In 2002, the then director-general of the National Intelligence Agency stunned security experts when he revealed that most companies in South Africa were victims of one of the cybercrimes – industrial espionage.
Industrial espionage is commercial spying and the unlawful acquisition of business information and critical technologies for competitive advantage.
Since 2005, I have been immersed in the study of cybercrime and have found that industrial espionage is still rampant in South Africa.
This should be attributed to four factors. First, corporate South Africa is very naive when it comes to cybercrime. Except for the banks, South African companies have done very little to mitigate industrial espionage, which is mostly conducted through hacking. When they are alerted that they are being spied on, companies never take the warning seriously.
Second, corporate South Africa lacks information security experts and thus they outsource this service to foreign companies. In some instances, these foreign companies that masquerade as private security firms are actually intelligence operatives that siphon the intellectual property of corporate South Africa to competitors in their home countries. This includes sensitive commercial data, trade secrets, and new technology invented by the local firms valued at billions of rands.
As an analyst, I have been very critical of some of the government’s actions that discourage foreign investment. However, I am sympathetic to the ANC’s suspicion of foreign security companies. Actually, most countries will be very hesitant to have many foreign security companies operating within their borders.
Third, although the ministry of state security is aware that corporate South Africa is a victim of industrial espionage, all the government security agencies lack technical expertise to combat cybercrime.
The irony is that South Africa has one of the most highly acclaimed commercial laws in the world, the Electronic Communications and Transactions Act, of 2002. One of the provisions of this legislation is that the government should appoint cyber cops. More than 10 years after the promulgation of this law, the police and intelligence services do not have manpower and capacity to tackle cybercrime, and industrial espionage in particular. Actually, most police and intelligence officers do not have basic skills or access to the internet.
Fourth, there has been disregard of the information security-related laws and the King 3 report on corporate governance.
It appears that local companies are not aware that failure to comply with the law exposes their websites to huge risk.
Of the 1 550 websites assessed by Buys Incorporated Attorneys in 2004, the Telkom website was the only one to score a full 100 percent compliance rate.
The above stated four factors have led to the unabated growth of industrial espionage. There should be public-private partnerships to deal with this scourge.
The government should appoint some of the best graduates into the security services and pay them better.
Corporate South Africa and universities should work together to grow our own timber in terms of security experts instead of relying on foreign specialists.
If South Africa wants to thrive in the highly competitive and globalised commercial world, we should consider such actions to protect our intellectual property.
Rabelani Dagada is a development economist based at Wits Business School. You can follow him on Twitter: @Rabelani_Dagada.