We need to improve our Cybersecurity Culture
LETTER BY CAYLA MURRAY
SPOKESPERSON FOR THE MINISTER OF COMMUNITY SAFETY, ALBERT FRITZ
In the face of 4IR, we are simultaneously exposed to a new world filled with opportunities and risks. This disruptive, complex and exciting world is one where cryptocurrency, artificial intelligence, ransomware, phishing and the internet-of-things thrive. In the wake of these new technologies, the Minister of Community Safety, Albert Fritz, is calling on all institutions, including government and small business, to increase their vigilance regarding cybersecurity.
On 24 October 2019, the City of Johannesburg (CoJ) announced that it had detected a network breach resulting in unauthorised access to its ICT infrastructure. Consequently, CoJ had to shut down its website, e-services and billing system as a precautionary measure. The perpetrators, Shadow Kill Hackers, demanded a ransom of 4.0 Bitcoin (over R400 000). CoJ responded by upgrading their ICT infrastructure and did not concede to the hackers' demands.
Improving our cybersecurity culture is a crucial component in making the Western Cape safer overall. Many sophisticated criminal syndicates use the cyberspace to conduct criminal activities. It is, therefore, necessary to improve our awareness of cybersecurity and limit the opportunities for crime in society.
But how often do such attacks take place in our day-to-day lives and what threat do they really pose to you and me? Kaspersky Lab explained that malware attacks in South Africa have increased by 22% in the first quarter of 2019, compared to the previous year. This equates to 13 842 attempted cyber-attacks a day. What’s more, in South Africa there is little public awareness of cybercrime.
Cybercrime is no doubt growing and appropriate measures are needed to address the threat it poses to citizens, business people and government. According to Deloitte’s ‘The Future of Cybercrime Survey 2019’, the biggest impact of cyber incidents or breaches on organisations include:
- 21% of loss of revenue;
- 21% loss of customer trust;
- 17% change in leadership;
- 16% reputational loss;
- 14% regulatory fines; and
- 12% drop in share price.
Currently, a proposed Cybercrimes and Cybersecurity Bill [B 6—2017] is being presented before the National Council of Provinces, before it can be assented by the President into law. It was ‘revived’ by the new administration on 17 October. The aim of the Bill is, amongst others, to:
- Create offences and impose penalties which have a bearing on cybercrime;
- Regulate jurisdiction in respect of cybercrimes;
- Regulate the powers to investigate cybercrimes; and
- Provide for the establishment of structures to promote cybersecurity and capacity building.
While the introduction of this Bill has been lauded, it is concerning that the rate at which government is instilling cybersecurity is considerably slower than that of the rapidly evolving field of cybercrime.
To ward off cyberattacks, we need to adopt a better cybersecurity culture. Security Trails provides four keys tips in building that culture. Firstly, organisations must ‘start with the basics’. This includes having strong password policies within organisations, limiting access to data, systems and software to those who require them for work purposes, keeping a database of safe downloads, and terminating ex-employees access to sensitive information.
Secondly, organisations must develop engaging and ongoing cyber security training for their employees. This should be followed up by, thirdly, using metrics to monitor post-training behaviours. Finally, organisations should make it as easy as possible for staff to report threats.
To ensure that businesses both large and small continue to grow, and that government can continue to deliver its services; we need to improve our culture of cybersecurity. This means that we must broaden of our concept of safety to include the digital space. In turn, this will allow us all to better engage with and reap the benefits of the exciting world of 4IR.