Without a doubt, we live in a net-centric world. New information technologies arrive at lightning speed, allowing us to share information across town, across the country, or around the world faster than ever before. The value that information provides is drastically changing, in such way that protection of critical information including privacy information is much more challenged.
The South African Centre for Information Security which is a non government firm established to develop and promote a coherent governance framework to drive implementation of effective information security programs. Although information security is often viewed as a technical issue, it is also a governance challenge that involves risk management, reporting and accountability. As such, it requires the active engagement of executive management at all levels.
We also start the year with highlighting top information security threats for 2013 and we base our threats analysis and mitigation strategies and programmes towards these threats. We have started a broad based interactive conference and media awareness on combating cyber crime in South Africa in order to share our findings and address new threats to information such as socially engineered Trojans, insider threats, data loss in the cloud and security threat from social networking issues.
Today’s economic environment demands that enterprises in both the public and private sectors reach beyond traditional boundaries. Citizens, customers, educators, suppliers, investors and other partners are all demanding more access to strategic resources. As enterprises reinvent themselves to meet this demand, traditional boundaries are disappearing and the premium on information security is rising. Heightened concerns about critical infrastructure protection and national security are accelerating this trend.
The Centre is committed to provide a framework and guidelines through various training, consultancy, and research and outreach services to help organisations assess their performance and put in place information security governance in South Africa. We will help organisations to get started with integrating information security into their corporate and IT governance program. We help organisations to demystify security which is commonly regarded as a barrier. Strong cultural change is required for this to happen. Security must be sold as a value adding instrument as oppose to fear induced pitch. Of course the catastrophe that may occur as a result of data breach, cyber theft and other cyber crime activities.
As we embrace information security governance and face wave of cyber crime attacks, it is important to remember that, like quality, it is a journey that requires continuous improvement over time. There is no silver bullet. We are still in the early stages of this journey while at advanced level of being target. South Africa is on the top three lists of victimised nation by phishing and other emerging cybercrime attacks.
We are a low hanging tree with advanced, mature and well regulated banking, rapid connectivity, essay access to internet, access to multiple types of devices and serious lack awareness of cyber threats and risks. We wish to inspire the industry and make an attempt to close that human factor gap.
As we progress, we will not only reap the rewards of productivity growth, customer satisfaction and improved competitiveness, but also gain the larger reward of enhanced security to our critical infrastructure and corporate bodies. With the coming of POPI bill, significant number of service providers will be held accountable for not implementing high level information security mechanism. There will be change.
The road to information security goes through corporate governance. South Africa, and the entire SADC region cannot solve its information and cyber security challenges by delegating them to government law enforcement officials, IT managers, CIOs or CISOs. The best way to strengthen the region’s information security is to treat it as a corporate governance issue that requires the attention of Boards and CEOs and every individual. In all opportunities I come across I would vigorously speak to bring cyber threat to the agenda of top decision makers.
We encourage you to join us in the effort to make South Africa fight cyber criminals effectively. You are all the target.