We need to improve our cybersecurity culture

2019-11-26 06:00

In the face of the fourth industrial revolution (4IR), we are simultaneously exposed to a new world filled with opportunities and risks. This disruptive, complex and exciting world is one where cryptocurrency, artificial intelligence, ransomware, phishing and the internet-of-things thrive. In the wake of these new technologies, the provincial minister of community safety, Albert Fritz, is calling on all institutions, including government and small business, to increase their vigilance regarding cybersecurity.

On Thursday 24 October, the City of Johannesburg (CoJ) announced that it had detected a network breach resulting in unauthorised access to its ICT infrastructure. Consequently, CoJ had to shut down its website, e-services and billing system as a precautionary measure. The perpetrators, Shadow Kill Hackers, demanded a ransom of 4.0 Bitcoin (over R400 000). CoJ responded by upgrading their ICT infrastructure and did not concede to the hackers’ demands.

Improving our cybersecurity culture is a crucial component in making the Western Cape safer overall. Many sophisticated criminal syndicates use the cyberspace to conduct criminal activities. It is, therefore, necessary to improve our awareness of cybersecurity and limit the opportunities for crime in society.

But how often do such attacks take place in our day-to-day lives and what threat do they really pose to you and me? Kaspersky Lab explained that malware attacks in South Africa have increased by 22% in the first quarter of 2019, compared to the previous year. This equates to 13 842 attempted cyber-attacks a day.

Cybercrime is no doubt growing and appropriate measures are needed to address the threat it poses to citizens, business people and government. According to Deloitte’s The Future of Cybercrime Survey 2019, the biggest impact of cyber incidents or breaches on organisations include 21% of loss of revenue; 21% loss of customer trust; 17% change in leadership; 16% reputational loss; 14% regulatory fines and 12% drop in share price.

Currently, a proposed Cybercrimes and Cybersecurity Bill (B 6 – 2017) is being presented before the National Council of Provinces, before it can be assented by the president into law. It was “revived” by the new administration on Thursday 17 October. The aim of the bill is, among others, to create offences and impose penalties which have a bearing on cybercrime; regulate jurisdiction in respect of cybercrimes; regulate the powers to investigate cybercrimes and provide for the establishment of structures to promote cybersecurity and capacity building.

While the introduction of this bill has been lauded, it is concerning that the rate at which government is instilling cybersecurity is considerably slower than that of the rapidly evolving field of cybercrime.

To ward off cyberattacks, we need to adopt a better cybersecurity culture. Security Trails provides four keys tips in building that culture. Firstly, organisations must “start with the basics”. This includes having strong password policies within organisations, limiting access to data, systems and software to those who require them for work purposes, keeping a database of safe downloads, and terminating ex-employees access to sensitive information.

Secondly, organisations must develop engaging and ongoing cyber security training for their employees. This should be followed up by, thirdly, using metrics to monitor post-training behaviours. Finally, organisations should make it as easy as possible for staff to report threats.

To ensure that businesses both large and small continue to grow, and that government can continue to deliver its services; we need to improve our culture of cybersecurity. This means that we must broaden of our concept of safety to include the digital space.

Cayla Murray, email

In the face of the fourth industrial revolution (4IR), we are simultaneously exposed to a new world filled with opportunities and risks. This disruptive, complex and exciting world is one where cryptocurrency, artificial intelligence, ransomware, phishing and the internet-of-things thrive. In the wake of these new technologies, the provincial minister of community safety, Albert Fritz, is calling on all institutions, including government and small business, to increase their vigilance regarding cybersecurity. On Thursday 24 October, the City of Johannesburg (CoJ) announced that it had detected a network breach resulting in unauthorised access to its ICT infrastructure. Consequently, CoJ had to shut down its website, e-services and billing system as a precautionary measure. The perpetrators, Shadow Kill Hackers, demanded a ransom of 4.0 Bitcoin (over R400 000). CoJ responded by upgrading their ICT infrastructure and did not concede to the hackers’ demands.

Improving our cybersecurity culture is a crucial component in making the Western Cape safer overall. Many sophisticated criminal syndicates use the cyberspace to conduct criminal activities. It is, therefore, necessary to improve our awareness of cybersecurity and limit the opportunities for crime in society. But how often do such attacks take place in our day-to-day lives and what threat do they really pose to you and me? Kaspersky Lab explained that malware attacks in South Africa have increased by 22% in the first quarter of 2019, compared to the previous year. This equates to 13 842 attempted cyber-attacks a day. Cybercrime is no doubt growing and appropriate measures are needed to address the threat it poses to citizens, business people and government. According to Deloitte’s The Future of Cybercrime Survey 2019, the biggest impact of cyber incidents or breaches on organisations include 21% of loss of revenue; 21% loss of customer trust; 17% change in leadership; 16% reputational loss; 14% regulatory fines and 12% drop in share price. Currently, a proposed Cybercrimes and Cybersecurity Bill (B 6 – 2017) is being presented before the National Council of Provinces, before it can be assented by the president into law. It was “revived” by the new administration on Thursday 17 October. The aim of the bill is, among others, to create offences and impose penalties which have a bearing on cybercrime; regulate jurisdiction in respect of cybercrimes; regulate the powers to investigate cybercrimes and provide for the establishment of structures to promote cybersecurity and capacity building. While the introduction of this bill has been lauded, it is concerning that the rate at which government is instilling cybersecurity is considerably slower than that of the rapidly evolving field of cybercrime.

To ward off cyberattacks, we need to adopt a better cybersecurity culture. Security Trails provides four keys tips in building that culture. Firstly, organisations must “start with the basics”. This includes having strong password policies within organisations, limiting access to data, systems and software to those who require them for work purposes, keeping a database of safe downloads, and terminating ex-employees access to sensitive information.

Secondly, organisations must develop engaging and ongoing cyber security training for their employees. This should be followed up by, thirdly, using metrics to monitor post-training behaviours. Finally, organisations should make it as easy as possible for staff to report threats. To ensure that businesses both large and small continue to grow, and that government can continue to deliver its services; we need to improve our culture of cybersecurity. This means that we must broaden of our concept of safety to include the digital space.

Cayla Murray, Email
NEXT ON NEWS24X

Inside News24

 

Matric Results are coming soon!

Notify me when results become available

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

/News
Traffic Alerts
Traffic
There are new stories on the homepage. Click here to see them.
 
English
Afrikaans
isiZulu

Hello 

Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.


Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.