systems have also increased. 

Preparing for the Fourth Industrial Revolution: Recommendations to Adapt Cyber Security Governance and Skills in South Africa


As the Fourth Industrial Revolution (4IR) is unfolding in the society around us, gaps and opportunities are revealed in terms of cyber security governance and policy responses. Therefore, within this article, the shortcomings of cyber security implementation in South Africa are identified and recommendations are made in terms of cyber security governance, policy, education, and awareness. In terms of governance, the maturity of South Africa’s implementation systems is analyzed using the international metric systems.

The Evolution of Cyber Threats in the South African Context


Cyber threats and criminals continue to evolve their modus operandi in order to take advantage of users. Globally, threat vectors may be modified in order to provide a new avenue of exploitation. This paper provides an assessment of the development of cyber threats in the South African context. The aim is to create awareness of how cyber threats are developing and advancing. In this paper, the authors investigate the progression of existing threats globally and how threat actors are adapting their tactics in order to further exploit users. For the South African audience, it aims to provide a fresh perspective on how threats will advance in the short term so as to develop more adaptive methods of defence and security.

Dark Web Traffic Analysis of Cybersecurity Threats through South African Internet Protocol Address Space


Cybersecurity crimes masterminded on the dark web pose social security threats globally and open a conundrum for researchers in the field of security informatics. The concealment of orthodox search engines has made it extremely hard for law enforcement agencies to track specific websites that pose great cybersecurity threats. This study applies the method of dark web crawling to track traffic with a high tendency for cybersecurity threats. The results indicate the malicious use of dark web in South Africa. The outcome of this study can help create an accurate revelation of cybersecurity threats that will assist law enforcement agencies in combatting cybercrime.

Utilisation of the Cyber Security Challenge for Learning within the South African Perspective


Globally, cyber security is one of the fastest growing fields—where the number of cyber warfare and jobs for cyber defense professionals far outpaces the number of available professionals. Industry and government professionals in South Africa who have seen and experienced these gaps are involved in various initiatives to support cyber security education. One such initiative is the annual Cyber Security Challenge, with the main aim to introduce students to the real-world applications of cyber security, to motivate them to consider a career path in this industry, and to expose them to cyber warfare and defence as career options.

A Cybersecurity Architecture That Supports Effective Incident Response


A Cybersecurity Operation Centre (SOC) is a centralized hub within an organisation that houses people, processes, and technologies aimed at continuous monitoring of the organization’s assets in order to prevent, detect, analyse, and respond to cybersecurity incidents against that organisation. SOCs are critical to the collection, analysis, and response to cybersecurity events and incidents faced by an organisation. This article discusses the architecture of an SOC that enables quick and timely responses to events and incidents. Firstly, the article describes an architecture of the SOC, the SOC’s processes, personnel, and technologies. Secondly, the article discusses what type of information and logs should be collected, analysed, and interpreted. Lastly the article discusses how to handle an incident through the six stages of incident response.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.
















Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.


Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455