Durban - Cyber criminals were threatening the national and financial security, according to a top IT expert who has warned that companies and government departments risk losing billions of rand to hackers.
Beza Belayneh, the chief executive of the South African Centre for Information Security, said this week that the veil of secrecy on hacking needed to be lifted.
“Cyber crime is not just criminal, it is a national crisis,” Belayneh said.
“People might say that this is alarmist or I am being a scaremonger, but unless there is a co-ordinated response to cyber attacks, companies and government departments will continue to lose billions of rand. Eighty percent of cyber crime is committed by organised crime and everybody is vulnerable to attack because the hackers are after two things: money and information,” he said. “Whether you are a private individual or a corporate you are vulnerable.”
Craig Rosewarne, the director of cyber security firm Wolfpack Information Risk, agreed, saying South Africa was not doing enough to combat cyber crime.
He said that his company prepared a research report, funded by the British government, which showed that the three hardest hit sectors in South Africa – government, banking and telecommunications – had lost an estimated R2.6-billion between January 2011 and August last year.
“That is actual losses. It does not include the cost to clean up or investigate. Also, that figure of R2.6bn is a very conservative estimate,” he said.
“When it comes to the man in the street we were given figures that estimated there were around 10 000 cases reported to the banks where people lost money as a result of cyber crime and that figure alone was R94m.”
Rosewarne said that South Africa needed to improve its legal and policing departments to deal effectively with cyber crime. “There are not enough resources in any of the three hardest hit sectors to deal with cyber crimes. We have been raising the alarm for the past five years now with (the) government and various entities.
“The banks are the most advanced at this stage as they have been hit the hardest, but we need to improve our legal system so that our prosecutors are competent at dealing with cyber crimes and we need to train our police as well.”
In addition to corporate companies, private individuals have lost millions in so-called phishing attacks where e-mails purporting to be from legitimate businesses are sent to people with the intention of duping them into giving the scammers sensitive information such as their online banking log-in details and credit card information.
Recently, hackers breached the SAPS website and published the details of whistle-blowers, victims of crime such as rape, murder and robbery, and the names of alleged criminals.
Last week, a hacking group calling itself Anonymous Africa launched an attack on Independent Newspapers’ internet and e-mail servers, temporarily shutting down its IOL website.
The group, who say they are “hacktivists”, targeted the newspaper group, which publishes the Daily News, over an opinion piece in sister title the Sunday Independent that it said was complimentary of Zimbabwean President Robert Mugabe.
Belayneh said it was difficult to say how many cyber attacks occurred in South Africa every day because there were no laws that compelled companies to report cyber crimes.
“The biggest challenge facing the country is that nobody is reporting these attacks and there is no co-ordinated and no clear programme of tackling cyber crime,” he said. “From estimates we know that the problem is huge, but we cannot say definitively.”
The Department of Justice and Constitutional Development has tabled the Protection of Personal Information Bill which, when it comes into law, will require all companies to report cyber attacks to the police.
Last year, the cabinet approved the National Cyber Security Policy Framework for South Africa, which aims, among other things, to address national cyber security threats, combat cyber warfare and develop legislation to combat cyber crime.
Brian Dube, a spokesperson for the Department of State Security, said an updated cyber crime policy framework would be made available in August.
He said the government was concerned by the cyber attacks and the various government departments were working at ways to prevent their sensitive information landing in the wrong hands.
“We have to take specific measures to protect our critical information and infrastructure,” he said. “Our role as (the) government is to ensure a co-ordinated effort and ensure that we can prevent cyber attacks from happening.” - Daily News