Synthesis hosts panel discussion on cyber security risks, skills and what we can do about it
Synthesis, a leading South African strategic technology partner and highly specialised software and systems developer, launched its inaugural online panel discussion, hosting several experts and personalities in the technology space. ABSA's Group Chief Security Officer Sandro Bucchianeri; Discovery Insure CEO Anton Ossip; Internet pioneer and technology investor Ronnie Apteker; and Synthesis business analyst Matthew Gaskell joined in an exciting and sometimes jarring conversation about the state of cyber security.
Host Howard Feldman, Synthesis's Head of Marketing & People, set the scene with some startling data from recent IBM research: data breaches cost South African companies on average R40.2 million. This situation is going to become worse, as Apteker explained: "My imagination tells me it's going to intensify. If you look at the full impact of the pandemic and the resulting unemployment, hacking is lucrative. And whoever said crime doesn't pay hasn't engaged in ransomware as a service."
Cyber crime is not only recognised by many as the fastest-growing type of criminal enterprise. It already rivals the size of other illegal sectors such as illicit drugs and arms smuggling. Two prongs fuel this growth: cyber crime is quite lucrative and low-risk for the perpetrators, and the average person still believes it's not something that will affect them.
Yet cyber crime's egalitarian reach is quite evident in South Africa, which ranks globally in the top 10 in terms of cyber exposure. And though large enterprises spend heavily to protect themselves from these threats, the criminals are actively targeting medium and small businesses as well, said Ossip: "This risk is something that should be worrying small companies as well. Any company that's connected to the Internet has a client base that could be exposed. It could be embarrassing to the company, it could be devastating, it could be the end of the company, if that client base was exposed. So small companies are starting to take this more seriously."
Don't let the lack of news about such attacks fool you – they often don't make headlines, yet cyber attacks and data theft among SMEs is a growing problem. Ossip encouraged business owners to think in terms of risk: They already want to mitigate the damage of, say, fire or theft. Now, the protection of intellectual property and customer data is as essential.
Mitigating cyber risks
One remedy is to adopt cyber insurance, covered through three subsections: first-party insurance to cover costs such as reputational damage as well as cyber investigations that may help limit the damage; third-party insurance to help pay for such issues as lawsuits; and business interruption cover to make up for any halt in operations due to a breach.
Yet cyber insurance alone is not sufficient protection and, as you'd expect with any policy, coverage requires the business show due diligence in protecting itself from attacks. As Gaskell explained, it's often about making your house harder to break into than the neighbour's: "What I'm trying to allude to there is that cyber security is very much an ongoing process. To build your defences and leave it, that's not the right approach. You need constant patching, updating your servers, updating your anti-virus, and keeping up to date with current trends in vulnerabilities. And it's very important not only to apply that to infrastructure or systems, but within your practices as well. If you're managing IT systems or developing IT systems, it's very important to just stay ahead of the curve with constant monitoring of your systems."
Getting people on board
Here, though, is where things become complicated. If good cyber security were a question of the right technology, there wouldn't be a problem. Yet all the best tech in the world is no good if a company does not have a proactive security culture among its people.
Often a security culture fails to take root because leaders at the top pay lip-service to it. To overcome that, suggested Bucchianeri, it's important to build closer ties with the exco and board: "One of the key suggestions I would give is to build strong relationships with both. I often meet CSOs, and they are apprehensive about interacting with the exco or the board because of who they are. My simple philosophy is that everybody needs to buy electricity. Everybody needs to buy data for their kids. And they are no different. So building those strong relationships is exceptionally important as a CSO so that you can have those open, transparent discussions about the challenges you encounter."
Bucchianeri went further, adding that we can articulate security to the average person since everyone is security-aware. We lock our gates, keep our cash close to us, and fiddle with our car doors to see if signal jammers were interfering. If you can connect this security consciousness with what is happening online, it can have a profound effect on your security culture.
Building skills to expand employment
Third, and a big passion point for Bucchianeri, is skills. There is a massive shortage of security skills – training for these can both alleviate security challenges as well as help tackle South Africa's staggering unemployment rate. ABSA launched a security academy for disadvantaged learners and, out of the first cohort of 20, Bucchianeri expected maybe two or three highly capable people. Instead, he got 20 – all hired. This success speaks to the underlying potential between technology and South Africa: "I firmly believe that South Africa is perfectly poised to be the hub of all things 4IR and 5IR over the next five to 10 years. If you look at the African continent, we have the youngest population in the world. So in 10 years’ time, when developed countries go into the twilight of their career, our young population is going to be pretty much the epicentre of everything that will be digital."
Synthesis's first webinar panel was a resounding success, fielding questions and polls from attendees, and gathering crucial insights from its renowned guests. They may not have solved cyber crime, but they did show how we should be aware of the threats, can fight back against this rising scourge and also build a tech-savvy country that could stand at the forefront of the future.
For more information on our recent event click here.