Cybersecurity: One incident can have a devastating impact relating to one’s personal privacy

Cybersecurity is possibly even more important than locks, vaults and walls in protecting the modern business, according to members of the Institute of Information Technology Practitioners South Africa Cybersecurity Special Interest Group.

Cybersecurity Awareness Month

Marking international Cybersecurity Awareness Month, which is held every October, the group’s members noted a company’s intellectual property, data and systems have significant value, which makes them a target for cyber criminals.

To combat the risk, cybercrime should be a top priority and more skills development and awareness campaigns are necessary.

Protect the ‘crown jewels’

Bryan Baxter, chief revenue officer at Wolfpack Information Risk, says: “Business mission-critical assets are known as their ‘crown jewels’. These are high-value assets that would cause the most business disruption if compromised.

“Information technology [IT] systems and data make up a significant portion of an organisation’s crown jewels. These could be trade secrets, intellectual property, company or customer data, as well as operational and financial systems.

“Anything of value attracts the attention of criminals and this is no different in cyberspace.

“Organised cybercrime is the largest threat and is a lucrative and growing business. Common threats are ransomware, data breaches, malware and phishing.

“Many organisations have the basics of cybersecurity in place, but lack formal frameworks to manage and reduce cyber risk.

“Some leave key areas neglected, which translates to leaving the cyber gates wide open, making for an attractive target,” Baxter says.

The costs of recovering from physical or cyber incidents can far higher than the cost of preventing such events, he says.

With losses due to data breach potentially running into millions, many of the costs are quantifiable, but long-term damage to reputation and customer or shareholder confidence are harder to assess.

“Real-world threats such as burglary, vandalism, fire and flooding are well understood. Money is spent on fences, alarms, security guards, fire detection and suppression to protect physical assets.

“The same due diligence needs to be applied to protect the high value virtual crown jewels.”

Prioritising cybersecurity

Professor Lynn Futcher of Nelson Mandela University, School of IT, Centre for Research in Information and Cybersecurity, says cybersecurity can no longer be considered an afterthought, to be addressed once other higher priorities have been met.

“Just one cybersecurity incident can have a devastating impact, whether it be financial, reputational or relating to one’s personal privacy.

“The increase in cybercrime is a growing concern for organisations, governments and society at large, exacerbated by the unprecedented cybersecurity skills gap that exists both globally and in South Africa.

“This cybersecurity skills gap can only be effectively addressed through the concerted effort of all role players, including individuals, academia, organisations and governments across the globe.”

Leading organisations can play a key role in bringing these role players together to address cybersecurity skills and related concerns, she says.

“These organisations include the International Federation for Information Processing, the Association for Computing Machinery, Information systems Audit and Control Association and the Information Technology Practitioners SA, to name a few.

“It is important for IT professionals to engage with these organisations and play our role in addressing the cybersecurity challenges within South Africa.”

From weakest link to human firewall

Professor Kerry-Lynn Thomson, also of Nelson Mandela University, School of IT, Centre for Research in Information and Cybersecurity, says while people are often referred to as the “weakest link” in the security chain, it could be argued they should rather be viewed as an integral part of the cybersecurity defence – a human firewall – through the cultivation of a cybersecurity culture.

In 2015, the South African National Cybersecurity Framework was proposed in which it says: “To effectively deal with cybersecurity, it is prudent that civil society, government and the private sector play their part in ensuring South Africa has a culture of cybersecurity. Critical to this is the development of a culture of cybersecurity, in which role players understand the risks of surfing in cyberspace.”

Thomson says: “To create this societal cybersecurity culture, it is vitally important that individual users of technology have an awareness of cybersecurity and the skills needed to behave securely and protect themselves, and others, when online.

“To lay the foundation for this, cybersecurity awareness programmes and campaigns should be promoted for all people going online, no matter their age.

“However, more than just providing the information, these cybersecurity awareness campaigns should be customised to be age-appropriate and targeted to the particular threats for the various age-groups. For example, cyberbullying for younger children versus identity theft and financial scams for adults.”

Bridging the skills gap through collaboration

Doctor Mafuwafuwane, practice manager, security solutions and strategy at Logicalis SA, believes: “There is no doubt that cybersecurity is everyone’s responsibility.”

It requires individual awareness and a growing army of professionals, he says, noting that Microsoft has predicted that by 2025, there will be 3.5 million cybersecurity jobs globally – a 350% increase over eight years.

ALSO READ: Citizen journalist targeted by cybercriminals 

– news@citizen.co.za