There is an acute scarcity of the highly skilled professionals that are needed by the country to manage the very real cybercrime threats that face South Africa. A number of different professionals from different sectors must be trained to make up a core response team for national threats that affect the running of the government and key business sectors which are most vulnerable to cybercrime. INSETA’s analysis of the insurance industry’s scarce and critical skills needs identifies that ICT professionals are in high demand for their technical skills and the needs are being prioritized by the sector.
Cybercrime has been classified, alongside international terrorism and natural disasters, as a top priority by the US, UK and other governments. South Africa has become one of the most targeted countries for cybercrime, especially phishing attacks. It is difficult for governments and the private sector to manage cyber threats due to the complexity of the threats. Highly skilled professionals are required if we are to succeed in this battle. Globally such skills are acutely scarce and countries are putting in place long term strategies spanning in excess of 20 years to develop key skills in the area of cybercrime. There is no one qualification towards which cybercrime specialist can be trained in South Africa. There are, however, different training courses, which are not well articulated with each other and do not respond holistically to this key human resource development issue.
The type of professionals that are required and the skills that they require to adequately address cybercrime include:
- Cyber security experts – These would be highly skilled technical experts who will be involved in protecting information through and effective cyber security programme. Similarly highly skilled experts would be needed to realistically test defences in a simulated environment to identify vulnerabilities. The Protection of Personal Information Act (Popi) requires that organisations who store consumer o data are required to protect the data and have systems in place to prevent data leaks. Organisations have to report data breaches and what steps they have taken to fix the breach. Essentially Popi pushes organisations to be compliant and lower the risk of cybercrime.
- Cryptographers – hack and crack codes o SAPS officials/Prosecutors/ Judges – in understanding and recognising cybercrime and how to correctly open a docket; how to investigate and charge the cyber criminals and successfully prosecute them. Presenting of electronic evidence in court. Further gathering police intelligence using sophisticated technology to effectively stop cyber criminals in their tracks
- Insurance underwriting – Cybercrime insurance is relatively new in the country and many businesses are underinsured in this area. There is a general view that this type of insurance is adequately covered under existing business insurance, however, in most instances this is not the case. Popi will likely force organisations to consider cybercrime insurance.
Cybercrime is defined in the ECT Act as unauthorised access to, interception of or interference with data, computer – related extortion, fraud and forgery, attempt, and aiding and abetting cybercrime. The cyber attacker uses the internet to:
- Access; manipulate or destroy organisations and governments critical information. Service delivery could be crippled for long periods if the country does not put in place an effective response plan in the event of such a large scale cybercrime attack; and
- Steal information especially sensitive financial information which can later be used to perpetrate fraud. Our financial services industry is at high risk. Individuals who access financial services through personal computing are more at risk, as phishing scams become more sophisticated. South Africa has about 6.8 million internet users and a general education campaign targeting the South African public will also assist towards reducing cybercrime and economic loss to crime.
The South African Cyber Threat Barometer identifies the common top cyber vulnerabilities as:
- Inadequate maintenance, monitoring and analysis of security audit logs
- Weak application software security
- Poor control of admin privileges
- Inadequate account monitoring and control
- Inadequate hardware / software configurations
Experts suggest that the most effective way an organisation can detect cybercrime is to internally monitor suspicious and unauthorised access as well as use external mechanisms of fraud detection for independent assurance. The search for talent in this regard is being hampered by the lack of a well-coordinated human resource development plan to develop all the professionals in the cybercrime value chain. The Finance Minister is advised on matters relating to e commerce in the financial services sector by the E- Commerce Advisory Committee (ECAC).
The Financial Services Board (FSB) plays a convenor and facilitator role for this committee. They have identified cybercrime as the biggest threat to e- financial services in South Africa. It is estimated that SA loses 2.65 billion per annum on cybercrime.