Companies often force employees to be cyber security aware, while top management does not have a clue what is going on, prof. Basie von Solms, director of the Centre for Cyber Security at the University of Johannesburg, cautioned at a recent information session hosted by global cyber security company Kaspersky Lab in Cape Town.
"Companies must understand that cyber security starts with top management and must go down to the lowest person in the organisation having access to the IT system," said Von Solms.
Start at the top
The same goes for the SA government, in his view. The responsibility for cyber security must start at the top with ministries and Cabinet members and stretch all the way down to every school child using the internet.
"If you want to drive a car you must have a driver's licence, showing that you understand the rules of the road and the risks involved. How often does a country or company allow someone just to drive on the super highways of the internet and not know of the risks?" asked Von Solms.
"Cyber security awareness is not only the responsibility of the IT department or top management. It is each internet user's own responsibility. The responsibility for cyber security lies with whoever allows access to an IT system. Cyber security awareness is a corporate governance responsibility."
He pointed out that research shows that SA is the country in the world experiencing the second most mobile fraud on Android phones.
Rules of the road
"People log onto banking systems without knowing the 'rules of the road'. Banks who provide these services to customers must help them to enforce the rules of cyber security," said Von Solms.
"The same goes for securing government transactions and even the free public WiFi municipalities sometimes provide."
In his view, more cooperation is needed between the SA government and the private sector to create more awareness among the public about cyber threats and cyber security.
"We must start at the bottom. Three-year old kids are already starting to 'drive' on the internet highway. They have no clue what is going on. Universities must also do more to create awareness. Everyone should take responsibility," said Von Solms.
Parents must know
"With the 4th Industrial Revolution and the increased use of artificial intelligence the cyber security challenge is just going to grow. We need more specific awareness programmes, because the government and the private sector provide IT services, but do not prepare customers for the risks."
He said parents should also take responsibility for ensuring their children are aware of cyber risks.
"It is irresponsible of parents just to say they do not understand IT and can, therefore, not do anything about the use thereof by their children. Yet, a parent will not drop a child off in the middle of the night in the middle of a city, so why are they allowing that to happen in cyber space?" asked Von Solms.
"We teach children not to speak to strangers physically, but we do nothing to teach them about the risks of talking to internet strangers. We will never solve the problem of cyber security, but if we increase our cyber awareness, cyber crime will be less."
He wold like to see the SA government help to create what he calls a cyber security culture.
"You lock your car door in SA when you leave your car. That is the culture we must also develop right from government level down to induce a culture of cyber security in the country," said Von Solms.
"Remember, cyber criminals are always one step ahead. Teach children and employees to be defensive when it comes to cyber security."
He foresees that regulation is likely to come in future, requiring retailers to inform consumers about potential cyber risks related to their products - for example baby monitors.