With crime being increasingly prevalent in South Africa, the necessary steps should be taken to avoid the harsh rulings and penalties of legislation. If not for that, organisations should take the necessary steps to protect themselves and their clients.
FAnews spoke to Simeon Tassev, Director at Galix, a company which aims to provide organisations with world-class communication and information security solutions, and Candice Sutherland, Business Development Consultant, at SHA about cyber security threats and how organisations can deal with data breaches.
Victim of cybercrime
Based on 806 responses from 54 countries, the PWC biennial survey reveals that in South Africa, the top three risks for the insurance industry are cyber risk, regulation and the macro-economy.
The Norton by Symantec Cybercrime Report ranked South Africa third in the world in terms of computer virus and malware crime capitals and claims that 84% of South African adults surveyed were victims of cybercrime. The financial impact of cybercrime in South Africa in 2014 was R5.8 billion.
Grant Thornton’s International Business Report (IBR) on cyber security revealed that one out of every 10 South African private sector businesses have experienced a cyber-attack in the past year, as compared to a global average of 15%.
The Symantec 2015 Internet Security Threat Report says that in 2014 there was a 70% increase in scams shared by your own friends on social media, nearly one million new pieces of malware are released every single day, one in six android apps turned out to be malware in disguise and 45 times more people had their devices held hostage.
Opinion versus reality
Sutherland believes many small and medium-sized enterprises (SMEs) have the mistaken opinion that they are not the targets of cyber criminals, while in reality they are equally as vulnerable to such syndicates/scams as big corporate companies.
“Accidental breach by employee error or intentional breach by employee misuse is the number one cause of data breaches followed by negligence on the part of the organisation or individual, competitors and lastly hackers,” she said.
“Common reasons for a breach include unauthorised access by insiders intending to steal company data and phishing attacks, when third parties send spam emails designed to trick employees into giving up their personal information and employees accidentally sending an email with sensitive information to someone outside the company,” said Tassev.
Security posture
“Every single user of technology must be aware of the risks of exposure to cyber threats, and should be educated about the best practices to adopt in order to reduce their “attack surface” and “mitigate the risks,” said Tassev.
Sutherland said the risks an individual and/or company are exposed to are, inter alia:
• System unavailability and downtime;
• Starting from scratch – rebuilding entire website;
• Business being held to ransom;
• Loss of revenue;
• Loss of data;
• Reputational damage and costs associated with looking to reduce the impact of a breach;
• Loss of competitive advantage;
• Loss of consumer trust;
• Industry and regulatory fines and penalties (PoPI); and
• Litigation arising from compromised data.
Creating a culture of security
Both Tassev and Sutherland believe staff training and awareness is paramount. “Education and training is essential to creating a culture of security that assumes a fundamental role in the workplace. Every member of an organisation must be involved in the definition and deployment of a security policy and must be informed on the tactics, techniques and procedures (TTPs) belonging to the cybercriminal ecosystem,” continued Tassev.
“Organisations should ensure that any device on a company network has adequate security protection that is up to date. Businesses should also enforce effective password policies, learn how to remote wipe devices, be aggressive when updating and patching, guard personal data and safeguard themselves with a Cyber Insurance policy,” said Sutherland.
“Businesses would do well to underpin any technical solutions with security policies that spell out to staff what they can and cannot do and what their responsibilities are to keep business systems and data secure. It is good to consider how to further protect sensitive data using encryption and secure passwords,” continued Tassev.
Sutherland mentioned that government has started focussing on cybercrime as a real threat but it is going to take time to train and equip law enforcement with the necessary skills. “Centres like the Cyber Security Hub have been established and the National Cybersecurity Policy Framework (NCPF) charged with the coordination of cybersecurity related matters in South Africa.”
Editor’s Thoughts:
Tassev said cyber security needs to be tackled from all angles. It is evident that preventative measures need to be applied and implemented for businesses to adequately protect themselves from financial losses incurred by deviants who are out to commit fraudulent activities. Please comment below, interact with us on Twitter at @fanews_online or email me your thoughts myra@fanews.co.za.
Comment on this post