Johannesburg, 19 September 2023 – South Africa has become a fertile hunting ground for international cybercriminals.
Research by security company Kaspersky indicates that more than half of South African companies were targeted in the past year while spyware attacks increased by 18.8% between the last quarter of 2022 and first quarter of 2023. In respect of the latter, it is mostly government systems that are under siege.
Phishing, business e-mail “spoofing” and malware attacks are among the most common cybercrimes, though Internet of Things vulnerabilities are increasingly being exploited as well. Unsecured smart devices often do not have adequate protective controls in place to detect, isolate and mitigate these cyber onslaughts.
According to Kgotso Masenya, Head of Information Technology at World Wide Industrial and Systems Engineers (WWISE), it has become crucial for organisations to build secure data privacy systems able to mitigate any possible attack.
Masenya has compiled a checklist of requirements for such systems. This includes:
A further course of action, Masenya says, is the implementation of ISO/IEC 27001:2022, a standard developed by the International Organisation for Standardisation (ISO).
The tool speaks directly to information security, cybersecurity and privacy in terms of information security management systems.
“This standard gives an organisation the ability to implement a framework of controls that ensures there are sufficient redundancies and guidelines to conform to a school of international guidelines/standards that embodies governance, statutory and regulatory requirements, and cyber and information security,” Masenya says.
Enlisting the services of the right ISO specialist is just as important as the implementation itself, and companies should always look at aspects like reputation and experience, competence, conformance to industry standards and laws, proof of concept and the quality of gap analysis reports.
“Once implemented, the key people in managing the data privacy system are usually your chief information security officer, data protection officer, chief information officer, IT department and data owners and custodians,” Masenya says.
“What you want from them is to explain the importance of privacy and data management obligations and emphasise how crucial it is to follow data protection rules. They should also provide guidance on impact analyses, and act as a point of contact for data subjects.”
In addition, staffers in these positions should be responsible for implementing access restrictions, encryption and other strong security measures, he adds.
Launched in 2009, Centurion-headquartered WWISE employs 35 fulltime consultants who specialise in more than 40 industries, both locally and abroad, training, and implementing ISO standards and programmes for a broad range of small, medium and large-scale business and organisations. The company has a solid local and international client base, with 590 clients in 16 countries, implementing more than 30 standards and achieving a 100% record when clients are certified. Its training programmes are accredited with SETA and various international bodies, and it offers an e-Learning portal through which 12 000 people in 40 countries have been trained so far.
The 70-year-old International Organization for Standardization (ISO) is an independent, non-governmental international body that develops business management standards to ensure the quality, safety and efficiency of products, services and systems across a multitude of industries. It aims to uphold consistency and quality in an increasingly globalised marketplace.