Cyber security is very much a part of any discussion on legislation that governs the way a business manages its information and communication processes, says Carrick, who adds that email communication has been the subject of much debate, especially in terms of how it is regulated.
"Digital threats warrant a far more proactive approach to system security and protection from businesses. If one considers the fact that most threats originate internally or from within the organisation, then legislation can and will play a critical role. Email is just one area, albeit of critical importance, within an organisation and there are many ways that this could be exploited to the detriment of the business," explains Carrick.
The South African corporate landscape is regulated by legislation that includes: the Promotion of Access to Information Act, the Electronic Communication and Transactions ACT or ECT Act, King II Report as well as the Regulation of Interception of Communications and Provision of Communication-related Information Act. These laws have been introduced to govern critical business operations such as archiving and risk management, amongst others.
"For instance, according to the Access to Information Act, businesses are required to archive data for a period of five years. The Regulation of Interception of Communications and Provision of Communication-related Information Act, on the other hand, is specific to the monitoring and regulation of electronic communication. The introduction of a clear policy, along with implementation and proactive management goes a long way to ensure compliance," says Carrick.
Carrick identifies greater awareness, availability of security solutions, more efficient processes and enhanced levels of protection against cyber crime as evidence that the security market is gaining momentum
"The introduction of legislation has laid down the foundation for a situation defined by considerably more regulation than there has been in the past," he comments. "At the end of the day, compliance is non-negotiable and businesses have the option to acquire input and expertise from specialists in this field."
