Security

Cyber crime has no boundaries

South African companies face increased risk of cyber attacks due to a lack of awareness, while the new "doxing" trend claims global celebrity victims.

A lack of awareness and skills is leaving South Africa more vulnerable to cyber attacks.
A lack of awareness and skills is leaving South Africa more vulnerable to cyber attacks.

There is growing concern about the safety and security of South African companies following a recent surge in cyber attacks leaking personal and financial information.

Robert Boccia, executive of IT at Lion of Africa Insurance, says South African businesses are at an increasing risk of becoming victims to cyber crime. "We are at significant levels of risk primarily due to people's lack of awareness around the protection of their personal information."

He adds that there's also a certain ease to obtaining information in South Africa. "The Protection of Personal Information Bill will, however, go a long way in ensuring that personal information is protected under the legislation."

Boccia's comments come as the new prankster trend called "doxing" claimed more high-profile celebrity victims, with Angelina Jolie's and Lady Gaga's financial details being published online this week. Michelle Obama, Kim Kardashian and Beyonc'e were also targeted last month, with the US government saying it will investigate the Web site that published their financial and personal details.

Boccia says doxing is the act of identifying a person from a small bit of information, such as an e-mail address, which the "doxer" then uses to find personal information on a specific person.

Doxing is legal for the acquisition of public information, but Boccia explains that it becomes an illegal act to stalk someone through an online chat service like Facebook or MSN, or hacking into their social accounts.

In South Africa, the Department of State Security's Twitter account (@StateSecurityRS) was hacked into last month, with a tweet saying: "Fastest way for processing fat off your body in two weeks." This sparked the online community to respond with comments on how the department could not manage to protect itself from cyber attacks. The department changed the account's password as soon as it realised it had been hacked.

Costly crime

According to the South African Cyber Threat Barometer 2012/13 report, conducted by local research firm Wolfpack Information Risk, South Africa lost R2.65 billon to cyber crime from January 2011 to August 2012.

Learn more

For more in-depth discussions on security and cyber crime, be sure to attend the ITWeb Security Summit, to be held from 7 to 10 May, at the Sandton Convention Centre. In particular, keynote speaker Misha Glenny will discuss the struggle for the Internet, with emphasis on Web control, crime, commercial espionage, spying and warfare. For more information and to book your place at the event, click here.

Commenting on the report, Craig Rosewarne, MD of Wolfpack Information Risk, told ITWeb that South Africa is not equipped to deal with the onslaught of cyber attacks. "Cyber security skills in SA are definitely in short supply, with digital forensic skills topping the list in all the sectors in SA.

"The second most scarce cyber security skill in SA is experienced incident handlers, who are able to respond to a variety of computer security incidents, such as unauthorised data access, inappropriate system usage, malicious code infections and denial-of-service attacks."

Boccia says companies and individuals have to protect themselves from any form of cyber attack. "I would most certainly recommend that any company that handles any personal information have some means of protection from liability in the form of cyber crime insurance."

He adds that it is important to understand that the concept of cyber crime insurance is still new and widely questioned for its accuracy. "It will take some time to be adopted."

Boccia says it is therefore important for an organisation to clearly demonstrate that it has all the right procedures and policies in place around the handling of its customers' personal information. "If they cannot demonstrate that they have these in place and a breach does occur, it could expose them to legal action."

Have your say
Youtube play icon