printer friendly version

Six-month lifespan of technology

In 2010, the South African government declared cybersecurity to be a national security priority. Since then, the country has been victim to trading stoppages at the Johannesburg Stock Exchange because of technological difficulties faced by its telecoms service provider, blackouts because of Eskom’s systems being disrupted, and the well-known January 2012 theft of R42 million from Postbank (the banking subsidiary of the country’s Post Office).

According to international technology provider, Thales SA, South Africa’s major institutions are at risk to a growing number of possibly debilitating cyberthreats because of the lack of continuous sophistication of cybercrime technology by the vast number of 'cybersecurity specialists' operating in the country. The reality is that the smarter technologies and modus operandi of cyber criminals – both locally and abroad – are not being effectively matched by preventative technologies that pass their sell-by date after six months of being developed.

Llewellyn Hartnick, cybersecurity specialist at Thales SA, says, “We are moving towards an electronic age. We have e-filing of citizens’ tax returns, a national online traffic fine system, electronic voice, video and written databases that are being built and maintained across sectors in the private and public sectors. It is therefore true that our growing dependence on technology naturally opens up the window of opportunity for criminal elements. Despite the recognition that cybersecurity is a growing issue of national importance there seems to be little understanding that technological developments have a global life span of, at most, six months. This means that effective security requires more than identification of the risks or sanctioning of the guilty criminals; it requires preventative mechanisms that are not only customised to specific sectors and operations but, that are more importantly, continuously upgraded in a way that consistently prevents the growing number of sophisticated attacks on one’s systems.

“Unlike countries that enjoy the benefits of cheap labour, as a country, South Africa cannot afford to invest huge portions of the national budget on continuously developing improved cybersecurity technologies. The responsibility therefore falls on individual organisations to maintain its electronic assets as best as possible, and it is there that lies the problem,” adds Hartnick.

“Having developed cyber security solutions over the past five years we know what is needed, from an organisational perspective, to protect electronic assets. Organisations (in the private and public sector) are specialists at what they do so it is unrealistic to expect our country’s stock exchange to be experts at cybercrime, or to expect our country’s energy distributor to maintain up-to-date cybersecurity technologies. South African organisations don’t and shouldn’t expend their time on developing and maintaining technologies that keep them and their customers safe.

This lack of in-house expertise and budget means that there is a greater reliance on South African service providers to use global best practices as a benchmark in preventing attacks, although in our experience this does not seem to be the case currently as our country’s major institutions remain at considerable risk because of a lack of awareness or implementation of evolving global technology standards,” comments Hartnick.

Share this article:

Further reading: