• Mandy Duncan

By Mandy Duncan, Country Manager, HPE Networking South Africa 

For South African IT teams in 2026, cyber defence is akin to defending a goal line with an outdated playbook. The formations are familiar, the instincts well-rehearsed, but the opponents have levelled up their standard of play. The old ways of holding the line are no longer enough. 

HPE’s recent cyberthreat research report, In the Wild, reveals why the rules of cybersecurity have decisively shifted. This is not the result of a single breakthrough exploit, but the culmination of years of evolution that have finally reached scale. Threat actors are no longer just “more sophisticated”, they are organised, coordinated and operationally disciplined, functioning with the structure and intent of scaled enterprises. 

This advanced form of cyber warfare is already intensifying across Africa. Cyber-enabled crime has moved firmly into the mainstream, accounting for close to a third of reported offences in some regions. And as one of the continent’s most digitally connected economies, South Africa has become a prime target. So much so that cyber incidents now rank above loadshedding and political instability as the most significant risk facing local businesses.  

For defenders, the assumption that attacks are isolated, opportunistic or containable no longer holds. Indeed, the traditional rules of network defence are quickly becoming ineffective. 

The industrialisation of cybercrime 

Today, just a single successful breach of a South African enterprise can generate tens of millions of rands, transforming cybercrime into a high-reward, low-friction business model. The most impactful attacks are no longer the work of isolated actors, but of organised syndicates that operate like global enterprises, with defined roles, structured processes and clear commercial objectives. 

From reconnaissance and planning to exploitation, monetisation and even negotiation, each stage is coordinated and repeatable. While many tactics remain familiar, what has changed is the precision and consistency of their deployment.  

Automation and artificial intelligence have lowered barriers to entry while dramatically increasing speed and reach, enabling attacks to be launched at scale, refined in real time and adapted mid‑campaign. In its 2025 Africa Cyberthreat Assessment Report, Interpol already points to the growing impact of AI‑assisted cybercrime across Africa, underscoring how quickly these capabilities are being adopted. 

The result is a fundamental change in the economics of cybercrime. The potential fallout has escalated, while the effort required to sustain attacks has declined. The pressure on defenders is no longer episodic, but relentless. 

Sophisticated threats still win with simple tactics 

Yet for all the sophistication of today’s threats, one uncomfortable truth remains: attackers continue to succeed by targeting long-standing vulnerabilities. 

Many tactics, such as ransomware, phishing and credential theft remain persistently effective, not because they are more advanced, but because they are consistently applied against known weaknesses. Unpatched systems, weak credentials and inconsistent access controls still provide reliable entry points.  

This challenge is especially acute for organisations with large, distributed networks and critical responsibilities. In these environments, gaps in visibility or policy enforcement create systemic exposure. What starts as a small entry point can quickly escalate into something far more consequential.  

This is the paradox of modern cybersecurity. While attackers have evolved in scale and coordination, they often don’t need to innovate to succeed. Defenders, meanwhile, are frequently caught up in chasing new threats, instead of fixing foundational gaps. And often, the most dangerous threat is not the unknown, it is the one we assume has already been solved. 

This is why cybersecurity can’t be treated as a checklist. It must be an organisational, ground-up mindset that evolves as quickly as the threat landscape itself.  

Geography matters less 

Cybercrime may be global, but its infrastructure is increasingly geographically fragmented, with attacks originating from anywhere hostile systems are allowed to operate. In some small markets, weak oversight and the availability of “bulletproof” hosting have enabled disproportionately high levels of attacker activity.  

As a result, traditional assumptions about attribution no longer hold and blocking traffic by location is increasingly ineffective. The focus must shift from where attacks originate to where they are allowed to persist, requiring greater reliance on behavioural insight, intelligence sharing and real‑time analysis rather than static indicators. 

Defending the new digital frontier 

What, then, does this new reality demand? 

First, visibility. Organisations cannot defend what they cannot see. That means understanding not just incoming network traffic, but what “normal” looks like and identifying anomalies in real time. 

Second, collaboration. Attackers already operate as coordinated networks, sharing tools, infrastructure and intelligence. Defenders must do the same across teams and across industries, making intelligence sharing and operational alignment a baseline capability. 

Third, agility. Static defences cannot keep pace with dynamic threats. Networks must be able to adapt, respond and recover in real time, with AI‑native platforms acting as force multipliers for detection, decision‑making and mitigation. 

Finally, integration. Security can no longer be retrofitted. It must be embedded into the network fabric itself, designed to detect and respond across every layer. 

In this environment, integrated, self-detecting and remediating AI‑native network security is no longer aspirational, it is the new baseline, and a critical enabler of the self-driving network. 

HPE’s cyber threat research makes it clear: The real risk in this new era of cybercrime lies not just in the rise of AI‑driven attacks, but in the scale and maturity of the ecosystems behind them. As cybercrime evolves into a coordinated global industry, defence must match it in discipline, intelligence and intent. The South African IT teams that succeed won’t be those with the most tools, but those that understand the new rules of the game and have the conviction to leave outdated playbooks behind. 

INFO SUPPLIED