SA crying for cyber security leadership
Enterprise, security vendors and government must work together to combat cyber crime in SA, says Wolfpack.
Economic fraud, denial of service and the theft of confidential information are the main cyber crime concerns for SA.
Speaking at ITWeb's 8th annual Security Summit, Craig Rosewarne, MD of Wolfpack and founder and chairman of ISG, unpacked the key findings of the 2012/13 SA cyber threat barometer. The report was compiled by Wolfpack, with support from the British High Commission, and comprises extensive research into SA's readiness to deal with cyber crime.
According to Rosewarne, when it comes to cyber crime activity, there is a shortage of relevant local statistics for Africa and SA, and deeper research is required on actual threats in the region. "From a strategic national point of view, there are no stats for SA. This is a problem because, if we don't have these stats, it appears there are no problems," he said. "This was one of the first things we tackled with this research."
The study found that the majority of cyber attacks taking place in SA are executed by petty criminals using simple technology. Rosewarne noted that the advanced attacks by professional hackers, which we are increasingly seeing internationally, are not very common in SA.
The top cyber services under attack are Internet banking, e-commerce sites and social networks; with phishing, the abuse of system privileges and malicious code infections the top methods of attack, the report found. According to Rosewarne, on average, each person who was caught by a phishing scam lost about R10 000, and over the period in review, some R94 million was lost to this kind of attack.
When it comes to these attacks, Rosewarne asserted that the threats are not being prevented because of a general lack of technical skills. He also cited insufficient collaboration as a stumbling block in the fight against cyber crime in SA and Africa, calling on enterprise, security vendors and government to work together. A general lack of awareness about cyber crime and about how citizens can protect themselves was also highlighted by the study.
Once an attack has occurred, Rosewarne noted that the actual investigation and prosecution process is often poorly executed. "Unless the attack happens to a high-profile person, the incident will probably not be investigated due to the sheer magnitude of cyber crime that is out there."
He called for a joining of forces and for the establishment of partnerships to better combat these criminals. "Our country is crying out for leadership in the cyber security space. We really have to start showing a lot more muscle; we can't just sit and wait for something to happen before we act."