Cyber criminals ‘targeting SA’s small companies’
Date: Oct 8, 2012 | News
CYBER crime last year cost South African people and companies more than R1bn, according to Sebastiaan von Solms, a research professor in the Academy for Computer Science and Software Engineering at the University of Johannesburg.
Published by Business Day: 08 October 2012
South Africa was a “hotbed” for cyber crime, he said, adding that the FBI officially ranked the country sixth in terms of global cyber crime destinations but unofficially closer to third.
In its latest internet security threat report, global software security company Symantec found that in South Africa, the average spam rate for last year was 72%. The average virus rate in South Africa was one in every 174.1 e-mails while the average global rate was one in every 238.8 e-mails.
“In 2011, cyber criminals greatly expanded their reach, with nearly 20% of targeted attacks now directed at companies with fewer than 250 employees,” said Jayson O’Reilly, security practice manager for Symantec.
“We’ve also seen a large increase in attacks on mobile devices, making these devices a viable platform for attackers to leverage in targeting sensitive data. Organisations of all sizes need to be vigilant about protecting their information.”
However, the University of Johannesburg, and through it, South Africa, was positioning itself to become a nexus of cyber security in Africa by establishing a centre of cyber security in conjunction with the United Nations and industry partners such as Standard Bank, said Prof von Solms.
“It may move out of the university, but the purpose is for postgraduates … to do research relevant to protecting the South African cyber space,” he said.
There are already a number of projects running and plans for future projects.
“First, there is no compulsory incident report (for cyber crime), a website where people can report incidents…. Banks and companies will not give you the data,” said Prof von Solms.
In terms of internet services, such as internet banking, South Africa had the largest number of “phishing” attacks in the world.
Phishing is when criminals try to get information such as bank details, user names and passwords from individuals by masquerading as a bank or some other trusted institution. “Although there are new techniques to make internet banking more secure, cyber criminals attack the weakest link, which is the user,” said Prof von Solms. “We need more awareness … and parliamentary oversight.”
When he addressed Parliament’s trade and industry portfolio committee earlier this year, Prof von Solms said a draft cyber-security strategy was circulated in 2010 by the government but nothing further had been heard of it. Without a cyber policing unit with compliance inspectors, cyber crime and cyber terrorism would just increase.
“For the biometric IDs in home affairs, how good will the security be? Who is asking those questions,” he asked. “I want a committee that will ask those questions.”
Although the centre has been recently established through R1m from the university, the Academy of Computer Science and Software Engineering has a number of research projects already running to protect South Africa’s cyber space and is involved in the global conversation about internet security.
For example, the head of department, Elize Ehlers, focuses on using the human immune system as a blueprint for anti-virus software. “The body recognises and remembers (a foreign element). We can use that knowledge to write programmes.”
However, the main difficulty is retaining students. “The faculty of science has a good bursary scheme for honours students (for) anyone who wants to study full-time,” said Prof Ehlers.
But Prof von Solms interjects that there is “such a demand for skilled IT people in South Africa that students get snapped up by industry (which) offers them a good salary and we can’t attract them back”.
“We have the problem of getting good IT lecturers because the good ones go to industry,” said Prof von Solms.
Attempts to query Standard Bank regarding its involvement were unsuccessful.