As technology is taking over the world, cybercrime is becoming more pertinent and cyber criminals are becoming quite brazen. At a recent cybercrime briefing, which was organised by Allianz and hosted by Clyde & Co, it was highlighted that cybercrime is becoming a serious threat in the financial services industry with many boardrooms across Africa at pains to come to terms with the threat and what it entails.
The daily grind
The growth of technology has enabled criminals who find that they now have an easy and anonymous launch pad to commit crimes unseen and often unnoticed until it’s too late.
Nicole Gabryk, Senior Associate at Clyde & Co pointed out that in 2015 alone, there were over 3 930 incidents. “In terms of protection against cybercrime, those preventing it need to be as busy – and sometimes busier – than those perpetrating the crimes. In terms of the establishment of legal frameworks to prevent these crimes, the US and UK are leaps ahead of the rest of the world,” said Gabryk.
She added that the true cost of cybercrime impacts companies more than they realise. Costs which are not immediately considered include reputational costs, day-to-day business costs, investigation costs, contractual costs, notification costs as well as regulatory and litigation costs.
A useful yardstick
One of the biggest things that cyber criminals target is sensitive client information. The protection of this information is central to any business and is protected by law in most global destinations.
The same will ring true for South Africa once the Protection of Private Information (POPI) Act is promulgated in its entirety. As of now, Pansy Tlakula has been appointed the regulator of the organisation that will enforce the POPI Act. She has in the past indicated that it would take two years from the time of her appointment to get all proper procedures in place, so we are looking at the full implementation of the Act at the end of 2018.
It is most likely that POPI will look similar to the UK Data Protection Act when it comes to best principles. Christopher MacRoberts, Senior Associate at Clyde & Co, pointed out that this would not be a bad thing.
“UK best practice principles point out that inventory of the collected information needs to be taken. Following this, risk assessment of the information needs to be conducted. Technological measures need to be implemented and employees need to be made aware of the sensitive nature of the information. The system administrator then needs to make sure that there is limited access and password protection and that audit logs to be put in place. This may seem like a very involved process, but it is necessary and has worked for Britain,” said MacRoberts.
More weight
There is also a strong possibility that POPI will be guided by the Cybercrimes Securities Bill.
Hugo Mare, an Associate at Clyde & Co, points out that this bill is extensive in nature and leaves perpetrators in no doubt about the seriousness of the offence that they committed.
Cybercrimes will be defined as, among other definitions, as :
– the unlawful securing of access, acquisition, interference with data or computer
systems;
– the unlawful acquisition, possession, provision, receipt, or use of passwords and
– Unlawful acts in respect of hardware or software tools.
Punitive measures for such offences are also significant. Measures include a fine and/or imprisonment of between 5 and 15 years.
Cyber offences will be defined as, among other definitions, as:
– A data message which is harmful or incites damage to property; and
– The distribution of a data message of intimate images without consent.
Punitive measures include fine and/or imprisonment not exceeding 3 years.
Editor’s Thoughts:
While there is uncertainty surrounding the POPI Act, we are receiving useful information and guidelines which will influence the act. Hopefully, overtime, South Africa can catch up with the US and the UK and be leaders in fighting cybercrime. Please comment below, interact with us on Twitter at @fanews_online or email me your thoughts jonathan@fanews.co.za.
Comment on this post