SA's major institutes at risk

Admire Moyo
By Admire Moyo, ITWeb's news editor.
Johannesburg, 02 Nov 2012
Our growing dependence on technology naturally opens up the window of opportunity for criminal elements, says Thales SA's Llewellyn Hartnick.
Our growing dependence on technology naturally opens up the window of opportunity for criminal elements, says Thales SA's Llewellyn Hartnick.

South Africa's major institutions are at risk from a growing number of possibly debilitating cyber threats because of the lack of continuous sophistication of cyber crime technology by the vast number of cyber security specialists operating in the country.

So says Llewellyn Hartnick, cyber security specialist at Thales SA, who points out that there are over 9 000 security companies in SA that compete against each other in the market.

"Being driven by market forces results in companies acting in their own interests. What is needed is more regulation, and government has begun recognising this. It has developed its Cyber Security Policy that should act as a catalyst for regulating the industry and bringing about basic standards in the fight against cyber crime, even within the private sector."

On the other hand, he says, the national government has other pressing objectives and it is the priority of security solution providers to build reliable, customised, world-class solutions that both the public and private sectors can buy and use.

"The reality is that the smarter technologies and modus operandi of cyber criminals - both locally and abroad - are not being effectively matched by preventative technologies that pass their 'sell-by date' after six months of being developed," says Hartnick.

"We're moving towards an electronic age. We have e-filing of citizens' tax returns, a national online traffic fine system, and electronic voice, video and written databases that are being built and maintained across sectors in the private and public sectors," he adds.

Therefore, it is true that our growing dependence on technology naturally opens up the window of opportunity for criminal elements, Hartnick notes, adding that, despite the recognition that cyber security is a growing issue of national importance, there seems to be little understanding that technological developments have a global lifespan of, at most, six months.

"This means that effective security requires more than identification of the risks or sanctioning of the guilty criminals; it requires preventative mechanisms that are not only customised to specific sectors and operations, but that are, more importantly, continuously upgraded in a way that consistently prevents the growing number of sophisticated attacks on one's systems."

According to Hartnick, unlike countries that enjoy the benefits of cheap labour, as a country, SA cannot afford to invest huge portions of the national budget on continuously developing improved cyber security technologies.

He, therefore, believes the responsibility falls on individual organisations to maintain their electronic assets as best as possible, and it is there that lies the problem.

"Most companies do not have technology or the Internet as a core part of their business. For this reason, cyber security is not seen to be a top priority for many companies. There also exists a lack of awareness among companies about the actual threat cyber attacks pose on their business."

Thus, he notes, until companies experience a cyber attack, they will not appreciate the importance of securing against it. Yet, he adds, the reality is that the threat not only exists but is growing to endemic proportions.

"According to the latest figures (Symantec Report 2012), SA is the third most targeted country in the world in terms of cyber attacks. This is alarming and cannot be ignored for long, especially as companies become more and more reliant on technology in their businesses and the Internet becomes more accessible to South African consumers through a growing number of mobile devices and e-commerce."

He also reveals that SA lacks skilled information security professionals and in-depth training for these professionals in combating attacks and ensuring the effectiveness of security technology.