The cy­ber­crime pan­demic

Finweek English Edition - - FEEDBACK - Blair Burmeis­ter blairb@fin­

SOUTH AFRICA suf­fers at the hands of cy­ber­crim­i­nals. We are the third­most vic­timised na­tion in the world, and ex­perts have warned that the coun­try’s vul­ner­a­bil­ity and lack of aware­ness is of con­cern. For busi­nesses, cy­ber­crime poses mul­ti­ple risks, in­clud­ing rep­u­ta­tion dam­age, loss of in­come, a drop in share price and reg­u­la­tory is­sues. But those or­gan­i­sa­tions ready to un­der­stand and em­brace the risks and op­por­tu­ni­ties of the cy­ber world, will be the ones to gain a com­pet­i­tive ad­van­tage in to­day’s tech­nol­ogy- driven en­vi­ron­ment. And given stag­nant ef­forts by Gov­ern­ment to com­bat the grow­ing threat, there are op­por­tu­ni­ties for en­trepreneurs with the ap­pro­pri­ate skills set to step up and cash in on the po­ten­tial mar­ket.

Gra­ham Dawes, di­rec­tor of Foren­sics, Deloitte Risk Ad­vi­sory, says there is very lit­tle be­ing done to ac­tu­ally quan­tify and un­der­stand the ex­tent of what is hap­pen­ing in the SA mar­ket. “We had a client event four months ago, with around 80 of our big­gest clients, and we asked them if they had been a vic­tim of cy­ber­crime in the past 12 months. Ap­prox­i­mately 75% of them an­swered yes and that re­ally shocked us.”

The Gov­ern­ment has adopted a pol­icy frame­work (the Na­tional Se­cu­rity Cy­ber Frame­work) which has been ap­proved by cab­i­net, “But that is as far as they’ve got,” says Dawes. “Since it was ap­proved, noth­ing has hap­pened.”

In the 2013 Sy­man­tec In­ter­net Se­cu­rity

Threat Re­port it is re­vealed that in 2012, there was a 42% in­crease in tar­geted at­tacks, 31% of which were aimed at busi­nesses with fewer than 250 em­ploy­ees. Cy­ber­crim­i­nals at­tack small busi­nesses sim­ply be­cause the in­vest­ment in se­cu­rity won’t be on par with that of larger or­gan­i­sa­tions. And if small busi­nesses are hit with a data breach, they may not eas­ily re­cover.

Peter Fr yer, as­so­ci­ate di­rec­tor, Price­wa­ter­house­Coop­ers Risk Di­ver­sion Foren­sic So­lu­tions, says: “Hav­ing the poli­cies and pro­ce­dures in place to de­tect cy­ber­crime i s half the chal­lenge, most or­gan­i­sa­tions are not aware that a com­pro­mise has oc­curred. If you can de­tect the crime, and you have the ap­pro­pri­ate re­sponse mech­a­nisms in place, you will cer­tainly en­joy a com­pet­i­tive ad­van­tage over your com­peti­tors.”

For en­trepreneurs and start-ups, al­though In­ter­net se­cu­rity may not ap­pear to be the most glam­orous project in the start-up world, there is a gap in the mar­ket for nim­ble firms who can re­spond quickly to new and in­creas­ingly ex­otic cy­ber threats.

Dawes com­ments: “The threat land­scape is in­creas­ing in ve­loc­ity and is go­ing to lead to a mas­sive de­mand in ser­vices in cy­ber se­cu­rity and cy­ber In­ter­net re­sponse. We see it as a mas­sive po­ten­tial mar­ket for us as we don’t think law en­force­ment will be able to deal with it. It’s a ma­jor growth in­dus­try for us and it must be the same for po­ten­tial play­ers.”

Ac­cord­ing to Beza Be­layneh, CEO of the South African Cen­tre for In­for­ma­tion Se­cu­rity, there is a sig­nif­i­cant gap in the mar­ket for home-grown, rapid and ag­ile re­spond­ing ca­pa­bil­i­ties to cy­ber threats. “There is a con­sid­er­able short­age of de­fen­sive and of­fen­sive skills in SA. The ca­pa­bil­ity ranges from mis­sion fo­cus (the­o­ret­i­cal) skills such as strat­egy man­age­ment, au­dit­ing, counter-in­tel­li­gence, pol­icy and com­pli­ance roles to tech­nol­ogy-fo­cused skills such as se­cu­rity tool builders, mal­ware hunters and an­a­lysts, IPS and fire­wall ad­mins, pen­e­tra­tion testers, foren­sic an­a­lysts and ar­chi­tects.”

He says there are no more than half a dozen com­pa­nies in the tech­ni­cal fo­cus area in SA. “There are enor­mous op­por­tu­ni­ties for start-ups in th­ese ar­eas. It is a suc­cess­ful global phe­nom­e­non to­day – huge amounts of ven­ture cap­i­tal fund are pour­ing into cy­ber se­cu­rity start-ups. Cy­ber is the next dig­i­tal fron­tier that must be se­cured for busi­ness and na­tional se­cu­rity pur­poses.”

Fryer com­ments: “There is a niche and what we are hop­ing to see emerge in the next few years are some truly cy­ber foren­sic and cy­ber se­cu­rity type qual­i­fi­ca­tion of­fer­ings from the uni­ver­si­ties. Very few of the aca­demic in­sti­tu­tions of­fer th­ese qual­i­fi­ca­tions and those that do ex­ist are at post­grad­u­ate level. We need to bring it down to an un­der­grad­u­ate en­vi­ron­ment so school-leavers can en­ter the cy­ber path from the get-go.”

Newspapers in English

Newspapers from South Africa

© PressReader. All rights reserved.