by Adv. Lufuno T Khorommbi, Cyber Law Consultant and MD Orizur Consulting Enterprise
Is there a reason to be concerned about cyber security? Absolutely! In fact, October has been declared a cybersecurity awareness month where campaigns are held to inform the public and businesses about the importance of cybersecurity.
These campaigns are aimed to help internet users to be more secure online by being informed and knowing the simple steps to take to protect themselves, families, workplace, and devices. The 2019 campaign theme is “own IT, secure IT, protect IT.” The theme is intended to promote personal accountability and proactive behaviour in digital privacy, common cyber threats, and cyber security best practices.
What is it that needs to be protected?
INFORMATION. In the 4th Industrial Revolution (4IR) where everything is connected to everything, information has become the most valuable asset for every organization, big or small. Cyber-attacks against both governments and businesses have grown exponentially in recent years; such that cyber threats are growing both in their prevalence and in their disruptive potential. requiring organisations, big and small to rethink their cyber security strategies.
For example, did you know the South African Banking Risk Information Centre (see footnote 1) (SABRIC) says South Africans lose around R2.2-billion every year to cyber-attacks? Phishing, identity theft, and ransomware are regarded amongst the top threats in the digital world. Unfortunately for companies, losses go beyond what is stolen; because every cyber security breach comes with serious reputational damage. According to IBM (see footnote 2), South African companies lose on average R36 million every time they get hacked, costing a business financial loss, customer relations, and operational costs. It is unfortunate that though cyber-attacks are on the rise, cyber security remains an afterthought for many organisations; leaving many environments vulnerable to all sorts of security breaches.
5 ways to avoid risk
Get your governance in place: Get expert advice on your tech-aligned policies and structures. What’s more, back up your policies and structures with rigorous internal training, to avoid human error.
Let your procurement process lay a solid foundation: For instance, make certification of systems part of your requirements, so that you know you have credible solutions from the word-go.
Get your contracts expertly drafted and negotiated. This is to make sure that before signing a contract, it caters for essentials such as support and maintenance. Don’t just focus on the deliverables. Also, to avoid ambiguities that that could cost you down the line? Furthermore, Don’t sign agreements that last for more than three years. Technology is advancing rapidly. Signing a longer-term contract may lock you into working with old technology; which might become costly to maintain a compliant cyber security environment.
Create and maintain a compliant cyber security environment. It is critically important to keep up with data protection legal prescripts; not only to avoid data breaches but penalties as well.
Due to the rise in cyber threats, data protection laws now place a higher burden of responsibility on organisations that processes personal information. Where an organisation is using a third-party platform to process personal information, it is essential to conduct due diligence to ensure that the third-party’s platform provides the level of protection required by law.Regularly test your system for weaknesses. This will mean that you proactively stay ahead of hackers who may be eyeing your system for vulnerabilities. Also make sure all your system users are vetted.
Footnotes:
1 . Cape Argus https://www.iol.co.za/capeargus/news/south-africans-losing-r22-billion-a-year-to-cyber- attacks-15601682
2. Ponemon Institute LLC, Cost of a Data Breach Study: Benchmark research, Global Overview 2018 sponsored by IBM Security
Adv. Lufuno T Khorommbi (Ms) is a specialist Cyber Law Consultant and the Managing Director of Orizur Consulting Enterprise. Her expertise lies in cyber law, cyber security, IT Procurement, Contract Management, Research and Policy Management. She is a Mentee of the Cherie Blair Foundation Global Women’s Mentoring Programme; a Member of South Africa Institute of Intellectual Property Law; a MICT SETA 4IR Advisory Committee Member; LLM specialization in IT Law; Certified in CIO Practice; she holds a Certificate in Cyber Security and a Certificate in Legislative Drafting. Find out more by visiting Lufuno’s website www.orizur.co.za.