In 2014, the government of South Africa published the intention of having the State Security Agency conduct an electronic security needs analysis for the country. Actions would be taken to identify, secure and protect critical electronic communications and state organs infrastructure against electronic access that was unauthorized as well as all related threats.
Companies across South Africa may have experienced a momentary sense of relief that the government was taking on the serious topic of cybercrime, but there remains a high level need for self-protection within company realms. South Africa has been listed as the sixth most active country for cybercrime by the U.S. Federal Bureau of Investigation. Norton, the multinational security software company listed South Africa in their 2013 report as the third-highest number of cybercrime victims, following Russia and China.
Sharon Knowles, CEO of DaVinci Forensics says:
“As cybercrime continues to increase around the globe, corporations are seeing the potential for a data breach not as an ‘if’ concept, but instead as a ‘when’. Protection of intellectual property as part of the cyber-territory is the main focus of DaVinci Forensics. The risk analysis process incorporates all of the aspects, both external and internal, to create barriers for our clients, allowing them to continue in their business direction with a sense of security.”
The FBI stated “Businesses, financial institutions, government agencies, academic institutions, and other organizations can and have become infected with it [ransomware] as well, resulting in the loss of sensitive or proprietary information, a disruption to regular operations, financial losses incurred to restore systems and files, and/or potential harm to an organization’s reputation.”
What may start out as an accidental access to a site that downloads malware, can continue to extend throughout a company. As data is shared, the malware hitchhikes along for the ride opening the door for a data breach that can continue on exponentially. The attention that the South African government is giving to cyber warfare is a first step to overall protection, but it will probably not be enough to encompass private corporate concerns.
The McAfee information released in their report Net Losses: Estimating the Global Cost of Cybercrime Economic impact of cybercrime II stated “Several factors determine the risk that a company will be a victim of cybercrime. These include the ease of penetrating the target networks and the attractiveness of the target to hackers (determined by its value found on its networks).” The report continues to add “Hackers see low risk from cybercrime, with the added benefit that as manufacturing and research capabilities improve around the world, the return on stealing IP will increase, giving people more reason to hack- better indigenous manufacturing capabilities mean a greater return from hacking. Defenders lack the incentive to do more because they underestimate the risk; the incentive for cybercriminals is to do more, as the rate of return is increasing.”
The key is to raise the awareness level among companies, as they have the most to lose. Working within the infrastructure of an IT Department to identify potential security cracks needs to be combined by keeping a vigilant wall around intellectual data to keep out the every changing ‘spears and arrows’ of the cyber hackers.
Sources:
** BDLive.co.za
** Fin24.com