There are many security threats facing the financial services industry in SA, but perhaps the most common threats are targeted or broad-based spear phishing attacks and insider threats.
Phishing attacks, for example, are extremely cheap to carry out, yet have a potentially high yield. "It only takes one user to inadvertently open a malware-infused mail or attachment for attacks to gain access into an organisation's environment."
So says Gus Clarke, head of cyber security, TYMEDigital by CommonWealth Bank SA, who will be presenting on 'Breaking bank' at the ITWeb Security Summit 2018, currently being held from 21 to 25 May at Vodacom World in Midrand.
Developing cyber security skills
Speaking of what the financial services industry should be doing better when it comes to cyber security, Clarke says we need a greater focus in SA on developing or embedding cyber security skills at senior, or even junior school level.
"Locally we have a huge deficit pertaining to these types of skills in the market and it's likely due to lack of exposure to cyber security as a career prospect."
He says many university leavers or job applicants he has spoken to do not seem to have a firm grasp on cyber security and only begin to understand it once they start a career in the industry.
"This is far too late. While I would like to raise the distinction between certain individuals who passionately self-study and research in this space, and those who do not, I feel the onus is on us as established members in this space to remedy the situation."
Far-reaching ramifications
He says in the event of a successful breach, the ramifications for financial services businesses are far-reaching, both from a financial impact perspective and from the damage done to brand or reputation.
"We often think of organisations in the financial services sector as being targets for fraud and theft, but imagine for a moment that a DDOS attack rendered online banking offline or unusable for a few days. The impact could be potentially catastrophic."
Sophisticated attacks to the financial services sector happening outside of our geographic region are well published, so in SA, we tend to think it might not happen to us, he notes.
"On the contrary, South Africa, as a relatively advanced player in the international banking sector, is used as a testing ground for future attacks on more vulnerable entities. Notwithstanding the fact that as there is a huge push to bring banking to the unbanked via digital means, this will vastly broaden the future attack landscape."
Delegates attending Clarke's talk will hear him highlight that these types of attacks can and will affect SA as an emerging economy and how, to stay ahead of attackers, we will need to collaborate and share experiences and solutions.
Share