The true amount of money that SA loses to cyber crime every year is not known, says security expert and Wolfpack Information Risk MD Craig Rosewarne.
Rosewarne was responding to the 2012 Norton Rose Fulbright cyber crime report that has ranked SA third in terms of cyber crime, after Russia and China. According to the report, SA loses R1 billion every year to cyber crime.
Rosewarne says a similar report released by Wolfpack Information Risk last year, shows SA loses an approximate R2.65 billion every year, with an average recovery rate of 75%, resulting in the final loss figure to be estimated at R662.5 million.
However, he points out that victims of cyber crime have confidentially shared amounts lost by them after the report was published, which shows the figures are a lot higher in reality. "The truth is that no one actually knows what the true figure is." Rosewarne says it can safely be said the amount lost in 2013 will be significantly higher than last year, as cyber crime continues to grow at a rapid pace.
SA is an easy target for cyber attacks, along with the rest of the African countries, says Rosewarne. He explains that the problem is not only SA's inability to fend off cyber attacks, but also an inability to respond and apprehend the criminals. "We have seen success stories [in SA] of criminals being apprehended, but we still have a long way to go."
Norton Rose Fulbright director Rohan Isaacs notes SA is reportedly among the highest targeted countries in the world for phishing attacks. "Although astonishing to some, 419 scams remain lucrative for online fraudsters. People are duped daily into believing they have won lotteries they did not enter, that they have inherited millions from relatives overseas they have never heard of, or that complete strangers are prepared to share a pot of gold with them for no apparent reason," he says.
He points out that cyber crime is insidious, because its effects are less dramatic than violent crime, which has a hold over popular consciousness.
Legislation challenges
Isaacs says while the aims of SA's cyber security policy framework, approved by Cabinet in March 2012, are laudable, the policy lacks detail on firm steps to be taken to achieve these things and since inception little progress appears to have been made. "This is unsurprising, because the task is stupendous. New, tougher laws by themselves will not enhance safety in the Internet environment any more than they would in the physical world."
SA is battling to catch up, says Rosewarne. He says government is attempting to address the problem of cyber crime far too late and needs to urgently raise awareness at a national level. "I don't think people realise the seriousness [of cyber crime]."
According to a recent survey done for Lloyds Risk Index 2013, cyber risk is one of the three biggest concerns for CEOs and senior executives worldwide. The study shows cyber risk increased in importance from 19th in 2011 to third in 2013.
Rosewarne says government needs to take the lead in terms of strategy and engage with the private sector on how cyber crime can be curbed. "Awareness is also a big issue. It has to go further than businesses, into universities and into schools. People need to realise how big the problem is." Furthermore, he says there should be more emphasis on training and boosting the number of skilled people in the country to fight cyber crime.
Share