While cyber crime cost government, telecommunications and the financial sector R2.65 billion, between January 2011 and August last year, SA has an "apparent lack" of focus on information security, a new report has revealed.
Wolfpack's research into cyber crime in SA, the South African Cyber Threat Barometer for 2012/13, says, based on government's average recovery rate of 75% and similar case study recoveries, the estimated net loss to SA's economy is around R662.5 million.
The report, sponsored by the British High Commission, argues SA's economic growth depends on attracting new business, which implies a stable e-infrastructure, including network bandwidth, resilience and the ability to respond to cyber incidents within hours rather than days or weeks.
Craig Rosewarne, MD of Wolfpack Information Risk, says cyber crime is a threat to economic development and foreign direct investment, and there is a lack of senior level leadership to tackle the growing problem.
"SA has the opportunity to become the leading nation on the continent in terms of information security innovation. The apparent strategic lack of focus on information security priorities (in particular cyber security and cyber crime arenas) may eventually hinder economic development due to direct financial losses from cyber crime, and loss of confidence of local and foreign investors," says the report.
However, with tighter local and international legislation on the horizon, South African companies may also be unable to meet the costs and complexities associated with compliance, says the report.
On the increase
The report cites Norton's Cyber Crime Report for 2012, which shows cyber crime is enjoying exponential growth at rates never seen before, with 556 million victims a year, at a global cost of $110 billion.
"While we cannot provide an accurate figure for the cost of cyber crime in SA, we can state that, based on input from the stakeholders we interviewed, there is no doubt that activity in all sectors has definitely increased from 2010 onwards."
Despite increased sophistication in other types of cyber crime methods, phishing still remains the most common attack method targeting most sectors in SA. Inadequate control and abuse of system privileges was the second most common method of attack in SA and more popular in the finance and government sectors.
According to the Symantec Intelligence Report from June 2012, SA was the second-most targeted country, with one in 170.9 e-mails identified as phishing attacks. One in every 1.48 e-mails was considered spam, which made up 67.8% of all South African e-mail traffic throughout July 2012.
Malicious software came in third on the list and can be rated as having a high likelihood of being used in an attack, as it has been leveraged for both espionage and infrastructure attacks.
Worrying attacks
The threat of denial-of-service attacks and the unavailability of ICT were cited as the highest potential cyber threats affecting the finance and government sectors, and ranked highly for the telecommunications sector as well.
Intrusions and economic fraud were ranked as the second highest potential cyber threat to SA.
Wolfpack's research found that, although software and security technology has improved, logon credentials are the main information asset targeted or compromised during a cyber attack. Following this are bank account details including PINs, one-time passwords, client profiles such as beneficiaries, and credit card details.
Personally identifiable information is the third most sought-after information asset and highlights that privacy concerns are becoming a high priority in SA, says the report. "We believe this will further increase in importance once the Protection of Personal Information Bill is enacted."
Cyber vulnerabilities include inadequate maintenance, monitoring and analysis of security audit logs, which was cited as the most common vulnerability in most sectors in SA. User awareness was also raised as a serious issue.
Rosewarne says the company is working with government - department by department - to tackle the threat, although this is a slow process. "There are good things happening," he says, although this is often at lower levels.
The report calls for the introduction of a national Computer Security Incident Response Team (CSIRT) to assist organisations with incident management and provide "much needed intelligence regarding the threat horizon facing SA". This facility would also provide crucial support and coordination in the event of increased cyber attacks against the country's resources, notes the report.
Wolfpack says the lack of a CSIRT was identified as a major problem, as there is no centralised source of information to provide a clear view of cyber crime and cyber incidents in SA.
Share