SAPO to build on digital trust
The South African Post Office (SAPO) depends on cyber security and digital trust to deliver on its mandates and progress to future projects, says Maclaud Mafaiti, GM for IT security at SAPO.
Acknowledging SAPO's possible social grants role in future, Mafaiti also noted that SAPO already ran online services, as well as a bank, and the SAPO Trust Centre to hold the public key infrastructure and Certificate Authorities, all of which depend on customer privacy and information security.
Mafaiti said at the ITWeb Security Summit 2017 that trust was crucial for SAPO: "We have to be ready for anything in the current environment, in which cyber crime is worth more than drug trafficking, and the proliferation of mobile and Internet of things has expanded the risk profile."
"IT security spending in the past has tended to be reactionary, but this will have to change," he said. "However, new information security strategies have been constrained in many organisations by cost and a lack of skills. Containing information security costs in future will depend on more effective strategies and collaboration across organisations."
Mafaiti noted that collaboration and sharing of threat intelligence had helped slow the spread of the recent WannaCry attack, and said formalised collaboration could prove the solution for organisations hampered by advanced information security skills shortages.
SAPO's information security roadmap focused on addressing the basics of security to ensure that digital trust was safeguarded, he said. Among its focus areas are to capacitate the environment through effective detection; to stay abreast of threat intelligence; maintain a current and accurate asset inventory; identify governance practice and audit and enforce access rules and permissions; ensure that patching covers the entire infrastructure; implement mitigating controls and focus on incident response planning.