SA needs offensive cyber warriors
Rather than staying on the defensive, SA must promote offensive cyber warriors if the country is to win the fight against cyber crime.
So said Beza Balayneh, CEO and CISO at the South African Centre for Information Security, during an information security roundtable hosted by Trustwave, in Johannesburg, last week.
Also present during the roundtable were Andrew Kirkland, country manager for Trustwave in SA; Michael Aminzade, EMEA director for delivery at Trustwave; Kalyani Pillay, CEO at Sabric; Bryce Thorrold, head of country risky management for sub-Saharan Africa at Visa; and Sylvia Papadopoulos, lecturer in the Department of Mercantile, Cyber Law, at the University of Pretoria.
Balayneh pointed out that cyber criminals will always have an upper hand as long as the country remains on the defensive against them. Thus, he suggested the country must establish a police force solely dedicated to e-crime.
As an example, he made reference to China's Green Army, a hacker movement that he said has managed to stand the test of time and moved towards more legitimate enterprises.
He also lamented that SA does not have a computer crime response centre, saying countries like the UK have set up a cyber security "fusion cell" for cross-sector threat information sharing with the intention to put government, industry and information security analysts side-by-side.
According to Balayneh, in most of the e-crime cases that have found their way to the courts, the judges are not confident enough to sentence the perpetrators.
Kirkland also pointed out that SA does not have a concerted cyber security strategy to deal with criminals, which has seen an increase in criminal activities like SIM swap fraud, among others. "We need everyone, from industry players to end-users, to pull in the same direction in the fight against cyber crime."
He also noted that for the cyber war to be won in SA, the country needs to understand how the criminals are motivated.
Kirkland also suggested that education of end-users will also make a huge difference in the cyber war, noting that, although banks were doing a lot in terms of educating their clients, the clients were not taking time to educate themselves.
Aminzade also explained that the security solutions industry is getting better at educating organisations, especially when compared with the guidance that was being issued some five to seven years ago. "However, we put security measures in place, but as the users become more sophisticated, so do the hackers."
The panellists moved through the impact of m-commerce and how banks and other organisations needed to educate consumers and prepare for the increase in mobile malware today. As the number of uneducated users using mobile phones increases, so does the risk of cyber crime, as they are not given the tools to manage their devices securely, said Aminzade.