Cyber crime has been on the rise over the past two years and is something that can potentially cripple an economy and a company.
I haven’t focused on this in a while but recently found a few interesting articles which shows how there has been an increased focus on this growing form of crime.
A recent report on iol.co.za pointed out that cyber crime statistics will be included in the national crime statistics from 2019 onwards.
The article pointed out that National police commissioner General Khehla Sithole said the cybercrime strategy was at an advanced stage. He said they had travelled to China and Thailand to learn more about it.
“It’s highly technological in nature. We are developing more cybercrime capacity in crime intelligence. We will have the stats next year,” Sithole told iol.co.za.
Sergey Novikov, deputy director of the global research and analysis team at Kapersky Lab, said collaboration and shared intelligence between police forces and cyber security companies was the only way to combat the rise of cybercrime.
Novikov was visiting the city this week to raise awareness on cybercrime trends. He said the country had become a cybercrime destination.
No border policy
“There are no borders online, so it’s hardly surprising that cyber threats are borderless too it’s a worldwide issue. These threats don’t target just governments and infrastructure, but other organisations and even individuals. Some victims are targeted directly, others are collateral damage,” he told iol.co.za.
Novikov said a united community against cyber threats that knew no borders was needed.
“All over the world cyber criminals develop their tactics and tailor fast. We can see similarities among the attacks everywhere”
He said there were multiple methods used in cyber attacks, some focused on ordinary internet users and others on organisations.
Anyone’s a victim
Novikov told iol.co.za that cybercrime attackers did not care who they victimised. “Their aim is to compromise as many victims as possible to maximise their profits. Targeted attackers are more selective. Typically, they know their victims, or at least choose them for very specific reasons – typically to steal sensitive business information relating to the victim or the industry in which they operate.
“Attacks often start by tricking victims into doing something that jeopardises security – their own or their employer’s. This could be clicking on an attachment, clicking on a link or disclosing sensitive data that provides attackers with access to systems. The dramatic growth in the number of attacks and the increasing professionalism and focus of attackers means that there is no such thing as easy protection. Thus, we now live in a world where the question isn’t whether you will be attacked, but when, and how quickly and completely you can recover,” he said.
According to Novikov almost 40% of South Africans store passwords insecurely, with 17% writing them in a notepad so that they don’t have to remember them, which also puts their security at risk. About 15% of users use just one password for all accounts – allowing them to live their online lives seamlessly.
A recent article on itweb.co.za pointed out that Efficient, powerful and cost-effective cyber defence and solutions should be implemented to protect South Africa’s critical information infrastructure.
So said defence and military veterans minister Nosiviwe Mapisa-Nqakula, addressing the Africa Aerospace and Defence (AAD) media briefing in Pretoria yesterday.
Addressing the recently held Africa Aerospace and Defence (AAD) media briefing, Mapisa-Nqakula said SA is paying attention to cyber crime at the highest level.
“We have taken a decision to collaborate with other countries to deal with the challenge. We need to play our part in combating this problem and it is critical that defence should remain mandate-driven in all its actions.”
Mapisa-Nqakula said at this year’s AAD show, being held in partnership with the University of Stellenbosch and other industry players, key cyber security issues will be discussed.
Small budgets are so yesterday
The itweb article pointed out that, in May, Mapisa-Nqakula bemoaned the inadequate budgetary allocation of R47.9 billion for defence in her budget vote speech.
The minister pointed out that she expects the defence force to be a key role-player in the cyber defence of SA and support other departments when required.
Facing critical danger
The article added that Mapisa-Nqakula’s call comes as South Africans face numerous cyber attacks. According to a recent IBM study, the average costs of a data breach have escalated in SA from R32 million in 2017 to R36.5 million this year.
The rise in the costs of data breaches in SA represents a 12.2% increase from the prior year. In 2016, the average cost of a data breach was R28.6 million.
The itweb article added that local organisations have not been spared. In June, insurer Liberty announced an external party had gained unauthorised access to its IT infrastructure.
In May, South Africans suffered another massive data leak which resulted in close to a million personal records being exposed.
This was revealed by Australian-based IT security researcher Troy Hunt. He created the “Have I been pwned?” platform as a free resource for anyone to quickly assess if they have been put at risk due to an online account of theirs having been compromised or “pwned” in a data breach.
In October last year, Hunt uncovered SA’s biggest data leak, where over 30 million records were exposed.
The article points out that, to address the scourge of cyber crime in SA, the Department of Justice and Constitutional Development, in December last year, moved to address some sticking points that had tarnished the Cyber Crimes and Cyber Security Bill.
The Bill aims to give SA a co-ordinated approach to cyber security, as the country currently has no legislation that addresses cyber crimes.
The article adds that there was an outcry over the initial draft Bill, with several critics saying it was too broad and open to abuse, and threatened the fundamental democratic spirit of the Internet.
However, the Department of Justice and Constitutional Development recently published responses to the public comments received on the Bill, which was tabled in Parliament in February 2017.
According to law firm Michalsons, the Cyber Crime Bill was first published on 28 August 2015, updated on 19 January 2017 and introduced in Parliament on 22 February 2017.
The article points out that the Bill is still sitting at Parliament as there was a strong push by the old regime in government to enact the Bill in its then-current form, the law firm notes.
“There were extensive comments on the Bill during the public participation period in 2017, and particularly on onerous aspects of the Bill. Those comments will hopefully be considered and some incorporated into the Bill before it becomes law,” it states.
Michalsons points out that the Bill gives the police service (and their members and investigators) extensive powers to investigate, search, access and seize just about anything (like a computer, database or network) wherever it might be located, provided they have a search warrant.
Foreign states will co-operate to investigate cyber crimes.
The costs involved…
I recently read an article on csoonline.com which pointed out the costs of cyber risks.
The article points out that analysis of the cost of cyberattacks often comes with a price tag attached. We regularly read reports highlighting the average and cumulative costs of data breaches, and those figures can be staggering, such as in a Juniper Research report that asserts the global cost of breaches could exceed $2 trillion by next year. While such whopping estimates rightfully garner attention, often overlooked is an even deeper and more jarring consideration — the relationship between information and cyber security and our physical security.
The article adds that cybersecurity risk often is treated as a nebulous, abstract concept. Except for those working on the front lines as a security practitioner, it is easy to make a distinction between our digital and our physical environments — our homes, our offices, the park where we take our children and grandchildren. We read about cyberattacks in the headlines, but it probably does not rate as visceral of a reaction as when we read about a physical assault or a bank robbery, where the imagery that springs to mind is more harrowing and personal. Yet, as the volume of cyberattacks continues to rise and the attack methods of cybercriminals becomes more wide-ranging and less predictable– and more potent — the barrier between our digital and physical worlds is becoming thinner and more fragile. Increasingly, the possibility of kinetic attacks — those that can start as cyber incidents but turn out to be a precursor or conduit to physical attacks — are commanding more and more of our attention and vigilance.
More tools for cybercriminals to draw upon
The article points out that the potential for threats that originate in the digital world to surface in our physical environment is becoming more pronounced. Increasingly, malicious uses of artificial intelligence loom as a threat to our safety, as only 40 percent of respondents to ISACA’s 2018 Digital Transformation Barometer express confidence that their organizations can accurately assess the security of systems based on AI and machine learning. As self-driving vehicles and the use of AI in maritime and other transportation modalities become more prevalent, the need for enhanced assurance of these systems’ safety will be critically important to prevent these promising innovations from leading to dangerous outcomes.
The dark web presents another platform by which cyberthreats can transition into real-world threats to our physical safety. The dark web, inaccessible by search engines, is a haven for criminals, extremists and other groups that are looking to evade the notice of law enforcement. Dealings on the dark web can lead to hitmen being hired to carry out attacks, the plotting of terrorist activity and a range of illegal transactions, often involving drugs, that can lead to violence on the streets. We must also recognize the potential for misuse of social media to set in motion threats to our physical well-being, as oversharing or compromising information spread on social channels can swiftly turn into violence in our neighborhoods, schools, and beyond.
The article adds that while all these threats are real and, in most cases, terrifying portents of a world of exponential risk, we need to balance our anxiety by remembering that there are “good guys” doing their best to delay, if not avert, a tech-induced physical attack. For instance, the IoT Security Foundation is dedicated to raising attention to important security considerations not to be neglected as we move forward to a more interconnected world. Businesses are adopting and promoting the best security practices in cloud computing with help from the Cloud Security Alliance. However, despite the best efforts of organizations such as these, it is near impossible to calculate their true effectiveness in comparison to the headline attacks and potential for physical harm. This reinforces what I have maintained all along — cybersecurity is everybody’s business, and we collectively must understand and be vigilant about working together to minimize the risks for the good of our global society and citizens.