Lack of SA skills leads to cyber attack risk - firm

2013-09-27 10:46
(Duncan Alfreds, News24)

(Duncan Alfreds, News24)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

Cape Town - A lack of skills in the computer security sector doesn't bode well for South African companies to protect themselves from cyber attacks, a security company has asserted.

"There's definitely a shortage around penetrating skill. I can think of a handful of companies that actually do it," Philip Pieterse head of the ethical hacking division in South Africa for Spiderlabs told News24.

Spiderlabs is a division of Trustwave and the company conducts penetration testing of computer systems to let managers know where vulnerabilities exist so they can be remedied.

Hackers have shifted their focus to corporates and it has become common for them to deploy malware specifically designed to penetrate a company's network.

Acceptable risk

Pieterse said that best practice would include active monitoring of the networks infrastructure in addition to security software.

"It's a combination of a whole bunch of things: There are security controls that need to be in play; security processes. There's no product you can buy that will make you 100% secure."

Security, though, has to be balanced with functionality and companies have to determine what level of risk is acceptable for the organisation.

"If you think about it from a business perspective, they probably wouldn't want to be 100% secure. If you look at elsewhere in their operating model, they'll have an acceptable level of risk," said John Yeo EMEA director at Trustwave.


First National Bank said that risk was actively managed to ensure that customers have functionality through a variety of electronic channels.

"That's the balance we always try and strike: You must have security as a bank, but the inconvenience can't be too high. We monitor that actively and the main thing to say to customers is guard your PIN numbers and password as if that is cash," FNB CEO Michael Jordaan told News24.

New threats

Yeo expressed concern that a number of South African companies were not taking the risk of being hacked seriously.

"So the big issue is: Do organisations understand what an acceptable level of technology risk is to them? And are they reaching that standard?

"Based on what we see in South Africa, there's probably a big question mark over that," said Yeo.

Pieterse said that the security industry is constantly evolving new threats that target company data.

"It's all an evolving process: You might be secure today, and tomorrow you might not be. It's continuously evolving. The market still needs to mature a bit more, from an IT security technology perspective."

According to data from industry tracker Gartner, traditional defence tools are failing to protect companies from targeted attacks despite spending expected to reach $13bn in 2013.

"Today's threats require an updated layered defence model that utilises 'lean forward' technologies at three levels: Network, payload (executables, files and web objects) and endpoint," said Lawrence Orans, research director at Gartner.

Pieterse said that users often make poor choices that leave the door open to hackers to infiltrate a system.

"South African users are like any users across the globe: They often make bad choices. They'll choose the shortest password; they'll click on the wrong links, so security awareness plays a big part in terms of where you need to go to make the end user more secure."

- Follow Duncan on Twitter
Read more on:    trustwave  |  fnb  |  gartner  |  cybercrime
NEXT ON NEWS24X publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
Comments have been closed for this article.

Inside News24

Traffic Alerts
There are new stories on the homepage. Click here to see them.


Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire network.