If the 2013 Norton Report on the scale of cyber-crime in South Africa is anything to go by, it is obvious that cyber-crime has reached levels of high proportions in South Africa and any business no matter how small or big cannot afford to turn a blind eye. To pray and hope that your system will never be tempered with by these sophisticated criminals is a noble idea but the reality is that no one is safe. Cyber criminals are having a field day leaving behind trails of broken hearts and raided bank accounts.
The recent story published in the Sunday Times of a Cape Town father who lost over R900 000 of his pension money due to a hacked email system of the business he was dealing with is not just heart-breaking but a wake-up call for the business industry in South Africa and society at large.
If businesses claim that customers come first, can South African businesses confidently claim to protect customer’s sensitive information all the time? According to the US based Center for Strategic and International Studies just last year, 2014, over R5 billion in losses was related to cyber-crime that happened in South Africa. Matter of fact, in 2013, South Africa was rated third in the world after Russia and China, says the Norton Report. Surely, this can’t be right. This festive season we are bound to witness an unprecedented rise. The business, the rush and a huge appetite for spending is an opportune time for cyber criminals to hunt for vulnerable businesses to cash in this festive season.
The obvious answer is that businesses need to protect themselves. Government is currently working on a legislation to tighten cyber-crime law and implementing measures to stay ahead of cyber criminals, according to State Security minister David Mahlobo. The Business Day reported that service providers of electronic communications will be obliged by the bill to address issues relating to cyber security and failure to comply with them will be a criminal offence. The bill also focuses on the use of the internet for terrorist purposes, criminalises computer hacking and the unlawful acquisition of sensitive data and makes the unlawful interception of data a criminal offence. It also deals with “malware” such as viruses, worms, logic bombs and trojan horses, making it a criminal offence to create, obtain, sell, purchase or use such.
This is definitely a step in the right direction by the government as the seriousness of this crime is not in doubt and its sophistication is bound to escalate in 2016 and beyond. Internationally, the US and China recently reached an agreement to cooperate in clamping down on this crime. This shows even the unlikely partners in international politics realise that fighting this scourge is a collective effort. Globally, cyber-crime costs economies about $445 billion a year, says the Center for Strategic and International Studies.
Until such time as all businesses, small and large, adopt a holistic approach to cyber security and budget to protect their information, we will continue to suffer at the hands of cyber criminals – many of whom do not even reside in our country.
As a business that operates all over the country, what we have also discovered is that some of our prospective clients tend to be nonchalant on the need to invest in credible cyber security, citing costs or even regarding it as a “nice to have” and not really a necessity. What we have also found is that some businesses try to take a cheaper route by purchasing and downloading ‘security” software online. This cannot be regarded the safest as some of these software’s come with their own inherent risks to business.
Implementing safe guard measures should be seen as a business problem to solve rather than an only I.T. department problem.
Businesses should ask themselves some simple questions; how sure are you that no one is watching or monitoring your information? How safe are the sensitive details of your customers? Can you be certain that information is not being manipulated within your organization? What sensitive information Backup Solutions do you have in place? Can you really say your company’s sensitive data stays confidential?
While businesses ask themselves these questions they should also consider following this process:
1. Conduct cyber security assessments: This should include an assessment of people, technology and processes.
2. Identify the vulnerabilities; Make sure that you recognize and understand the most vulnerable areas or systems within your business.
3. Monitor business critical systems; systems that host and process information that is critical to business operations.
4. Put security policies in place and drive security awareness programs for staff; from the cleaner to board members.
5. Employ early warning signals into your environment; This should highlight abnormal activity of systems and this will allow business to act before falling victim to cyber crime
6. Safeguard your systems and information with the most relevant cyber security technology tool sets.
7. Practice sustainable annual periodic cyber security measures; Business should embrace that security is not a once off activity.
When businesses draw their attention to safeguarding “their cyberspace”, businesses will realize reduced costs related to managing risks and streamlining businesses processes. This proactive step will allow compliance with legislation like the POPI act and the Cyber Crime Bill which will soon to be enacted, therefore businesses will not only be less prone to been hacked, paying fines and or engaging in legal battles for noncompliance with relevant legislation, businesses will operate securely in cyberspace.
Contributed by Carl Uys, founder and CEO of cyber security specialists Bowline Security.