Defending against cybercrime requires constant vigilance and training and collaboration between financial institutions, government departments and anyone else who is vulnerable to attack.
That’s the view of Andrew Kirkland, country manager at cyber security firm Trustwave, who says there are too few “fire drills” to check for vulnerabilities, whether in government or the private sector. Organisations need to share more information on cyber crime.
“There should be a forum where industry bodies can get together to discuss how we address cyber crime.”
Hackers tend to fall into one of three categories, according to Kirkland: “hacktivists” looking for bragging rights; state-sponsored hackers looking to target other countries or foreign businesses for sensitive information; and the most common type, financially motivated hackers.
Sylvia Papadopoulos, lecturer in the department of mercantile and cyber law at University of Pretoria says South Africa lacks a concerted cyber security strategy.
“We are also playing more of a catch-up game than the rest of the world. If you look at statistics, we’re now one of the top targets in the world because we’re dealing with a lot of less sophisticated users and mobile penetration is very high.”
The number of service providers involved in the chain in electronic crimes such as Sim-swap fraud — retailers, network operators and banks — makes tackling the problem difficult. “The banks are quite advanced, but it’s the other providers in the chain that have been taken unawares.
“Where there are several role players, they need to work on the same path towards the same goal,” Papadopoulos says. “At the moment, there’s no incentive to do so. It would probably take one very large court case to get people to come together and focus on the problem.”
Proposed new laws, including the Protection of Personal Information Bill (PoPI), go some way to providing incentives to companies because data losses have to be declared publicly, something that carries the threat of reputational damage and punitive fines.
“What makes PoPI useful is in privacy litigation. Previously, you’ve had to prove fault but PoPI takes that away,” she explains. “You were a custodian. Whether negligent or not, you’re liable for protecting customer data.” — (c) 2013 NewsCentral Media
