Johannesburg - Many South Africans are falling prey to cybercrime because there is a lack of a national awareness programme, according to Craig Rosewarne, the founder and chairman of the Information Security Group of Africa.
Studies reveal that vulnerability and threat management processes are weak across all industries, including the public sector. The country faces a shortage of technical skills in cyber forensics, secure development and log management. The SAPS and prosecutors are also inadequately equipped to deal with cybercrime.
“The shortage of skills is of` such a degree that many industries are developing their own capability,” Rosewarne said during his presentation at the SecureJohannesburg Conference organised by (ISC)² and hosted by KPMG yesterday.
South Africa had fallen behind a dozen African countries, including Ethiopia, which boasted 24-hour national computer security incident response teams. The country had promised to launch a response team by June next year, he said.
Phishing, the fraudulent practice of soliciting personal information such as passwords via e-mail, and fraud on mobile platforms are major concerns.
Retail, manufacturing, information and food services were the four most vulnerable industries. Small franchises and mom-and-pop shops were heavily targeted, Rosewarne said.
The financial services industry faced threats from organised crime syndicates in eastern Europe and North America. ATMs and point of sale devices were soft targets.
Last year, the Postbank lost R42 million after its computer system was hacked. The Hawks became aware of the incident following media reports and managed to make swift arrests, Rosewarne reported.
The cost of cybercrime to the economy is R2.6 billion, according to the SA Cybercrime Barometer 2012/13, which Rosewarne’s company, Wolfpack Risk Assessment, compiled with funding from the British government. The latter has also paid for the set-up of an awareness website, Alert Africa, and has commissioned Rosewarne to compile a similar report for Nigeria. He will present this in March next year.
A national cyber security policyframework was approved by the South African government in March last year but Rosewarne, who offers pro bono services for the government, said the situation had not yet become a national crisis to warrant greater attention.
Paul Orffer, a senior manager in risk advisory at Deloitte, said this week that despite popular belief South Africa’s infrastructure for cyber security protection was on a par with First World countries. But the booming mobile landscape and lack of security awareness from a large percentage of end users made “citizens easy pickings”.
Yesterday the Pro Afrikaans Action Group (Praag) said it intended to lodge criminal charges after its website was attacked on Tuesday. Founder Dan Roodt said the site and servers were under “a distributed denial of service attack”.
He claimed the attack was intended to bankrupt Praag and its service provider through the consumption of bandwidth and damage to network infrastructure. - Business Report