SA companies 'slow' on IT security

2013-05-09 11:30
South African companies are not on the same par as their European counterparts when it comes to the security of their computer systems. (Duncan Alfreds, News24)

South African companies are not on the same par as their European counterparts when it comes to the security of their computer systems. (Duncan Alfreds, News24)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

Cape Town - South African companies are not on the same par as their European counterparts when it comes to the security of their computer systems, an expert has revealed.

"It's actually scary how quickly I can get the main administrator rights. For example, if you've got a five day engagement - 40 hours - if you have the main admin by Monday at 12:00, that's quite scary, I think," Philip Pieterse head of the ethical hacking division in South Africa for Spiderlabs, told News24.

Spiderlabs is a division of Trustwave and the company conducts penetration testing of computer systems to let managers know where vulnerabilities exist so they can be remedied.

"Penetration testing is where we use the same techniques; the same tools that the bad guys do, obviously in a controlled form," said Pieterse, who recently returned from similar work experience in the UK.


He said that companies who feel they have secure systems generally contact penetration testers to conduct system tests which could demonstrate to integrity of internal systems that may contain intellectual property.

"Organisations, when they feel they have reached a maturity level where they feel they can actually have a penetration test, they would come to us."

According to the Payment Card Industry Security Standards Council which is made up of credit card providers, companies that process cardholder data should be subject to annual penetration testing of its systems.

"An assessment company would come in and go through all those requirements and check that this stuff is in place. If everything is in place they issue a report on compliance. It is then your responsibility as a merchant to maintain that compliance," said Bob Russo, general manager of the PCI Security Standards Council of how the system of penetration should work.

Pieterse said that South African companies were actively engaged in increasing their security compliance, but they still had a long way to go.

"I'm born and bred South African, so I don't want to dis [insult] South Africa, but I was working in the UK for a year before I moved back here, doing the same thing I did there. South African companies, even though they try very hard, they still need to go through some steps to the same level as, for example, companies I've seen in the UK or Europe."

He was careful to add that in the UK and Europe the growth curve on security has generally been earlier than in SA, giving them around a five year lead in terms of how security conscious they are.

Threat report

"With the South African companies, there're lots of companies still in the first year with us," said Pieterse.

Security awareness is key for companies and users should be trained to avoid links send through spam e-mails and suspect website links.

Symantec's Internet Security Threat Report found that 61% of malicious website were, in fact, legitimate websites that had been defaced or compromised by hackers.

These were mainly focused on e-commerce sites that could potentially steal financial information.

"The best practice - and that's one the things we saw in our Global Security Report - is security awareness and even security awareness training. I don't think it is as expensive as, for example, buying a technology, so I think that's a quick win," Pieterse said.

He added that it was up to users to be careful about the links they followed in surfing the web.

"You can have the longest password and a fully patched work station but if you click on a link on the wrong page, you can be instantly compromised."

- Follow Duncan on Twitter
Read more on:    internet  |  technology  |  cybercrime
NEXT ON NEWS24X publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
Comments have been closed for this article.

Inside News24

Traffic Alerts
There are new stories on the homepage. Click here to see them.


Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire network.