Cyber Security

Cyber security comprises the tools, policy, best practice, risk management and technologies that can be used to protect organisations’ cyber environments and their information assets. The remit of cyber security is the same as that of information security: protecting the confidentiality, availability and integrity (CIA) of corporate information assets.

An organisation’s assets may be connected computing devices, personnel, infrastructures, applications, services, telecommunications systems and transmitted and stored information in the cyber environment. Cyber security aims to protect these assets from security threats.

With increasingly cheaper and faster Internet access, the African continent is at high risk to cyber security threats. Cyber security is relatively unknown in Africa, and knowledge and expertise is sparse. Shortage of local cyber security experts and lack of funds are the main acknowledged reasons for the lack of security awareness.

 

Cyber threats and Data Breaches

The absence of a secure ISMS can leave you open to a number of vulnerabilities, including cyber threats and data breaches. This can, in turn, result in hefty fines, brand damage and a loss in customer trust as relationships are ruined.

Uncover more about cyber threats and data breaches:

 

Download our free green paper on information security and ISO27001

This green paper contains an overview of Information Security and ISO27001 and is an ideal read for beginners. Simply enter your email address into the box below and a copy of the green paper will be sent to you automatically.

Data breaches in South Africa

South Africa’s ruling African National Congress site was recently hacked by the hacking group known as ‘Anonymous’, a loosely organised group that has been blamed for attacks on, amongst others, the FBI, Visa, MasterCard, the Kremlin, global intelligence firm Stratfor and Sony Pictures Entertainment. In October 2013 South African banks experienced a massive data breach following an attack by a malware called ‘Dexter’, which was inserted into point-of-sale devices at South African fast food outlets. It is estimated that the breaches have cost local banks tens of millions of rand and have been described as the worst breaches of customer card data in the country’s history according to TechCentral.

According to the 2012 Symantec cyber crime report there is a significant amount of cyber crime in South Africa: 556 million victims per year, equal to more than 1.5 million victims per day, or 18 victims per second. One in 170.9 emails was identified as a phishing attack and one in every 1.48 emails were considered spam, making up 67.8% of all South African email traffic throughout July 2012.

The Microsoft Security Intelligence Report (SIRv11) shows the following malware and potentially unwanted software categories in South Africa in 4Q11.

Malware and potentially unwanted software  in South Africa in 4Q11

 

How is South Africa coping with cyber threats?

According to the United Nations Economic Commission for Africa (UNECA), African governments are demonstrating increased awareness of cyber security issues, but the existing capability to promote, monitor or pursue cyber security is relatively low.

The Southern African Development Community (SADC) is also involved in increasing awareness of cyber security throughout the country. Its aim is to set up National and Regional Internet Exchange points and promote the harmonisation of a Cyber Security Regulatory Framework.

South Africa has a serious lack of relevant skills Police lack the expertise to deal with cybercrime and there are very few legal professionals in the country who understand it.

South African companies will soon have to comply with the Protection of Personal Information Act (PoPI), which was signed into law in November 2013. The date on which PoPI will become effective still needs to be decided, but it will be very strict in applying substantial penalties. It is therefore recommended that South African organisations look towards cyber security solutions such as ISO27001.

 

Apply Cyber Security best practice

Our Cyber Security Governance & Risk Management Toolkit helps you integrate a number of cyber security approaches into a single framework and enables you to combine their individual strengths to enable you to get the best from each of them.

  • PAS 555:2013, the new standard for cyber security risk governance and management.
  • ISO/IEC 27032, the international guidance standard for managing cyber security risk.
  • The Cloud Controls Matrix, developed by the Cloud Security Alliance for Cloud service providers.
  • Ten Steps to Cyber Security, the methodology developed by the UK’s Department for Business, Innovation & Skills (BIS) to help organisations secure their cyber defences.
  • ISO/IEC 27001, the internationally recognised standard against which an information security management system (ISMS) can achieve accredited certification.

Find out more about the Cyber Security Governance & Risk Management Toolkit >>

 

You may also be interested in: