Cyber exposure: SA companies rated at 1.9
SOUTH African companies received an average exposure rating of 1.9 in the debut results of the world’s first independent cyber exposure index (CEI) published yesterday.
The CEI, which was launch-ed in Singapore at the beginning of this month by the Cyber Intelligence Research Group, aggregates data that is publicly available “through the dark, and deep web or as the result of third-party data breaches”.
This data is used to identify top listed companies’ vulnerability to hacker group activity, disclosed sensitive information and leaked credentials.
Companies are then scored on a level of zero to five, where zero indicates no exposure and five places a company among the 1 percent of companies with the most exposure.
The CEI – which is run by Singapore-based cyber-intelligence organisation Kinkayo –
Companies are scored on a level of zero to five, where zero indicates no exposure and five the most exposure.
has been developed as a means for corporates to gauge companies’ current cyber exposure, empower them with the opportunity to identify where their vulnerabilities lie and take decisive action against their risks.
The index will also serve broader corporate governance by listing which companies have the highest or lowest levels of exposure. Kinkayo said it made cyber risks visible.
“We help organisations understand their cyber risks by discovering their current cyber exposure. Kinkayo partners with Interpol in information sharing and training.”
Cyber SA, a South African company, has been appointed as the official South African distributing agent of Kinkayo’s assessment and monitoring services.
In conjunction with the CEI, Kinkayo collates findings of each company identified in the index and makes these assessments available through Cyber SA.
Each assessment pinpoints what information has been leaked, where specific vulnerabilities lie and provides actionable recommendations for remediation.
Kinkayo chief executive Mikko Niemela said: “For the first time in history, cyber exposure has been explicitly defined, and a comparable model has been developed.
“This model allows comparison of company’s worldwide – apples to apples – in an independent way.
“The individualised company assessments which are available as a result of Kinkayo’s investigations, afford organisations an unprecedented means to tighten their cybersecurity and will go a long way to protecting sensitive data in the future.”
Interim tabled results revealed that telecommunications companies had the highest levels of exposure in South Africa at 13.1 percent, compared with the global average of 2.4 percent.
Kinyako said not all cyber exposure came from companies being hacked.
The company said large companies could invest in significant IT security infrastructure – but when their clients, suppliers, channel partners and vendors got hacked their legitimately transferred data could find itself outside the organisation’s approved boundaries.
Niemela said: “More than 80 percent of the findings come from external parties, not the companies themselves.”
The index also made it clear that cyber exposure and security was everyone’s problem.