While digital transformation in these regions offers substantial benefits—such as improved governance, financial inclusion, and advancements in healthcare and education—the accompanying cybersecurity vulnerabilities pose significant threats to these advantages.

To effectively address this pressing issue, it is essential to understand the unique contextual factors, engage local stakeholders, and develop tailored strategic solutions.

By implementing proactive measures, we can safeguard sensitive information, mitigate risks, and work toward a secure digital landscape that empowers communities across the Global South. Expert insights, such as Bitsight’s recommendations, provide practical guidance for preventing data breaches and enhancing cybersecurity resilience in these regions.

1. Understanding Data Leaks in the Global South

Data leaks refer to the unauthorised exposure of sensitive or confidential information. In the Global South, these incidents often occur due to technical issues, organisational weaknesses, and human factors.

Common Causes:

In regions with low cybersecurity awareness, phishing and social engineering tactics are particularly effective because attackers exploit trust and a lack of digital literacy to deceive individuals into revealing sensitive information.

Moreover, economic hardship and inadequate employee screening processes increase the risk of insider threats, where internal individuals may leak data, either intentionally or accidentally. In areas with underdeveloped digital infrastructure, the physical theft of devices or storage media presents a significant risk for data exfiltration.

Additionally, poor training and insufficient understanding of data protection protocols often result in accidental leaks of sensitive information.

Unique Regional Challenges:

Many governments and businesses in the Global South face significant challenges in enhancing their cybersecurity measures, primarily due to limited financial resources. Tight budgets restrict their ability to invest in the necessary infrastructure to safeguard against cyber threats. Additionally, while some countries have established data protection laws, the inconsistent enforcement of these regulations diminishes their overall effectiveness.

The heavy reliance on mobile devices and informal digital platforms further exacerbates vulnerabilities, particularly when security updates are infrequent or lacking. Furthermore, a prevalent issue is the migration of skilled cybersecurity professionals to more developed economies, leading to a talent shortage that undermines local capacity to address cybersecurity threats effectively.

2. Cybersecurity Thought Processes in the Global South

Understanding the prevailing attitudes and organisational practices is essential for creating effective cybersecurity strategies.

Reactive vs. Proactive Approaches:

Many organisations in the Global South tend to take a reactive approach to cybersecurity, addressing breaches only after they happen. This behaviour is often attributed to several factors, including constrained resources, insufficient awareness among executives, and a lack of a prevalent cyber risk culture.

Trust-Based and Informal Practices:

In numerous communities, the foundations of business and governance often rely on personal trust and informal networks. Although these practices hold cultural importance, they can result in inadequate data management and a hesitance to adopt formal security measures.

Digital Leapfrogging and Its Risks:

Several countries in the Global South have made significant progress by skipping traditional infrastructure and opting for cloud-based or mobile-first technologies. This leapfrogging approach can foster rapid development but also brings about new vulnerabilities that must be addressed by implementing robust cybersecurity frameworks.

3. Adapted Solutions for Preventing Data Leaks

To successfully tackle these challenges, we must implement a robust strategy that is financially sustainable, tailored to our unique context, and capable of widespread application.

1. Strengthen Internal Security Hygiene

Implementing low-cost training programs tailored to local contexts is crucial to improving digital literacy and cybersecurity awareness among employees and the general public. Additionally, free and open-source security tools, such as ClamAV and Snort, can effectively monitor and protect systems without incurring high costs.

Promoting basic cyber hygiene practices is equally important. These include using strong passwords, enabling two-factor authentication, regularly updating software, and encrypting devices, all of which contribute to enhanced security for everyone.

2. Monitor Third-Party Risks

Organisations should prioritise the cybersecurity evaluation of third-party vendors, particularly those that manage sensitive data, as part of their vendor vetting process. Additionally, fostering regional collaboration is essential for sharing threat intelligence and best practices, especially among small and medium-sized enterprises (SMEs).

Developing community-driven platforms where businesses can rate and review vendors based on their security protocols would enhance transparency and accountability in vendor security practices.

3. Employee Cybersecurity Policies

To create an effective cybersecurity training program, it is essential to develop culturally relevant guidelines that are clear and concise and reflect the local languages, norms, and workplace realities.

Additionally, gamified training methods can enhance engagement and retention, making cybersecurity principles more accessible and memorable for participants.

Furthermore, to mitigate insider threats, organisations should implement anonymous reporting mechanisms and provide ethical training, which will help lower the risk of internal breaches.

4. Leverage Threat Intelligence

To enhance cybersecurity efforts, it is essential to establish international partnerships with global alliances and NGOs. Such collaborations can provide access to real-time threat intelligence and technical support.

Additionally, implementing dark web monitoring through affordable or subsidised services allows for detecting leaked data on online forums, facilitating early response measures. Furthermore, supporting the development of National Computer Emergency Response Teams (NCERTs) can significantly improve the coordination and management of national responses to cyber incidents.

5. Strategic Recommendations for National and Regional Action

Governments and regional organisations must adopt a proactive, long-term strategy to establish a strong cybersecurity ecosystem. This approach will enhance security defences and promote collaboration and innovation to effectively address constantly changing threats.

Policy Advocacy

To enhance data protection, it is crucial to reform existing legislation to adequately address contemporary threats and meet international standards. Additionally, it is important to empower regulatory bodies by equipping them with the necessary authority and resources to enforce compliance effectively.

Public Awareness Campaigns:

Engaging with the mass media, such as radio, television, and social media platforms, is essential to effectively promoting cybersecurity awareness.

This ensures that messages are communicated in local languages. Additionally, forming partnerships with civil society organisations can help extend outreach efforts to rural and underserved communities, making cybersecurity information accessible to a broader audience.

Cybersecurity Hubs and Talent Development:

To enhance cybersecurity capabilities in the region, it is essential to establish Centres of Excellence that serve as regional hubs for training professionals, conducting research, and developing tailored local solutions.

Additionally, implementing scholarships and incentives can provide vital financial support and career pathways, helping to retain talented individuals within the area.

International Support and Funding:

It is crucial to use international development programs to fund strengthening cybersecurity infrastructure and capacity-building efforts.

Furthermore, promoting public-private partnerships will foster collaboration among governments, businesses, and international donors, enabling them to effectively combine their resources and expertise.

In conclusion, preventing data leaks in the Global South requires a comprehensive strategy beyond simple technological solutions. It involves understanding local conditions and building institutional capabilities while fostering a culture of cybersecurity.

By adapting global best practices to suit regional contexts, investing in education and training, and promoting collaboration across different sectors, countries in the Global South can protect their digital futures.

This approach will help ensure that the benefits of digitalisation are not undermined by preventable cyber threats.

They include cybercriminals using media to blackmail organisations, reporting alleged data leaks, and purchasing initial access to previously compromised companies on the darknet.

Other threats involve the rise of the Malware-as-a-Service model and attacks via the cloud. This report is a part of Kaspersky Security Bulletin (KSB) – an annual series of predictions and analytical reports on key shifts within the cybersecurity world.

Hacker attacks repeatedly harm individuals, damage corporations, and can even threaten entire countries, and not just financially.

The media routinely report incidents and data breaches that become publicly accessible on the dark web.

This threatens not only personal privacy, but companies’ reputations. As part of the Kaspersky Security Bulletin, the Kaspersky Security Services experts – a group that helps businesses enhance existing security systems and equips them to meet new threats – has reviewed the threats that will be relevant to big business and the government sector this year.

Blackmailing: Hackers’ public posts with a countdown to data leaks

Ransomware actors are increasingly posting about new successful hacking incidents perpetrated on businesses in their blogs – the number of such publications grew in 2022.

The peak number exceeded 500 per month, and this occurred several times between the end of 2021 and the first half of 2022.

This compares to 200 to 300 posts observed monthly by experts at the beginning of 2021. Extortionists were also active at the end last year: in September and November, Kaspersky’s Digital Footprint Intelligence tracked roughly 400 and 500 posts, respectively.

Cybercriminals used to reach the victim directly, but now they post about the security breach in their blogs immediately, setting a countdown timer to the publication of the leaked data instead of privately demanding a ransom.

This dark trend will continue developing in 2023 because this tactic benefits cybercriminals whether the victim pays up or not.

Data is often auctioned, with the closing bid sometimes exceeding the demanded ransom.

Cybercriminals post about fake leaks to boost their reputation

Blog posts about extortion attract media attention, and some lesser-known actors might take advantage of this in 2023, by claiming they have allegedly hacked a company. Whether the hack actually happened or not, a leak report might hurt the business.

The key to staying safe is to identify these messages in a timely fashion and initiate a response process similar to that used in information security incidents.

More personal data leaks, corporate emails at risk

The experts expect the trend of personal data leaks to continue into 2023. Even though it directly influences individuals’ privacy, corporate cybersecurity is put at risk as well.

People often use work email addresses to register with third-party sites, which can be exposed to a data leak.

When sensitive information such as email addresses become publicly accessible, it may invoke the interest of cybercriminals and trigger discussions of potential attacks on the organisation on darknet websites; additionally, the data can be used for phishing and social engineering.

Malware-as-a-service, attacks via cloud and compromised data sourced on the dark web

Experts also expect ransomware attacks to grow in similarity due to the rise of malware-as-a-service (MaaS) tools.

The complexity of attacks will increase, meaning automated systems won’t be sufficient to ensure complete security. Furthermore, cloud technology will become a popular attack vector, as digitalisation brings increased cybersecurity risks with it. Apart from that, cybercriminals will tap dark web sites more often in 2023 to purchase access to previously compromised organisations.

“The threat landscape is rapidly developing, and companies are being forced to adapt quickly. In order to protect a large business or a government agency from trending threats, it is necessary to monitor the digital footprint of the organisation. It is important to be prepared to investigate and respond to incidents, since it is not always possible to stop attackers before they penetrate a perimeter. However, preventing an attack development and limiting potential damage is an absolutely feasible task,” said Anna Pavlovskaya, Security Services Analyst at Kaspersky.