Cyber-policing vs IT Security Awareness

In December the Postbank lost R42 million to hackers. Afterwards experts called for a new cyber policing strategy. After 20 years on the Internet I did not know we had a cyber policing strategy in place. During 1997-2003 I worked for major Internet Service Providers and three banks running their IT Security. If South Africa has a national cybercrime strategy, it’s time we know more about it.

Professor Basie von Solms, from University of Johannesburg, warned parliament against internet fraud like the Postbank loss over the 2011 festive season. While I was direct of Computer Society South Africa, I was engaged with Prof von Solms and found him honest and direct. He said, while SA Police Service had highly skilled cyber specialists, there were not enough of them. There was no overarching policy to protect the security of SA’s interconnected computer networks.

Von Solms said a draft cyber security strategy was circulated in 2010 by the government but nothing further had been heard of it. Without a cyber policing unit with compliance inspectors, cyber crime and cyber terrorism would just increase. Most countries had a computer security incident response team that tracked global trends in cyber crime and virus attacks to spread awareness and propose measures to address them.

“We are allowing citizens to use the internet more and more but are not protecting them.” This reads like something from 1984 or Brave New World professor. Citizens needs education on safe use on the Internet. No amount of laws will stop stupidity.

He believed Parliament had an obligation to conduct oversight of the cyber security of government departments and other state entities. The failure to exercise this oversight was partly to blame, he said, for the debacle at the Postbank as no check had been made of its computer security system.

According to the annual Norton Cybercrime report, South Africa ranked #3 in the world. They estimate consumers lost close to $20.7 billion after falling prey to cybercrime including attacks, malware and phishing. The highest numbers of cybercrime victims were found in Russia (92 percent), China (84 percent) and South Africa (80 percent).

To reduce your risk we recommend the following:

  1. Study Internet Security Awareness Basics from Gideon Rasmussen
  2. Ensure your HR department talks to your IT department once a month about IT Security issues
  3. Ensure you make your staff, teachers and students (in school or university) sign an Internet usage policy.

For information on our new Internet Security Awareness workshop, contact our national office.


IT Security & Cyber Forensics Conference

World famous hacker, Kevin MitnickToday I am speaking at the Marcus Evans IT Security & Cyber Forensics conference. The subtitle for this conference is: Mitigating IT security risks through improved processes and innovative investigations

The inspiration for my talk is based on two books by the most famous hacker in the world, Kevin Mitnick: The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruder and the The Art of Deception: Controlling the Human Element of Security. In 2003 I established contact with his agent in United States of America to bring him to South Africa. After a very long negotiation period and with assistance from ITWeb he eventually made to sunny South Africa in 2006. It was my pleasure to meet him and have his books autographed. I really have to find that photo we took together. However, I know it won’t be the last time we met. His story has been written up in many books and one of them made into the B-grade Hollywood movie Takedown. When you meet a living legend like this its pretty awesome feeling. However, when you know, in your heart that you had a stake in bringing him to South Africa, it is inspirational. This is one of the things that got me “fired” from FNB’s Randburg Computer Centre in 2003.

Date: 16-17 Oct 2008
Location: The Forum, Wonderers Building, The Campus, Bryanston, Gauteng.

My topic: The Human Element in IT Security

Anyway here is the overview from the Marcus Evans event information page:

Over the last decade IT technology has grown and developed substantially. These new developments where meant to streamline operations but they have also created new breaches in security allowing data and valuable intellectual information to be exposed to competitors. Organisations thus need to start using more advanced forms of investigation to identify its vulnerable points, and cyber forensics is starting to play a crucial role in identifying those individuals and organisations involved in sabotaging your system. Every company uses electronic information extensively to support their daily business processes. Data is stored on customers, products, contracts, financial results, accounting etc. If this electronic information were to become available to competitors or to become corrupted, false or disappear, it will greatly hinder business functioning.

With the increased attention on IT security and cyber forensics, IT professionals are discovering that security information threats do not only fall in the hands of hackers and external forces but in this day and age, 50% of all security threats are internal. This creates major concerns for corporates who not only need to hide their important information from their competitors but now also their employees. As the world moves towards the wireless age, IT security needs to grow and develop to ensure the safety of information no matter what the form it is being transmitted in. By attending this conference you will be able to gain insight on cyber forensics processes, identifying an attack and who is attacking you. You will also be able to identify which information is at risk and who we should be watching out for both internally and externally.

Other Key Speakers

Jason Jordaan
Head of Cyberforensics , Special Investigating Unit SOUTH AFRICA

Poppy Tshabalala
Chief Information Officer, Department of Trade and Industry

Stephen Mark
Information Security Officer, Discovery

William Stucke
Chairman, AfrISPA

Evans Nyagah
Head of IT , Telkom Kenya

Key Topics

  • Creating an awareness of IT security threats through constant monitoring and clear communication of potential security violations
  • Analysing new hostile trends that are emerging in our internet landscape
  • Applying cyber forensics pro-actively to create a more secure IT environment
  • Promoting access control though innovative measures to demotivate and prevent • Promoting access control though innovative measures to demotivate and prevent • Promoting access control though innovative measures to demotivate and prevent unauthorised personnel accessing confidential networks
  • Considering the threat Auditing has on your IT security system and information security in general

For a more detailed overview of my backgroun in Information Security or IT Security industry visit my LinkedIn profile.