A Cyber Security Threat Perspective

Can you tell me a bit about your background and your current role?

Collen is a meticulous entrepreneur with experience as a professional in Digital Fraud, Internet Fraud, Cyber Forensics Investigations, Computer Forensics Investigations, Mobile Forensics Investigations, Cyber Security and ad-hoc Incident Response. He’s professional experience includes working with international teams and traveling to various countries in the continent as a specialist in his line of work. He has also been crisscrossing the country clamping down organized syndicates of fraudsters, digital fraud, internet fraud cases and other fraud related incidents.

Collen’s entrepreneurship journey can be traced back to 2012 when he formed part of developers’ team that launched the first BlackBerry Apps Lab at the University of Pretoria. He is currently the founder of The Banchi Group (TBG), a tech startup which offer various services including cyber forensics investigations and cybersecurity services.  TBG also offers other IT sevices, furthermore, it has launched two online platforms namely LyfBit.Com and LeafyMall.Com.

Collen is also a well know public speaker  on Digital Fraud, Internet Fraud, Cyber Forensics, Cyber Security, and ad-hoc Incident Response space. He has been invited as a specialist guest to speak at The Legal Show 2020 Conference, World Digital Weeks 2021 Conference and some local radio stations. As an academic he holds BSc Computer Science Degree (2014) & BSc Computer Science honours (2016) both from the University of Pretoria. Furthermore, he has completed the following certifications and courses with globally recognised institutions:

• Post Graduate Certificate Project Management, 2015 with Regenesys Business School.
• EnCase Certified EXAMINER (EnCE) certification, 2018 with OpenText.
• GIAC Certified Forensic Examiner, 2019 with SANS Technology Institute.
• Cybersecurity: Managing Risk in the Information Age, 2020 with Harvard University.

Collen is a highly motivated entrepreneur, an enthusiastic Public Speaker and a hardworking professional who continues to find ways to improve himself in all aspects of life.

What is the top cyber threat a business owner faces today?

We are living in a highly digitalized and connected world. Businesses are aggressively embarking on a sophisticated digital transformation.  Today it is vital for all kinds of businesses big or small to have a connected digital footprint on the internet and cyber space at large. As a result, all businesses are inevitably exposed to the growing number of cyber threats that are targeting them. Various research studies have identified five top cyber threats that businesses faces today as follows:

• Email threats: among others they include phishing scams, malware distribution scams and business email compromise. The biggest among these threats is phishing attacks by far. Phishing can range from a simple email scam with phishing a link to a more targeted sophisticated targeted attack such as Waling which targets more lucrative victim or senior individuals such as CEOs.
• Cloud Security: this threat can affect the business’s Confidentiality Integrity and Availability of its services if exploited. It is vital to invest on the best cloud technology and security for your business.
• Malware Attacks & Ransomware: these threats are gaining more and more popularity in the recent past. Hackers are deploying ransomware attacks to various institutions more often than before. The recent notable attack was seen in May 2017 with WannaCry ransomware cryptoworm.
• Poor Password Management: this threat comes as a result of human error or bad behavior of employees in an organization. People tends to use weak passwords, repeated passwords or even write their passwords down on pieces of papers.
• Insider threats: this is one of the fastest growing threats for every business. Since we are living in an information age, access to data especial that of your competitor has become more valuable than ever. As a result, most employees tends to expose businesses critical data to wrong people. This can happen as deliberate action to cause harm or as a mistake.

Why South Africa is vulnerable?

South Africa is one of the most digitalized economies in Africa. And it is arguably one of the most digitalized economies in the world. However, it is also a developing economy facing various challenges that a typical developing economy would face. Some of the key factors were identified by various researchers are as follows:

• Lack of investment in cyber security:

South Africa is still dealing with developing nation challenges such as high crime rates, inequality & poverty, high unemployment, and shortage of skilled labour. So even though most organizations may deem cybersecurity as a necessity, they turn to have other competing priorities which results in insufficient funding of cybersecurity.

• Developing cybercrime legislation and law enforcement training:

South Africa as a developing nation did not have comprehensive cybercrime legislation in place for a very long time. The POPI act only came into effect on 1 July 2020. And Sections 110 and 114(4) are only coming into effect on 1 July 2021.

• Poor public knowledge of cyber threats:

Even though South African is the most digitalised economy in Africa, most of its computer, smartphones and internet users are not aware of multifactor authentication & its benefits. Also, most users cannot differentiate viruses from Trojan, ransomware, and other malware.

• What is the impact of Covid-19 on the South African Cyber Security Landscape?

Covid-19 has exacerbated the cybersecurity challenges that the country was facing going into its Covid-19 lockdown. For example, most organizations and people whom did not heavy rely on working remotely had to switch from going to the office to working remotely. That has led to originations and individual relying heavily on the IT infrastructure that wasn’t fully prepared for such kind of switch. As a result some of IT systems continues to operate while strained. This has led to many organizations being exposed to cyber threats more than before, this is evident on the unexpected data breaches on some organizations.

There’s been a rising number of cyber fraud, scams and attacks on the general public and originations across the board. Cyber-attacks such as phishing, business email compromise and identity theft continues to increase. Due to the reality of having less tech-savvy users having to user new technologies and internet to support their livelihoods. The increase in unemployment due to extended lockdown has created an even broader pool of potential victims of cybercrime because of their desperation to make the ends’ means. Covid-19 has affected the country in many ways across socio-economic issues through to cybersecurity issues.

What can organizations & people do to protect themselves?

Various research done by some organizations in the cyber security space has identified about 13 key recommendations of what organizations & people can do to protect themselves especially when working remotely. The recommendations are as follows:

• Organizations must enforce the use of strong passwords and multi-factor authentication (MFA) on work devices and network. Individuals should also apply MFA on their home networks and personal devices.
• Organizations must secure physical assets ensure that the work premises and devices are secured.
• Organizations must consider updating their BYOD policies – For individuals without laptops, they may have to relax their BYOD policy to include the use of personal devices to enable staff to work remotely.
• Organizations must introduce collaboration tools  –  Secure  collaboration  tools,  such  as  Slack  and  Google  Hangouts  are convenient and secure ways for teams to communicate. Where possible ensure collaboration tools offer end-to-end encryption and store data privately.
• Organizations must use a trusted VPN – Encourage staff not to install their own VPN software. There are many examples of malware masquerading as free VPN software.
• Organizations must encrypt hard drives  –  An  often  overlooked  consideration, devices  carrying sensitive information  outside  of  the  corporate  network  should  have  encrypted  Workstations remaining in the office unattended should also have their disks encrypted.
• Avoid public WiFi – Public WiFi should be discouraged on any corporate device without a VPN in place and active. Encourage the staff rather use a mobile device with a 4G or 5G connection.
• Ensure anti-virus  software  is  up-to-date  –  Anti-virus  can  only  detect  threats  based  on previously seen attacks. Make sure all devices leaving the office have anti-virus installed or where already in place that they are updated.
• Make sure devices and operating systems are up-to-date – Updates to operating systems can fix vulnerabilities that can be exploited. Make sure all devices are updated.
• Organizations must have support staff  –  organizations  that  introduce working from home they should  introduce a contingency plan that may outline how they intend to deal with potential challenges.
• Communication and training – the transition to working from home will be disruptive for both employees and the IT and security team.
• Organizations must ensure that  staff  know  how  to  report  suspicious  activity  –  Remind  staff  how  to  report suspicious activity, such as suspected phishing campaigns, and praise individuals who do.
• Organizations must put in place management of unusual behaviour alerts – IT security teams may feel the burden caused by tools that  rely on  uncommon  behaviour  or  basic  anomaly  detections  during  this time.

How do you foresee future cybersecurity?

Cybersecurity poses an interesting future in Africa. There’s a continued increase on the cyber landscape surface that is vulnerable to threats. This continued growth of cyber landscape surface will result in the increase in cyberattacks on the continent. Most cyber criminals will migrate to Africa with the aim of capitalizing on a wider surface of unsuspecting victims. The following are some of the key developments to expect in the future of cybersecurity in Africa:

• Cyber Risks will be more expensive.
• Cyber Risk Insurance will be mandatory in many organizations.
• More highly skilled cybersecurity resources will be required for organizations to thrive.
• There’s going to be a change in the education system. Cybersecurity and coding will be introduced in various level of the system.
• People are going to be the biggest enablers of cyber-attacks whether intentional or unintentional.
• Trust between humans and machine will be extremely expensive. Threats will be lurking everywhere.

All these foreseen cybersecurity challenges will also pose immense opportunities for the African youth to start careers are businesses that will deal with these threats. The continent currently has a huge shortage of critical skills in the cybersecurity space.  Therefore, the continent must maximise the opportunities that will come with continued digital transformation of the continent.