There is an acute scarcity of the highly skilled professionals that are needed by the country to manage the very real cybercrime threats that face South Africa.
A number of different professionals from different sectors must be trained to make up a core response team for national threats that affect the running of the government and key business sectors that are most vulnerable to cybercrime. INSETA's analysis of the insurance industry's scarce and critical skills needs identifies that ICT professionals are in high demand for their technical skills and the needs are being prioritised by the sector.
Cybercrime has been classified, alongside international terrorism and natural disasters, as a top priority by the US, the UK and other governments. South Africa has become one of the most targeted countries for cybercrime, especially phishing attacks.
It is difficult for governments and the private sector to manage cyber threats due to the complexity of the threats. Highly skilled professionals are required if we are to succeed in this battle. Globally, such skills are acutely scarce and countries are putting in place long-term strategies spanning in excess of 20 years to develop key skills in the area of cybercrime.
The professionals required
There is no one qualification towards which cybercrime specialist can be trained in South Africa. There are, however, different training courses, which are not well articulated with each other and do not respond holistically to this key human resource development issue. The type of professionals that are required and the skills they require to address cybercrime adequately include:
Cyber security experts: These would be highly skilled technical experts who will be involved in protecting information through an effective cyber security programme. Similarly highly skilled experts would be needed to test defences realistically in a simulated environment to identify vulnerabilities. The Protection of Personal Information Act (POPI) requires that organisations that store consumer data are required to protect the data and have systems in place to prevent data leaks. Organisations have to report data breaches and what steps they have taken to fix the breach. Essentially, POPI pushes organisations to be compliant and lower the risk of cybercrime.
Cryptographers: Hack and crack codes. SAPS officials/prosecutors/judges: In understanding and recognising cybercrime and how to open a docket correctly; how to investigate and charge the cyber criminals and successfully prosecute them. The presenting of electronic evidence in court. Further gathering police intelligence using sophisticated technology effectively to stop cyber criminals in their tracks. Insurance underwriting: Cybercrime insurance is relatively new in the country and many businesses are underinsured in this area. There is a general view that this type of insurance is adequately covered under existing business insurance, however, in most instances this is not the case. POPI will likely force organisations to consider cybercrime insurance.The cyber attacker
Cybercrime is defined in the ECT Act as unauthorised access to, interception of, or interference with data, computer - related extortion, fraud and forgery, attempt, and aiding and abetting cybercrime. The cyber attacker uses the internet to:
Access; manipulate or destroy organisations and governments' critical information. Service delivery could be crippled for long periods if the country does not put in place an effective response plan in the event of such a large scale cybercrime attack; and steal information, especially sensitive financial information, which can later be used to perpetrate fraud. Our financial services industry is at high risk. Individuals who access financial services through personal computing are more at risk, as phishing scams become more sophisticated. South Africa has about 6.8 million Internet users and a general education campaign targeting the South African public will also assist towards reducing cybercrime and economic loss to crime.Top cyber vulnerabilities
The South African Cyber Threat Barometer identifies the common top cyber vulnerabilities as:
Inadequate maintenance, monitoring and analysis of security audit logs;
Weak application software security;
Poor control of admin privileges;
Inadequate account monitoring and control; and
Inadequate hardware/software configurations.Experts suggest that the most effective way an organisation can detect cybercrime is to monitor suspicious and unauthorised access internally, as well as use external mechanisms of fraud detection for independent assurance. The search for talent in this regard is being hampered by the lack of a well-co-ordinated human resource development plan to develop all the professionals in the cybercrime value chain.
The Finance Minister is advised on matters relating to e-commerce in the financial services sector by the E- Commerce Advisory Committee (ECAC). The Financial Services Board (FSB) plays a convenor and facilitator role for this committee. They have identified cybercrime as the biggest threat to e- financial services in South Africa. It is estimated that SA loses R2.65 billion per annum on cybercrime.
