Given the unprecedented increases in the variety and aggressiveness of cyber-attacks since 2012, it will take decisive leadership and public-private collaboration to turn the tide. Building security into government IT processes and integrating these with existing technology infrastructure and investments has never been more critical.
Driving this need is the exponential growth of data centre transformation, virtualisation, social business, mobility and attack sophistication. Consider the data collected and utilised by government departments. The reputation and integrity of an entire government could be at risk if the public questions the credibility of the data produced or processed by this department.
Need for visibility
Security leaders in governmental departments, who need to take innovative steps to secure their systems, first of all need to “know what they don’t know”. Secondly, they need to take cognisance of the fact that most IT security processes are about dealing with a breach after the fact – maintaining compliance, rather than truly knowing what attacks are happening in real time.
Moving to a more responsive approach requires a mind shift to understanding the kinds of attacks, and using technology to protect, monitor and gain insight on the threats targeted at the particular government department.
External and internal threats are equally dangerous. Externally, becoming the target for cyber-crime will expose our government to advanced, persistent threat, and careful monitoring of its policies, procedures and behaviours will be maintained with the murky goal of gaining access to vital government systems. The same applies to business – big and small.
Internally, the threat is most dangerous when it comes to privileged users, who have access to high-level information, and who have the ability to remove forensic evidence of cyber-crime.
There is no uniform security strategy that would fulfil the needs of all organisations – and especially across widely differing government departments, but security intelligence as an approach is gaining traction and acceptance as a means to identify which threats are most important to the country.
Increased budgets are being assigned to enterprise network security worldwide, with the IDC estimating this market to explode from $10 billion this year to $12.5 billion by 2015. Signs of the time are that the public and private sectors see the need to take a more proactive, integrated and strategic approach to security.
The 2012 SA Cyber Threat Barometer research report, supporting Cabinet’s policy framework with SACCI and ISGA (the Information Security Group of Africa), cites the country’s main information security concerns as denial of service, economic fraud and the theft of confidential information, targeted mainly via internet banking, ecommerce and social media sites.
The report, generated by Wolfpack Information Risk, concurs that incidences of cybercrime are on the increase across all three sectors interviewed, namely key stakeholders from the South African government, banking and telecommunications sectors.
The estimated price tag of cybercrime to these sectors within scope of the research accumulated to R2.65 billion. At an average recovery rate of 75%, the actual loss figure is around R662,5 million. To make matters worse, individuals and SMEs that incur cybercrime losses under a certain financial threshold are very much left to fend for themselves at this stage.
Stealing of confidential information and the leakage of sensitive documents are real concerns for South Africa, where just under 14% of roughly 49 million citizens have access to the Internet and about 5 million are on Facebook. Humans are the weakest link and Social engineering the problem.
Internet banking remains the number one targeted cyber service in South Africa. The expected availability of social media by employees in the Telecommunications sector and breaches of confidentiality through this medium are of particular concern.
A short supply of experienced computer forensics, incident handlers and secure software coding skills, combined with a dearth of security awareness and expected influx of new broadband subscribers, may cause a rise in cybercrime and attacks going forward. This begs the case for shared intelligence through improved collaboration between the government and the private sector.
Considering SA’s position as a developing country, our regulatory and legislative framework for information security compares well against similar nations: it is in implementation of good practice that our heels drag.
So while internal monitoring of suspicious transactions and general use of internal and third-party fraud detection mechanisms remain most effective in detecting cyber-crime, there should be a final curtain call for increased collaboration on public-private initiatives.
Joe Ruthven, business unit executive at IBM Security Systems Middle East and Africa