Subscribe
  • Home
  • /
  • Security
  • /
  • Cyber crime now a serious and costly threat in South Africa

Cyber crime now a serious and costly threat in South Africa


Johannesburg, 17 Oct 2012

It is estimated that R25 billion of government's annual procurement budget is lost to corruption and other factors. Cyber crime is fast becoming a serious and costly threat in South Africa where there are 6.8 million Internet users and 341 organised crime groups.

Craig Rosewarne, managing director of Wolfpack, a local company focused on information risk research, training and awareness solutions, told delegates at an information security seminar organised and hosted by enterprise software specialist NetIQ that the Internet is being used not only for good, but also for evil.

An EMEA director of the SANS Institute, which is a global leader in information security and forensics training, Rosewarne said a comprehensive study of cyber crime has been conducted in South Africa, which helps to shed light on some of the challenges facing the country.

The most vulnerable victims of cyber crime are the elderly, children and people living on the poverty line, who, if scammed, have little chance of recovering the loss. Rosewarne also warned of the dangers of sharing too much personal information on social networking sites, as it was easy for criminally minded persons to track down and take advantage of people and their families.

"Not much progress has been made to stifle cyber crime in South Africa. The Department of Communications recently published a cyber security policy framework, which was signed off in parliament at the beginning of 2012, but many challenges still lie ahead," said Rosewarne.

Through research funding received from the British government, a comprehensive cyber crime report was completed at a national level for South Africa, following models used within the US, the UK, Brazil, Russia, China and 10 other African countries.

"Recommendations have since been made to a spread of key people in government, banks, telecommunications and mobile service providers. Universities and industry bodies were approached for input and the final report truly represents the state of cyber security in South Africa. Over 400 gigabytes of data were analysed to generate the final report, which is freely available for download off the Wolfpack site."

For organisations, a "security thermometer" based on pertinent questions regarding cyber threats was created and key elements of cyber crime in major countries were summarised, resulting in the identification of the top five cyber threats for government and business, as well as initiatives to deal with these threats.

Rosewarne said the key issues are to prevent, detect, investigate and prosecute. Others include threat management, skills and technical training for the police and prosecutors, and general awareness because there were weak detection mechanisms in most sectors generally with the exception of the banking industry, which has established good security systems to counter fraud.

South Africa has no national computer security incident response team (CSIRT) and Rosewarne stressed that cross-industry collaboration and improved, streamlined processes are required to fight cyber crime.

"Smaller cases are neglected and there is a lack of cyber crime statistics. Legislation also needs revision and updating as cyber crime cases are diluted with common law so that only five to 10 percent of cases reported ever get to court."

Initiatives that have been proposed include cyber threat research and the establishment of a national cyber crime framework and academy to overcome the shortage of deep specialist skills. Rosewarne said there is insufficient regulation on creating the required skills; an elite team of experts is needed and there is an initiative under way to encourage universities to create courses focused on combating cyber crime and boosting baseline skill levels.

"Currently, we are in reactive mode and the weakest link in most companies is security awareness, planning and implementation. Critical security controls are essential for effective cyber security and we should be considering a co-ordinated centre to assist companies that are attacked by cyber crime."

Share

NetIQ

NetIQ is an enterprise software company with relentless focus on customer success. Leveraging its WorkloadIQ approach, NetIQ helps customers cost-effectively tackle complex information protection challenges such as FISMA, FDCC/SCAP, PCI, DSS, HIPAA, SOX and NERC CIP and securely deliver and manage computing services across physical, virtual and cloud computing environments.

Editorial contacts