Ignorance remains the greatest risk in the fight against cybercrime

01 November 2017 Johann van Tonder, ASISA
Johann van Tonder, senior policy advisor at ASISA.

Johann van Tonder, senior policy advisor at ASISA.

Phishing, malware and external hacking attempts constitute the bulk of cybersecurity incidents reported to the Cyber Security Incident Response Team (CSIRT) established by the Association for Savings and Investment South Africa (ASISA) last year.

The ASISA CSIRT exists to help member companies combat threats to cybersecurity by encouraging and facilitating the sharing of cybercrime trends and other relevant information. The ASISA CSIRT is one of two industry response teams in existence in the financial sector; the other one is the South African Banking Risk Information Centre (SABRIC).

According to Johann van Tonder, senior policy advisor at ASISA, many of ASISA’s member companies have also established internal cybersecurity response teams with representation on the ASISA CSIRT.

Van Tonder says achieving resilient cybersecurity is a top priority for the savings and investment industry. “In financial services the trust of customers is key. Therefore, protecting confidential customer information from cyberattacks is our number one priority.”

He says intra-sector collaboration in the fight against cybercrime is critical since a single serious breach of cybersecurity is likely to impact on the reputation of the entire industry.

Incident reports collected by ASISA from member company response teams since October last year show that ignorance remains the greatest risk in the fight against cybercrimes.

“Even the most sophisticated systems designed to detect and prevent breaches of cybersecurity will fail if employees are not trained to recognise potential risks. All it takes is a click on a compromised link or the sharing of sensitive information as result of an undetected phishing attempt.”
Van Tonder emphasises that raising awareness of cybersecurity risks amongst staff is therefore a high priority for member company cybersecurity response teams.

He points out that one of the interesting new trends noticed by members of the ASISA CSIRT is an increase in phishing attempts, mostly from foreign countries, disguised as LinkedIn requests.

“These foreign LinkedIn requests are being distributed by an automated process, using company information that was scraped off LinkedIn profiles.”

He says once a trend or a specific modus operandi becomes apparent from collated data, all member companies are informed of the emerging cyber threats, enabling them to tighten their defences.

Since tapping into international best practice is important in the upskilling of key employees tasked with cybersecurity, ASISA will host two cybersecurity experts from the Netherlands next month who will present a training course to employees of interested ASISA members.

ASISA is also represented on the Cybersecurity Working Committee of the International Investment Funds Association (IFFA). The IIFA consists of 41 domestic and regional investment funds associations from around the globe, including ASISA, representing assets under management of US$44.7 trillion as at the end of the second quarter of 2017.

The ASISA CSIRT will represent member companies at an industry level in interactions with the Government and regulators once the relevant structures have been established in terms of the Cybercrimes and Cybersecurity Bill.

Quick Polls


How confident are you that insurers treat policyholders fairly, according to the Treating Customers Fairly (TCF) principles?


Very confident, insurers prioritise fair treatment
Somewhat confident, but improvements are needed
Not confident, there are significant issues with fair treatment
fanews magazine
FAnews June 2024 Get the latest issue of FAnews

This month's headlines

Understanding prescription in claims for professional negligence
Climate change… the single biggest risk facing insurers
Insuring the unpredictable: 2024 global election risks
Financial advice crucial as clients’ Life policy premiums rise sharply
Guiding clients through the Two-Pot Retirement System
There is diversification, and true diversification – choose wisely
Decoding the shift in investment patterns
Subscribe now