Zambia hints at fifth telco operator

A fifth telco
for Zambia?

Enough room says
industry regulator.

Sunday, Feb 23rd

Cyber-security is a business issue, not an IT issue

For example, one of the world's first encrypted wireless network was created by a Mexican drug cartel. Submarines that cannot be detected by radar have been developed by, and are being manufactured on behalf of, international smuggling syndicates. And then, of course, there are the software developers that create the software that allows hackers to access any system, from a power plant, oil refinery or similarly vital site to a bank. The Bangladeshi central bank recently lost more than $80million.

"The real issue here is that cyber-criminals have become leading innovators in their own right, and they have the resources, both financial and human, to do whatever it takes to penetrate the most carefully constructed defences," said Kovelin Naidoo, CIO at Internet Solutions, speaking at a recent cyber-security event hosted by ContinuitySA. "We have to be aware that there is a vast hidden network of organisations and individuals who are focused on accessing the data and system for their own purposes."

These shadowy players make use of the "Deep" and "Dark" Webs, which host an alternate economy where pretty much anything can be ordered and paid for in untraceable Bitcoins, including contract killings and replacement human organs. All of this covert activity falls into three broad categories: governments working against their enemies, activists motivated by a cause, or those simply motivated by profit.

The figures make for scary reading. The Verizon Data Breach Report 20126 noted 2 260 data breaches and 64 199 security incidents last year, overwhelmingly from external players, while the Dell Threat report 2016 shows that the number of unique malwares is growing exponentially year on year. Internet Solutions, Naidoo revealed, prevented 11 000 denial-of-service in the past year.

Jeremy Capell, Head of Advisory at ContinuitySA, said that the threat posed by cyber-criminals to businesses and governments has now become so severe and so sophisticated that nothing but a co-ordinated and integrated technical and business response across all domains would be effective.

"A technical response to cyber-crime is one important component, but it's only part of the solution," he says. "Companies need to understand what the risks of a breach are, but they also need to have a detailed, enterprise-wide response that will limit the damage. This damage is not restricted to direct financial loss, but also includes reputational damage, which can be devastating."

Capell says that organisations need to assess whether they are properly prepared. Do they have the right skills? Do they have a document set of processes and procedures in place? Do they have adequate threat intelligence? Very often sites are breached and corporate information is posted on Deep Web yet the organisation remains unaware of the breach. Is security conscious behaviour integrated into the corporate culture? And are all the risks known and properly communicated, and is the security and threat landscape constantly being monitored?

"Cyber-crime calls for a technical response, a business response and, increasingly, proper cyber insurance as well," Capell concludes.

ALSO ON ITWEB AFRICA

More governments leaning on ICT to sustain strategies Published on 13 February 2020

Driven by increasing need for accurate, real-time data analytics and cyber security, say experts.

Global blockchain alliance to support Africa's aviation parts industry Published on 18 February 2020

Stakeholders in Maintenance, Repair and Overhaul (MRO) chain to demonstrate how technology can be used to digitally manage parts.

ContinuitySA offers new ISO 27001 Lead Implementer training in Johannesburg Published on 20 February 2020

ContinuitySA has announced dates for a new PECB-Certified ISO/IEC 27001 Lead Implementer training for 2020.

Malawi draws up new cyber security guidelines to protect finance Published on 14 February 2020

Country's Reserve Bank introduces new regulations finalised in October 2019.