Five things we must do to combat cybercrime
Cyber-attacks are on the rise globally, with seriously negative implications for countries’ strategic, national, economic and social well-being.
A cyber-attack can be defined as an unauthorised attempt – successful or not – to infiltrate a computer or computer system for malicious purposes. Reasons for such attacks vary from financial gain to espionage, gathering strategic and national information and intelligence about an adversary. Such an adversary can be a nation state, a corporate entity or a private individual.
The authoritative international Cybercrime Magazine expects global cybercrime costs to grow by 15% a year over the next five years, reaching $10.5 trillion a year by 2025, reporting:
The five key ingredients
- Fighting cybercrimes must be a governance issue This is a core principle in all national and international good corporate governance practices. In private companies that role falls on the boards of directors and executive management. It’s part of the oversight and code of conduct of top management.For the government it means that the president and cabinet should be responsible for ensuring that the country is resilient against cyber-attacks.
- Skilled cyber practitioners and advisors are vital The skills shortage is being addressed by universities and private colleges, but this is but a drop in the ocean because the output is limited and takes several years to produce. The fact is that such cybersecurity practitioners do not necessarily all have to have university degrees. In the UK, for example, the government’s National Cybersecurity Centre has a programme called CyberFirst, directed towards schools. Such a programme could have significant benefits for South Africa, including providing jobs for talented young people who do not have the money or interest to pursue tertiary studies.
- Citizens must be cybercrime savvy All computer end users must be empowered to be cybercrime fighters to make the country, companies and other institutions more resilient. Security is everyone’s job. Everyone from the entry-level to top management should know how to identify and report breaches so they can defend the enterprise. New, more effective approaches must be found to make end users more aware of cyber risks and integrate them better into the enterprise’s cyber defences. One example of such a new approach can be modelled on the idea of a human firewall, where every end user understands that he or she is part of the cyber defence of the country or company, and acts in that way.
- Public-private partnership is imperative The government cannot fight cybercapture on its own. Most of the present cyber expertise lies in the private sector. The private sector is basically running a major part of South Africa’s critical information infrastructures – such as for banks, internet service providers and cellphone service companies. Public-private partnerships must be established as soon as possible to combat cybercrimes.
- Have a dedicated ‘national cybersecurity director’ Cybersecurity experts and functionaries in the government and the private sector often operate in independent silos. Nobody has the required “helicopter view” and oversight of the status of cybercrime in the country. Not sharing scarce cybersecurity expertise between role players ends up in expensive duplication of expensive software systems and training, which could be more widely available.
