With an overall increase in the number of cyber-attacks on individuals and organisations alike, we need more than just creating awareness; we also need to urgently work on creating and providing better and more secure (software) systems, as well as update our legal systems – all of which are not easy challenges.
This is the view of cybersecurity expert, Prof Bruce Watson from the Department of Information Science at Stellenbosch University. With October being Cyber Security Month, Watson says more and more people and organisations are being confronted with messages encouraging them to take steps in protecting themselves against actions of cyber criminals within cyber space.
“This is crucial given for instance the current increases in phishing attacks which are fraudulent practices of sending emails purporting to be from reputable departments/companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers, or scam them out of their money.
“If an organisation’s systems are not adequately protected, they are vulnerable to attacks, whereby law-abiding citizens and business data may be exposed and exploited by cyber criminals posing as banks or even government departments, resulting in unsuspecting citizens and business owners being defrauded out of their money through no fault of their own.”
Watson says it is largely the private sector that seems to be championing cybersecurity awareness initiatives, with the South African government lagging behind still.
“As such, a cyber-security savvy citizen will only help to expose the gaps within the government when it comes to dealing with issues of cybersecurity. And as technology advances, more and more citizens will demand services that require the government to protect them from cyber-attacks.”
Watson does acknowledge that cybersecurity can be tough, adding that there are various reasons for this.
“First of all, cyber space doesn’t obey to the normal rules of the world. As such, it is not enough to ‘live in a good neighbourhood’ in order to be safe from a cyber-attack. More and more, everything is interconnected and we can get cyber-attacked by accident, and at long distance. The internet is also easily anonymous, making attribution a problem as well.”
Ideally, these are criminal activities that have to be reported to the authorities and prosecuted according to a particular law. At the least, we need to be able to identify the applicable laws that are transgressed and then be aware of the processes that we have to follow to bring the criminals to book.”
Watson says that at the moment, however, South Africa does not have much. He points out that the only legal document that deals with cybersecurity and cybercrime matters is the National Cybersecurity Policy Framework (NCPF), which was adopted by Cabinet in 2012.
“We also have the Cybercrimes Bill, which until late 2018 was called the Cybersecurity and Cybercrimes Bill, but until the Bill has been signed and becomes an Act, nothing much can be done to address the issues raised. Furthermore, the signing of the Bill will not automatically make us safer, as it requires a transition that will take time, whereby the case system of the police will have to be adapted, the evidence chain will have to be aligned and adapted, prosecutors will have to be trained, as well as the judges, etc.”
Watson says it is therefore very important that we up our cybersecurity defences, not just where normal citizens or users are concerned, but also for builders of systems (software), as well as the security of our nation as a whole.
“In the end, we all depend on lots of technology: from electricity, to banking to airports and airplanes, to entertainment. If those things fail, the impact can range from merely causing an annoyance to inflicting major economic damage.”
Watson says people can protect themselves from becoming victims of cyber-attacks by not clicking on links that are suspicious (especially in emails), not just opening attachments and making sure their devices and anti-virus software are updated.
“Do not use public or free Wi-Fi for personal or banking transactions, it is dangerous. Make use of a virtual private network (VPN) instead. And remember: If it is free, you are the product,” adds Watson.