Do you know what’s lurking in your network? And other issues to think about during Cyber Security Awareness Month
Is there a ghost in your machine? And no, this is not the beginning of a Halloween story – but perhaps it is fitting that International Cyber Security Awareness month takes place in October, the month of Halloween. So says Stefan van de Giessen, General Manager: Cyber Security at value-added distributor Networks Unlimited Africa.
He explains: “During October, businesses – big and small – and individuals alike are encouraged to think about the ‘ghosts’ that may or may not be hiding in their machines in the form of malware and other nasties. Why is this of critical importance? Threat actors today are capable of remaining undetected within a network for extended periods of time before deploying their weapons of both system-compromise and/or intelligence theft.
“International Cyber Security Awareness month is prominent in Europe and the United States, but less so here in South Africa. And yet it is in Africa, across all its regions to a greater or lesser degree, that we are seeing a huge uptake of technology, especially in parts of East, West and South Africa. However, we believe that technology education is not sufficiently matching the rate at which technology is being adopted, a scenario that is potentially very problematic, as both companies and individuals need to have more understanding of the risks that come with technology, as well as its benefits.”
South Africa adopted October as National and International Cyber Security Awareness month earlier this year, as announced by communications deputy minister, Pinky Kekana, in March . The deputy minister urged CEOs to provide ways in which the government and industry can collaborate to make South Africans more aware of the dangers of cyberspace, and how to protect themselves .
“This is certainly heartening,” comments Van de Giessen, “and represents a strong move in the right direction for South Africa and cyber security awareness issues. So also does the tabling of the Cyber Crimes and Cyber Security Bill, which needs to be revived and brought before Parliament once again , and which is intended to bring South Africa in line with international laws dealing with cyber crime.
“However, we must remember that the passing of cyber crime laws does not always bring with it the ability to punish wrong-doers, or bring back valuable data that has been stolen – to the potential harm of organisations and their clients alike – and so we believe that education remains key in facilitating the protection of organisations and individuals from cyber criminals.”
To this end, says Van de Giessen, Networks Unlimited Africa strongly advocates the need to educate and create awareness around cyber security issues. “We note the huge skills gap in the IT arena in South Africa, and indeed around the world, and feel that the private sector and the government should work together to encourage cyber security awareness. A collaborative approach is needed – one entity can’t do it alone.
“We acknowledge that this is not only a business initiative but something that needs to be addressed for the general layperson as well, including raising awareness in children. People need to be empowered in terms of protecting themselves from being phished, for example, and unwittingly giving up their data. There are also do’s and don’ts around password protection that the layperson needs to be aware of, especially with the rapid rise of smartphones, which facilitates Internet access for all.”
Van de Giessen says the company has seen growth in the implementation of technology in certain regions of Africa, but is concerned that security for the technology being implemented is frequently not optimal or adequate. “This rapid advancement of technology doesn’t generally come with a simultaneous understanding of security requirements at a granular level,” he explains.
“For example, when people are being educated about basic computer usage, to empower them in their studies and their work, they also need to learn about the risks. It is not enough just to train people in how to use certain programs and the Internet, without also educating them on the consequences that can come with using a PC or even a smartphone.”
From the perspective of Networks Unlimited Africa, Van de Giessen says the company encourages awareness among those with whom it has dealings, both internally and externally, including its partners, employees and interns, as well as its clients and end-users.
“We enable and facilitate the digital conversation wherever possible; for example, externally with our corporate social investment (CSI) partner, The LoveTrust, which is involved in education, and also internally for our own employees around the country and at our African offices, as well as through our internship programme. This programme takes on graduate students, teaches them about our market and offers employment to those individuals who are a fit with our organisation. Along the way, our interns become very enabled in their own private capacity as regards issues of cyber security.
“As a company, we are involved in protecting organisations and entities across the continent and in upskilling our partner base and the channel, hence we are passionate about practising what we preach, and preaching what we practise. Our ethos goes beyond simply revenue generation to include education and upskilling for all those with whom we interact,” concludes Van de Giessen.