The cybercrime pandemic
SOUTH AFRICA suffers at the hands of cybercriminals. We are the thirdmost victimised nation in the world, and experts have warned that the country’s vulnerability and lack of awareness is of concern. For businesses, cybercrime poses multiple risks, including reputation damage, loss of income, a drop in share price and regulatory issues. But those organisations ready to understand and embrace the risks and opportunities of the cyber world, will be the ones to gain a competitive advantage in today’s technology- driven environment. And given stagnant efforts by Government to combat the growing threat, there are opportunities for entrepreneurs with the appropriate skills set to step up and cash in on the potential market.
Graham Dawes, director of Forensics, Deloitte Risk Advisory, says there is very little being done to actually quantify and understand the extent of what is happening in the SA market. “We had a client event four months ago, with around 80 of our biggest clients, and we asked them if they had been a victim of cybercrime in the past 12 months. Approximately 75% of them answered yes and that really shocked us.”
The Government has adopted a policy framework (the National Security Cyber Framework) which has been approved by cabinet, “But that is as far as they’ve got,” says Dawes. “Since it was approved, nothing has happened.”
In the 2013 Symantec Internet Security
Threat Report it is revealed that in 2012, there was a 42% increase in targeted attacks, 31% of which were aimed at businesses with fewer than 250 employees. Cybercriminals attack small businesses simply because the investment in security won’t be on par with that of larger organisations. And if small businesses are hit with a data breach, they may not easily recover.
Peter Fr yer, associate director, PricewaterhouseCoopers Risk Diversion Forensic Solutions, says: “Having the policies and procedures in place to detect cybercrime i s half the challenge, most organisations are not aware that a compromise has occurred. If you can detect the crime, and you have the appropriate response mechanisms in place, you will certainly enjoy a competitive advantage over your competitors.”
For entrepreneurs and start-ups, although Internet security may not appear to be the most glamorous project in the start-up world, there is a gap in the market for nimble firms who can respond quickly to new and increasingly exotic cyber threats.
Dawes comments: “The threat landscape is increasing in velocity and is going to lead to a massive demand in services in cyber security and cyber Internet response. We see it as a massive potential market for us as we don’t think law enforcement will be able to deal with it. It’s a major growth industry for us and it must be the same for potential players.”
According to Beza Belayneh, CEO of the South African Centre for Information Security, there is a significant gap in the market for home-grown, rapid and agile responding capabilities to cyber threats. “There is a considerable shortage of defensive and offensive skills in SA. The capability ranges from mission focus (theoretical) skills such as strategy management, auditing, counter-intelligence, policy and compliance roles to technology-focused skills such as security tool builders, malware hunters and analysts, IPS and firewall admins, penetration testers, forensic analysts and architects.”
He says there are no more than half a dozen companies in the technical focus area in SA. “There are enormous opportunities for start-ups in these areas. It is a successful global phenomenon today – huge amounts of venture capital fund are pouring into cyber security start-ups. Cyber is the next digital frontier that must be secured for business and national security purposes.”
Fryer comments: “There is a niche and what we are hoping to see emerge in the next few years are some truly cyber forensic and cyber security type qualification offerings from the universities. Very few of the academic institutions offer these qualifications and those that do exist are at postgraduate level. We need to bring it down to an undergraduate environment so school-leavers can enter the cyber path from the get-go.”