Cyber security is a worldwide issue. Reports on data breaches that affect millions of people around the world come in every day, but one continent in particular has been hit hard by cyber security attacks over the last year.
Research from the South African Banking Risk Information Centre (SABRIC) found that South Africa has the third highest number of cyber crime victims worldwide. According to the SABRIC research, South Africa loses around R2.2 billion a year to cyber attacks.
It’s not a topic that has not gone completely unnoticed – in the latest Allianz Risk Barometer report, cyber incidents topped South African businesses’ list for top 10 business threats. But it’s an issue that still needs to be fully addressed, as the Liberty Life and Viewfines hacks of 2018 show.
South Africa is host to a lot of major company headquarters, particularly those in banking and retail and particularly by comparison to the rest of Africa. Naturally, this makes the region more attractive to hackers. South Africa also isn’t lagging behind in terms of technology like it once did. That means that the cyber security challenge in South Africa is not dissimilar to other areas around the world and needs to be addressed in a similar way.
Current measures in place to address the cyber security challenge in South Africa
The good news is that measures are being put in place by the government to properly manage the increasing rates of cyber crime. In November 2018, The National Assembly adopted the Cybercrimes and Cybersecurity Bill, which once enacted, will see South Africans facing jail time of up to three years if convicted of offences which have a bearing on cyber crime. It also contains new rules for organisations in terms of what they can and can’t do with customer data.
There are some who dispute the efficiency of the bill – Jan Vermeulen, Editor at Large at MyBroadband.co.za, told CapeTalk FM that whilst it tries to do admirable things, it’s still too broad and “basically criminalises anybody that uses a computer or goes online.”
South Africa previously had a gap in data protection legislation compared to European countries, so the new Cybercrimes and Cybersecurity Bill seems like a step in the right direction. It might not be perfect just yet, but the very creation of the bill is a sure sign that the government is taking the issue seriously.
Cyber security training in South Africa
Like most countries around the world, South Africa is suffering from a cyber skills shortage. What’s unique to South Africa is the fact that students who might be interested in a career in cyber security are still mainly routed via a three-year diploma or degree in IT or Computer Science. Students are only exposed to security-specific subjects at an Honours or Masters degree level, which makes it more exclusive than it needs to be.
There are some short courses to be found online and from some Universities, including The Cyber Security Institute and Cape Peninsula University of Technology, but they will not be affordable for everybody and some of the courses still require previous knowledge in the field.
The National Cyber Policy Framework states that the Department of Science and Technology (DST) “shall be responsible for developing and facilitating the implementation of a national cybersecurity research and development agenda for South Africa”. In their article ‘Mind the Gap: Addressing South Africa’s cybersecurity skills shortage’, Prof Elmarie Biermann, Director of the Cyber Security Institute and Noëlle van der Waag-Cowling, cyber warfare strategy teacher at Stellenbosch University, say that so far, there has been ‘a distinct lack of momentum in this regard’ and that South Africa ‘can no longer afford not to invest in creating both cyber awareness and a cyber workforce, both within the public and the private sectors.’
How companies can address their own cyber security challenges in South Africa
South African companies that are concerned about their cyber security can take comfort in the fact that plenty of cyber security solutions are readily available in the region. Email security solutions are usually the first port of call for companies looking to eliminate the number of phishing emails and spam that their employees are at risk of clicking on.
There is also the small matter of educating employees. A lot of the fundamentals of cyber security come down to awareness and education. By implementing simple steps such as password managers (like Lastpass, for example) and requiring employees to change their password every quarter already makes them more aware of the issue. But it’s also worth telling them about the implications of a cyber attack and what that would do to the business. If you then have practical steps that they can take, they’re more likely to understand the need for a more stringent cyber security strategy in the business.
It’s also worth looking at your current employees and seeing whether you think any of them have what it takes to train up in cyber security. Those with a knack for technology often seem like an obvious choice, but research has shown cyber security specialists often have to be good communicators, logical and strategic in other ways, which means there might be a less obvious candidate amongst your team to train up in cyber security.