Companies in South Africa are rapidly deploying increased security to frustrate cyber thieves who are intent on stealing financial information, says an industry expert.

According to the Gemalto Breach Level Index (BLI) for 2015, 1 938 383 data records were stolen per day in 1 673 data breaches across the globe as criminals ramped up efforts to access personal and financial information.

“The appetite for a two-factor authentication is growing rapidly in South Africa, with 100% of the IT managers recently surveyed recognising that two-factor authentication can help their organisations comply with data protection regulations such as Popi and pass security audits,” Neil Cosser, Identity and Data Protection manager for Africa at Gemalto told Fin24.

Popi or the Protection of Personal Information Act mandates that companies in SA take measures to protect the personal data of customers with fines of up R10m for non-compliance.

Two factor authentication has emerged as a strategy to ensure transactions are authenticated via additional channels, typically via SMS.

Defensive strategies

“Recent news stories notwithstanding, South Africans are reasonably well protected from digital crime. Regulation, technology and the banks themselves all help in this regard. Most banks use two-factor authentication and have continued to improve on the particular forms of it they use,” Gerhard Oosthuizen, chief information officer, Entersekt told Fin24.

But despite the moves to increase security, local IT professionals are less confident about their defensive strategies.

“There is still a long way to go however, as 69% of IT professionals are not confident that their data would be secure if perimeter defences were breached,” said Cosser.

“Adding to this, 66% say unauthorised users can access their networks and 16% believe unauthorised users have access to their entire networks,” he added.

Hacker group Anonymous Africa has made headlines by taking down the websites of the SABC, as well Gupta-owned Oakbay Investments, ANN7 and The New Age.

The group has also targeted the Economic Freedom Fighters (EFF) this week.

“While today’s security strategies are dominated by a focus on breach prevention (including firewalls, antivirus, content filtering, and threat detection), history has taught us that perimeters are eventually breached and made obsolete. Simply putting up a wall around your data and standing watch is no longer enough,” said Cosser.

Encryption

South Africa ranked 26th of the most attacked countries at the end of the first three months of 2016, according to data from Check Point.

That compares with a ranking of 52nd in the comparative period in 2015.

“South Africa’s rise in ranking shows that the range and volume of attacks that organisations face has continued to grow in the first quarter of 2016, highlighting the challenges they face in securing their networks,” said Doros Hadjizenonos, country manager at Check Point Software Technologies South Africa.

Cosser advised that encryption of data is an effective strategy deal with the inevitability of unauthorised network intrusion.

“Someone is going to get past the network perimeter defences at some point. Organisations thus need to make sure that whoever gets in their system can’t use the data,” he said.