SA liable to cyber risks
Technology has disrupted the way business is conducted - creating sophisticated opportunities for crime.
So said Jeremy Capell, senior manager for risk advisory at Deloitte, while presenting at the ITWeb Business Resilience 2014 Summit at Montecasino in Johannesburg, yesterday.
According to Capell, cyber security risk is one of the top concerns for CEOs and SA has the third-highest number of cyber crime victims, after Russia and China.
He added that 70% of South African businesses are significantly unprepared for cyber liability risks.
According to IST Africa 2012 Conference Global Cyber Trends a South African Reality, more than 4 646 online South African adults fell victim to cyber crime per day in 2010, totalling $573 million in direct financial losses and an additional $995.4 million in time spent resolving the crime, said Capell.
He pointed out that to help decrease the numbers of cyber-attacks, organisations need to view cyber threats in terms of business continuity management.
Also, cyber threat intelligence will help minimise online security threats in businesses, said Capell. This can be done by continuously identifying and testing for known vulnerabilities to limit cyber attack vectors.
He believes that an organisation's ability to prevent, withstand, respond and adapt to disruptive events is by understanding the environment, anticipating incidents and implementing controls to prevent significant disruption.
Organisations need to improve the ability to detect emerging threats and irregular patterns among the highly complex and data-saturated environment, said Capell.
"CEOs must put in place strategies that will enable the organisation to recover from attacks as quickly as possible and minimise both direct and indirect changes through understanding the environment, anticipating incidents and implementing controls to prevent significant disruption."
Businesses must make sure they can respond and recover from a disaster by building operational resilience into the day-to-day business process and by developing sound escalation structures and recovery plans, states Capell.
However, he pointed out that it should not be a one-time application, but organisations should continuously improve the process through evaluation of actual disruptions and testing of the resilience processes.
Also, the organisation should make sure it is secure against known threats through risk-driven investments in foundational, preventative controls and policies.
Businesses need to create processes that are able to assess what their internal and external vulnerabilities are, and implement ongoing monitoring. This will give them the ability to identify the type of attacks that can occur in future and have a response plan to cater for it, concluded Capell.