Subscribe

Personal info at risk in SA

By Fay Humphries, Events programme director
Johannesburg, 17 Apr 2015
Survey reveals shocking infosec vulnerabilities in SA, says Ignus Swart, senior information security specialist: cyber defence unit, at the CSIR.
Survey reveals shocking infosec vulnerabilities in SA, says Ignus Swart, senior information security specialist: cyber defence unit, at the CSIR.

Research into SA's national ICT infrastructure has revealed some disturbing security vulnerabilities.

Conducted by the Council for Scientific and Industrial Research (CSIR), the results of the research will be discussed by Ignus Swart, a senior information security specialist at the CSIR's cyber defence unit, at the upcoming ITWeb Security Summit 2015. It will take place in Johannesburg next month.

Commenting on the research, Swart says: "First, our lack of a national cyber security policy makes it very hard to hold individuals and companies responsible for the security of their systems.

"Secondly, from the results of the study, it was shocking to see how much personal information is at present available in South Africa. The complete datasets of two relatively large insurance companies was reported unencrypted online.

"Consider that the typical person has a normal response rate of approximately 3% to phishing attempts. The moment personal information is added to the phishing e-mail, the response rate is significantly higher, at 70%. While this is not a definite indicator that a breach will occur, it does significantly raise the probability an attack will be successful in virtually any company in the country."

The research originated three years ago, with the intent to visualise the cyber security state of SA from open source data. In order to achieve the objective, the study first identified potential data sources that provided information at an organisational and a national level. These sources were manually examined to determine the characteristics of the data as it relates to SA.

"Finally, the research team made use of data fusion techniques, traditionally used by domains such as electronic warfare, to fuse data sources together for situational awareness," says Swart.

ITWeb Security Summit 2015

The 10th annual infosec event from ITWeb is a 'must-attend' experience for every IT and security professional and senior manager with business and information management responsibilities. Click here to register.

"The 27 data sources examined were selected to cover as much of the possible attack surface of a country as possible. South Africa, much like any country in the world right now, has a lot of potential vulnerabilities. What is disturbing to notice, however, is the amount of well documented, relatively easily corrected vulnerabilities that do not get resolved," Swart explains.

To learn from his presentation at ITWeb Security Summit 2015, click here to find out more and register to attend the event.

Share