SA companies 'slow' on IT security

2013-05-09 11:30
South African companies are not on the same par as their European counterparts when it comes to the security of their computer systems. (Duncan Alfreds, News24)

South African companies are not on the same par as their European counterparts when it comes to the security of their computer systems. (Duncan Alfreds, News24)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

Cape Town - South African companies are not on the same par as their European counterparts when it comes to the security of their computer systems, an expert has revealed.

"It's actually scary how quickly I can get the main administrator rights. For example, if you've got a five day engagement - 40 hours - if you have the main admin by Monday at 12:00, that's quite scary, I think," Philip Pieterse head of the ethical hacking division in South Africa for Spiderlabs, told News24.

Spiderlabs is a division of Trustwave and the company conducts penetration testing of computer systems to let managers know where vulnerabilities exist so they can be remedied.

"Penetration testing is where we use the same techniques; the same tools that the bad guys do, obviously in a controlled form," said Pieterse, who recently returned from similar work experience in the UK.

Testing

He said that companies who feel they have secure systems generally contact penetration testers to conduct system tests which could demonstrate to integrity of internal systems that may contain intellectual property.

"Organisations, when they feel they have reached a maturity level where they feel they can actually have a penetration test, they would come to us."

According to the Payment Card Industry Security Standards Council which is made up of credit card providers, companies that process cardholder data should be subject to annual penetration testing of its systems.

"An assessment company would come in and go through all those requirements and check that this stuff is in place. If everything is in place they issue a report on compliance. It is then your responsibility as a merchant to maintain that compliance," said Bob Russo, general manager of the PCI Security Standards Council of how the system of penetration should work.

Pieterse said that South African companies were actively engaged in increasing their security compliance, but they still had a long way to go.

"I'm born and bred South African, so I don't want to dis [insult] South Africa, but I was working in the UK for a year before I moved back here, doing the same thing I did there. South African companies, even though they try very hard, they still need to go through some steps to the same level as, for example, companies I've seen in the UK or Europe."

He was careful to add that in the UK and Europe the growth curve on security has generally been earlier than in SA, giving them around a five year lead in terms of how security conscious they are.

Threat report

"With the South African companies, there're lots of companies still in the first year with us," said Pieterse.

Security awareness is key for companies and users should be trained to avoid links send through spam e-mails and suspect website links.

Symantec's Internet Security Threat Report found that 61% of malicious website were, in fact, legitimate websites that had been defaced or compromised by hackers.

These were mainly focused on e-commerce sites that could potentially steal financial information.

"The best practice - and that's one the things we saw in our Global Security Report - is security awareness and even security awareness training. I don't think it is as expensive as, for example, buying a technology, so I think that's a quick win," Pieterse said.

He added that it was up to users to be careful about the links they followed in surfing the web.

"You can have the longest password and a fully patched work station but if you click on a link on the wrong page, you can be instantly compromised."


- Follow Duncan on Twitter
Read more on:    internet  |  technology  |  cybercrime

Join the conversation!

24.com encourages commentary submitted via MyNews24. Contributions of 200 words or more will be considered for publication.

We reserve editorial discretion to decide what will be published.
Read our comments policy for guidelines on contributions.
NEXT ON NEWS24X

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
6 comments
Comments have been closed for this article.

Inside News24

 
/News

Book flights

Compare, Book, Fly

Traffic Alerts
There are new stories on the homepage. Click here to see them.
 
English
Afrikaans
isiZulu

Hello 

Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.


Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Settings

Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.




Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.