SA is in the group of countries with the highest infected rates globally and there isn't much being done about it, says Khomotso Kganyago, chief security advisor at Microsoft SA.
Speaking at ITWeb's Security Summit last week, Kganyago quoted Aida Opoku-Mensah, director of ICT, science and technology at the UN Economic Commission for Africa, as saying that combating cyber crime has so far been left to the private sector.
SA's network readiness is dropping, according to Kganyago. In terms of the network readiness index, where smaller numbers are better, SA's rank was 52 in 2008/9 and 62 in 2009/10. However, network readiness is improving in every segment, except for government.
Government readiness changed from 78 in 2009/10 to 92 in 2010/11, while business readiness improved from 43 to 40, and individual readiness also improved from 115 to 113.
Infected SA
Infection rates in SA are continuously increasing, and SA is the third most attacked country after the US and UK, said the security advisor. However, SA does not feature in the list of the top 10 attack sources.
He added that SA ranks 25th on the list of locations with the highest infection rates by computers cleaned per mille (CCM) in the second quarter of 2010 for malicious and potentially unwanted software.
The worldwide bot infection rate for the second quarter of 2010 by CCM was 3.2 (1 000) and SA's was 8.4.
He added that phishing through social networks jumped significantly from 8.3% in January to 84.5% in December 2010. Detections of adware increased 70% during the second half of the year.
Cyber offences
For the future landscape, Kganyago predicted cyber crime advancements; acts of cyber terror, where countries use online “gangs” to attack each other; the use and abuse of the cloud; social engineering and social media attacks; information risk management; expansion of the digital domain; and the changing face of incident response.
In terms of the IT environment, he said the effectiveness of security in business could improve and SA must deploy robust claims-based identity solutions that increase authentication and protect privacy.
Kganyago added that the most sought-after industry in terms of attacks is the financial sector, since this is the industry that can make the most money for criminals.
“SA and its organisations will have to adopt additional skill-sets and look for solutions in areas we have not dealt with before.”
The security advisor said there needs to be development of defensive and offensive cyber capabilities. Also, cloud security considerations must include compliance and risk management, identity and access management, service integrity, endpoint integrity, and information protection.
Business and government in SA must align social, political and economic forces with IT capability, ensure central coordination of cyber security activities and international collaboration, continue focus on building trusted stacks, run anti-virus software from a trusted vendor, and keep all software updated, added Kganyago.
Related story:
Cyber crime a no-brainer
Share