Over 1.1 million cyberattacks on Namibia

Namibia experienced over 1.1 million cyberattacks and incidents in 2024.

Certified fraud examiner Melanie Meiring says these incidents involved businesses, government entities and individuals who fell victim to fraud, phishing scams and ransomware attacks.

“In 2024, Namibia recorded over 1.1 million cyber incidents, with Telecom Namibia (TN) suffering a major breach that exposed over 626 gigabytes of sensitive data,” she said last month.

Meiring highlighted that many other countries have had cybersecurity laws in place since 2018, but Namibia is still in the process of finalising its approach.

“In the meantime, cybercriminals continue to exploit weak security systems, outdated controls and untrained employees, leaving both private businesses and government entities exposed,” she said.

The Communications Regulatory Authority of Namibia (Cran) yesterday said the 1.1 million figure does not account for the total number of attacks Namibia has experienced.

“The statistics provided are limited to the distribution of the specified incidents or attacks as indicated in the referenced report.

“The specified incidents were identified from external network endpoints, and they do not include all incidents that might have occurred within the internal networks of organisations, such as phishing, compromised accounts, spoofing, etc.,” said Cran spokesperson Mufaro Nesongano.

Nesongano said the Namibian Cybersecurity Incident Response Team (Nam-CSIRT) is in the process of finalising the full landscape report for 2024.

“The scope of the statistics will expand as more cyberattack feeds are obtained and as constituents report cyber incidents to Nam-CSIRT,” he said.

Two telecommunications companies have been hacked over the last three months – TN and Paratus Namibia. Paratus last week reported a cybersecurity breach that compromised 84 gigabytes of data.

In December, some Namibians woke up to their personal information, including identity documents, bank details and customer contracts, and internal budget reports covering TN’s operations between 2021 and 2024, making the rounds on the internet.

This was after TN was hacked by Hunters International and lost data worth N$5.4 billion (U$300 million).

On Monday, information and communication technology deputy minister Modestus Amutse launched the Enterprise Risk Management framework to mitigate the cyberattack risks Namibia faces that could hinder their ability to achieve these objectives.

“These risks range from cyberthreats and data breaches to technological obsolescence and project implementation challenges,” he said.

Cybersecurity expert Nrupesh Soni yesterday said Namibia’s cybersecurity landscape continues to face significant challenges, primarily due to a lack of awareness and insufficient investment in security infrastructure.

“Many organisations still perceive cybersecurity as an information technology issue rather than a business risk, resulting in minimal budget allocation and inadequate security frameworks,” he said.

Soni said there is a glaring skills shortage, with very few specialised cybersecurity professionals in the country.

“This gap is further compounded by outdated systems that are vulnerable to increasingly sophisticated cyberthreats,” he said.
Another critical issue he pointed out was the absence of a centralised national cybersecurity strategy.

“Namibia lacks a dedicated computer emergency response team to coordinate responses to cyber incidents and share threat intelligence,” he highlighted.

Soni agreed with Meiring regarding Namibia’s lack of a cybersecurity law.

“While regulations are slowly catching up, enforcement remains weak, and compliance is often superficial, more as a formality than an actual practice,” he added.