SA must strengthen cyber security approach

Many local organisations need to change perceptions and approaches to cyber security, says the SA Centre for Information Security.

Tyson Ngubeni
By Tyson Ngubeni
Johannesburg, 30 Jan 2014
Cyber security involves more than protecting finances, the SACIS says.
Cyber security involves more than protecting finances, the SACIS says.

SA still has some way to go before realising a robust cyber security framework as global threats become more sophisticated.

This is according to Beza Belayneh, CEO of the SA Centre for Information Security (SACIS).

Communications minister Yunus Carrim inaugurated the National Cyber Security Advisory Council last year in an effort to establish public-private cyber security co-operation, but Belayneh still sees gaps which can be covered.

He says security awareness and understanding varies, depending on the sector involved. "The traditional targets - financial institutions - have increased awareness and built capabilities to withstand sustained attacks since they are targeted daily."

However, organisations outside the financial sector often dismiss cyber security awareness as sensationalism, resulting in what Belayneh terms "cyber security fatigue".

He points to a "perception gap" preventing many public and private institutions from understanding that money is not the only vulnerable commodity which needs to be protected.

"Organisations will process and store large amounts of personally identified information and most of their business processes such as HR, finance and legal, are fully computerised and digital. Institutions don't realise that cyber attacks constitute data theft and can interrupt business functions."

Throwing money at the problems will not help people understand the nature of threats and how to counter them effectively, notes Belayneh.

Impossible to avoid

According to the SACIS, local organisations are spending resources on cyber attack prevention - a task which Belayneh says is never-ending and focus should shift to building resilient security frameworks.

"Institutions must develop a holistic approach that responds effectively to attack since they are impossible to avoid," he says.

The SACIS notes that a multi-pronged approach may be required by local organisations as they attempt defence strategies. "It should not be left to IT departments alone, but should involve HR, legal, finance and public relations."

A 2012 study by professors Elmarie Kritzinger and Basie von Solms, titled "A framework for cyber security in Africa", found security measures on the continent may require a tailored approach. "Solutions imported directly from developed countries do not always work wonders in Africa," the study says.

Increasing bandwidth in Africa, coupled with a lack of technical security expertise, has led to a unique set of cyber security issues which the study notes will need addressing.