KZN Business Sense News
Back to overview
Felix Mahlangu - Risk and IT security management a case for cyber security
Cyber security or information technology security is the protection of computer systems from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide. A typical case in point is the recent cyber-attack on the City of Johannesburg's network system, which was severely compromised through a cyber-attack that interrupted all the municipality's online systems and left many residents frustrated. Attacks like these can cost businesses millions of rands in downtime, retrieving data and restoring services. All this resulting in loss of revenue. Every connected organisation or business is at risk of cyber attacks.
Why is cyber security so important?
The World Economic Forum Global Risk Report 2019 lists large scale cyber-attacks at number five of the most likely risks to affect organisations and businesses behind extreme weather events, climate change, natural disasters, and incidents of data fraud.
Given more recent events in the South African banking sector and more importantly at municipalities, the situation is more likely to get worse. Malware attacks in South Africa increased by 22% in the first quarter of 2019 compared to the first quarter of 2018, according to global cyber security company Kaspersky Lab. That means there are just under 577 attempted attacks per hour, or over nine per second.
The need for cyber security is now more important than ever before
The past few months have been a turbulent period for many businesses as they struggle to set up systems and transition to new ways of working remotely. Many employees may be using multiple devices for work and personal use which, if not adequately managed, could create significant gaps within your online security, thereby leaving your corporate defences vulnerable to cyber-attacks.
While our attention has been on Covid-19 we have, perhaps, become less vigilant of another equally sinister threat that cyberattacks could, likewise, have devastating consequences.
What can go wrong?
Cyber-attacks are getting more complex as the criminal cyber attackers tend towards monetising their operations.
Typically, the attacks would result in the following:
Customer data exposure (and the impact of the Protection of Personal Information Act)
Transactional data corruption
Denial of service (disruption of access to mobile apps, customer care services)
Defacement of web sites, resulting in reputational damage
How can cyber security go wrong?
Experience in assignments that we have delivered has shown us that the primary points of failure in most organisations are:
Inadequate password policy and implementation
Non-renewal of anti-virus licences
Out of date anti-virus definitions
Lack of effective patch management processes
Lack of cyber risk training and awareness
Use of unprotected personal devices on organisation's networks
Malware and ransomware tools and software becoming more readily available on the internet. Even the less experienced of hackers can get access more complex algorithms.
What can be done?
For a comprehensive cyber security review, the following must be done:
Information security policy assessment
Cyber risk and security review
Internal vulnerability and penetration testing
External vulnerability and penetration testing
Wireless vulnerability review
Core switch review
Core firewall review
Network security architecture review
There is a very real threat and cyber-attacks. Be safe and minimise your risks!
Bonakude has experience in working with businesses and organisations to assess and advise on requirements to ensure your business does not become a victim of a costly cyber-attack. Our team of Certified Information System Auditors and ISO 27000 Certified and ISO 27000 certified specialists will help ensure you have all the correct measures in place.
For more information, contact:
T:+27 31 201 1241
Felix Mahlangu - Risk and IT security management a case for cyber security.pdf
Back to overview