Information Security South Africa


Information Security South Africa

Marc Seymour

Hacking is growing and changing as fast as technology is changing. Whether it's hacking to strive to affect an election, or possibly a retailer having millions of credit card numbers stolen, hacking and hack attempts are a daily occurrence.

Because of the internet computers are no longer isolated. Almost all of them are connected in some way and being connected means those computers are at risk. Hacking is changing now, While there still might be a few teenagers out there playing around, hacking is now big business and often has governments at its core. Information security in South Africa is not taken as seriously in some organizations as it should be. This leads to being even more at risk and making the potential payoff even higher for hackers.

Another factor that affects information security vulnerability is the Internet of Things. Almost everything in your home from your thermostat, baby monitor refrigerator, to your garage door those can be connected to the internet through a smartphone. And if it can be connected to the internet it can also be hacked.

There are two main types of threats that organizations and companies need to take seriously. The first one is the unintentional threat. An unintentional threat is usually the result of carelessness. The second is an intentional threat. This is an intentional hack. They include carelessness, somebody just leaving a computer around that gets stolen, opening a questionable email, clicking on the link and opening up a virus, careless internet surfing, poor password strength, and carelessness in the office. That could include leaving your office door open or putting sticky notes on your computer with all of your passwords listed there.

Espionage by government entities, trespass, extortion, theft of equipment, coming in and stealing things, identity theft, and also software attacks. Organizations need to realize that threats can come from either outside or inside the organization. Companies need policies and procedures to combat both of these threats.

One of the hardest threats to prepare for is social engineering. Social engineering is the perpetrator getting people to think they are somebody who they're not. This works with information security but it's also an issue when you check into a hotel and somebody calls you and says "hey we had a problem with your credit card we need to get that credit card information again". Social engineering is very difficult to avoid and very dangerous. One of the best ways to avoid this is through proper employee training.

One another threat is a software attack. A software attack is typically remote a attack but it requires that the user do something to install it on the computer. Some of these methods you've heard before. A virus is a computer program that executes spiteful actions by connecting itself to another computer program. A worm is a computer code that performs malicious actions and will also replicate or spread by trying to infect other computers on the network.

Phishing attacks use deception to try to acquire sensitive information about you, perhaps even your password by masquerading as an official-looking email. It might appear to be from the IRS or your bank. Spear phishing is a targeted attack. Before this attache, the perpetrators try to find out as much information as they can about you and include that in the phishing email to appear to be a legitimate request for information.

There are also software attacks that do not require the user to do anything. One of those is a denial-of-service attack In a denial-of-service attack the attacker sends so many information requests to a web server that it crashes it. We mentioned threats coming from both inside and outside the organization and the software attacks done by programmers inside the organizations. Programmers leave things on the program that they're developing. These might include a Trojan horse. That's a program that hides in the computer program and reveals itself later when it's activated by a specific date or time.

A backdoor is a password that's only known by that the programmer. He or she leaves a way to get back in and access the data. A logic bomb is a section of a computer program that is inserted within the organization's existing computer applications which are created to erase data at a specific date or time. Another category of threat is called alien software and some of the things that we would see in this category include adware.

Adware is software that causes pop-up advertisements to appear all over your screen especially when you're on the internet. Spyware collects personal information including passwords A spam attack uses your computer, especially your email system to send out spam emails.

Hopefully, you get the idea that the threats to information security south africa are very serious and organizations should take them seriously. Even with the best controls, somebody may still get in. But some of the specific things that companies and organizations can do include physical controls such as locks and making sure that the doors are locked. Badges and alarm systems and access control also help.

Ensuring that only people that have the right password and authentication can get into the computer system helps. Communication controls include things like firewalls, anti-spyware systems anti-malware systems and encryption can help. When it comes right down to it information security is an individual responsibility. There are some things you can do to safeguard your information security and especially your privacy.

One of those very simple things is just to use very strong passwords and change them often. But, don't put sticky notes on your computer with your passwords You might consider adjusting the privacy settings on your computer so that it doesn't send out so much information. You can also use anonymous settings on web browsers to protect your privacy. sob if you don't want to have your search history made available to all the advertisers that have cookies on your computer you can erase your Google search history.

TRG offers a solution for cyber security problems by providing IT Security Consulting Services throughout the security lifecycle, helping with strategy, planning, and ongoing program improvement. We provide a portfolio of information security services unique to each client at a flat monthly fee.

TRG vCISO Services include:

Security program development, implementation, and maintenance
Strategic security roadmap planning
Risk management advisory services
Data classification development and mapping
Policies and procedures development and implementation
Independent, unbiased assessment of threats, risks, and compliance
Guidance to help you meet your Industry compliance
For more info call us at +27 (87) 470 0506 or email at