SA cyber threat barometer released

SECURITY

With over R2.6bn stolen in cybercrimes in SA in the past 18 months, a new report maps out the biggest cyber threats in the country.

The 2012/13 South African Cyber Threat Barometer was released by IT security firm Wolfpack Information Risk in Johannesburg today. Wolfpack Managing Director Craig Rosewarne said the report was the result of extensive research into the cyber threat landscape in South Africa.

“The report is intended to provide ongoing insight to support the Cabinet’s recently-approved National Cyber Security Policy Framework,” he said, and was researched and compiled with the support of the British High Commission.

Rosewarne said while the true cost of cyber crime was difficult to assess, conservative estimates showed that over R2.6 billion rand had been stolen in cyber crimes in the country in the past 18 months. With a recovery rate of up to 75%, much of the stolen money had been recovered, but the impact and additional costs of cyber crime were far greater than this, he noted. Relatively few cyber crimes are reported and successfully prosecuted in SA, Rosewarne said.

The report warned that the African continent as a whole is particularly vulnerable to cyber security threats. With cheaper and faster internet, more Africans will be ‘always on’ or continually connected, increasing the number of ‘new’ internet users who are not security-savvy, it said.

Rosewarne noted that cyber crime threatens everyone, and called on the public and private sector to work together to combat it. He said key issues identified in the research included poor threat management, with inadequate maintenance and management of audit logs; the lack of a national Computer Security Incident Response Team (CIRT) in SA and a lack of deep technical skills. He added that archaic processes and a lack of information security skills in law enforcement agencies made reporting and prosecution in cyber crimes difficult.

Collaboration between the public and private sector, specialised training and the establishment of a CIRT were among the recommendations made to combat the threats.

Top threats

Stakeholders in key sectors were polled on what they saw as the greatest potential threats to their industries. The threat of denial of service (DoS) attacks and the unavailability of ICT were cited as the highest potential cyber threats against government and financial sectors and were ranked high in the telecoms sector.

Intrusions and economic fraud were ranked as the second-greatest cyber threats in SA.

On the question of what are seen as the services most likely to be targeted by cyber criminals in SA, respondents said internet banking, e-commerce web sites and social and entertainment web sites were likely targets. Respondents in government felt that critical information infrastructure was also at risk.