CYBERSECURITY: WHAT YOU NEED TO KNOW

By Monisha Prem • May/June 2017 • Issue 55

Cybercrime is one of the biggest threats to businesses today and it is becoming increasingly important for businesses to develop effective strategies to combat cyberattacks.

While rapid technological advancements increase the risks of cyberattacks, including an advancement in the nature of such crimes, the threat posed by such crimes is further exacerbated by the rapidly evolving nature of cybercrime and a lack of clarity regarding the law surrounding it. One only has to look at companies like Sony and Yahoo to see the reputational harm that can come from cyberattacks. Any business, whether big or small, that relies on IT, needs a cybersecurity policy to protect not only themselves, but their customers as well. In addition, businesses that are subject to the Protection of Personal Information (PoPI) Act have an additional burden to protect against cyberattacks, as they may be liable in the event of a law suit.

WHAT IS CYBERSECURITY?

Cybersecurity can be defined as ‘the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access’. In terms of business, cybersecurity involves all the systems and processes introduced to protect your information and technological infrastructure against threats. A good cybersecurity policy should involve extensive risk assessment and management, as well as tailored strategies for both prevention and cure.

COMMON CYBERATTACKS

Whether achieved by hacking, malware or phishing, cyberattacks can best be grouped by looking at the intention of the attack. The four most common reasons to initiate an attack are to:

Disrupt or deny service [denial-of-service (DoS) attack];
Destroy or alter information;
Steal information; or
Change the perception and reputation of the business.

In South Africa, Distributed Denial-of-service (DDoS) attacks are by far the most common. These types of attacks are achieved by flooding the target’s servers, systems or network with traffic, thereby overwhelming them and making it impossible to perform their normal online functions. Our government, finance and telecommunications sectors are the biggest targets for this type of threat. DDos attacks disrupt the business’ functions and can be incredibly costly, both in terms of lost business and reputational damage.

The second biggest contributor to cybercrime in South Africa involves economic fraud, with Internet banking being a popular target. Most of the systems in place don’t provide enough protection against direct cyberattacks and many people fall prey to phishing schemes that aim to extort personal information and banking details.

Small- and medium-sized companies are particularly susceptible to cyberattacks as they often don’t have the right cybersecurity in place; while larger companies must face the constantly evolving nature of the threat.

Cybersecurity and cybercrime Law

The Electronic Communications and Transactions (ECT) Act 25 of 2002 is one of the only existing pieces of legislation that deals directly with cybercrime. This Act addresses the unauthorised access to, interception of or interference with data in section 86, an offence where data is unlawfully and intentionally interfered with. Section 87 deals with computer-related extortion, fraud and forgery, an offence where a person attempts to commit extortion, fraud or forgery in order to gain an unlawful propriety advantage. The Act prescribes penalties in the form of fines and imprisonment if any of the defined offences are committed.

South Africa is in the process of enacting the Cybercrimes and Cybersecurity Bill. This Bill will provide much-needed clarity as to what constitutes cybercrime, the penalties and punishments involved, as well as creating policies and committees to improve cybersecurity and fight cybercrime. The Cybercrimes and Cybersecurity Bill has much in common with PoPI. As such, businesses that are PoPI-compliant will have a head start on cybersecurity compliance. The added burden of compliance for certain sectors is well worth the extra protections that will result.

The proposed Bill addresses a number of important issues: defining twenty new cybercrimes; prescribing penalties; regulating jurisdiction, evidence and international compliance; as well as setting out the compliance requirements and creating the infrastructure needed to tackle cybercrime. Until such a time as the Bill is passed, cybercrime must be regarded in terms of the existing laws of our county where they are applicable and appropriate, with some interpretation.

Disclaimer: SA Franchise Warehouse is not associated in any manner to any of the brands listed on this website apart from listing details of their respective franchise opportunities. We do not underwrite their viability as a business opportunity nor the quality of the service or products offered by their franchisees. Any complaints need to be directed to the franchisors directly.