Also known as electronic information security, cyber security relates to the practice of protecting servers, networks, systems, computers, and mobile devices from malicious treats including unauthorised access, alteration, or deletion.
When you hear an organisation or company talk about its “security policies” – cyber security is generally front and center. Many large companies have in-house cyber security or IT specialists but most companies outsource their cyber security management.
When it comes to finding out what cyber security is, it’s helpful to spilt it into two groups. The first is personal cyber security and the second is commercial cyber security. We’re going to take a closer look at both these types in part one and part two respectively below.
PART 1: Personal cyber security
Personal cyber security relates to the protection of your personal information, data, and money. It’s basically the buffer between you and a world of hackers looking to steal information and money from you.
Types of cyber attacks affecting individuals
There are four types of cyber attacks that private individuals are at risk of. These are malware attacks, phishing attacks, man in the middle attacks, and password attacks. Let’s looks at these cyber security nightmares a little more closely.
-
Malware attacks
Malware attacks which includes Trojan, adware and spyware. The males are is downloaded onto the computer and allows for the interception, retrieval, collection or destruction of sensitive data
-
Phishing attacks
As an example let’s use the popular South African online shopping platform Takealot. Let’s say you have an account with them and you bank card details have been stored on their platform to allow you to make quick and easy purchases.
One day you get an email from Takealot stating that you won a R1,000 and that to claim your reward you need to click on a like that follows. When you click the link you’re directed to a website which then asks you to log in to your Takealot account and fill in your bank card details.
The prize, email, and website were all fraudulent and designed to obtain you personal sensitive information. This is a very common type of phishing attack in South Africa with thousands of people exploring devastating financial losses.
To prevent such devastation, companies like Takealot hire cyber security specialists to increase their level of security.
-
Man in the middle attacks
This is where a hacker intercepts your connection with a website server and “pretends” to be you. They essentially take over your IP address with their system and “pretend” to be you.
If you’re sitting at Mug & Bean drinking a latte and shopping online while using the unsecured mall WiFi network, you’re open and vulnerable to man in the middle attacks.
-
Password attacks
This is where a hacker will use a program to try a range of random or simple passwords to gain entry into an account.
4 ways people can prevent cyber attacks
- 1. Ignore suspicious messages and emails and don’t follow links to websites you use often from emails and messages. Rather make use of a bookmarked page or direct URL.
- Set up a firewall on your computer or laptop. Setting up a firewall will prevent hackers from accessing your system and getting up to no good.
- Make use of complex passwords that include letters, numbers, and special characters and choose two-factor authentication whenever possible.
- Install virus protection and also make use of honey pots that offer attackers a seemingly “easy” target all the while protecting your actual system and information.
PART 2: Commercial and organisational cyber security
Government organisations, large corporate companies, non-profits, and businesses collect, store, and use a great deal of information and data on themselves, their clients, and employees.
Just imagine how many banking details, and how much personal information a company like Takealot stores.
What about the South African Home Affairs who have a system in place that stores data about things such as Births and Deaths, ID numbers, and immigration status?
What would happen if someone hacked into the system of a large university like UJ? Not only could they potentially destroy critical information but they could, if undetected, retrieve and change database information that, for instance allows them to keep track of university students who have graduated.
The risks are very real and very serious and this is exactly what cyber security companies and professionals attempt to prevent, address, and manage.
Simple examples of cyber security issues that organisations in South Africa face:
Interception of sensitive emails. For example when a law firm that formal with property transfers have their email systems hacked and a third party sends the attorneys instructions to pay proceeds of the property sale into a NEW (and obviously fraudulent account).
Access to large databases containing sensitive information. Imagine a large insurance company like Outsurance who have been selling insurance to us timers for more than 20 years and have millions of bits of data about hundreds of South African having their system hacked.
How the POPI Act fits into the cyber security space
While keeping cyber threats at bay may seem like a means to protect a company from financial losses, it also ties into data protection and privacy. Companies are required to be compliant with all the laws of the Republic – and includes the Protection of Personal information Act 4 of 2013 (POPI Act). This has made the use of specialist online security companies even more prominent – even among the smaller companies who previous gave their cyber security minimal attention.
Cyber security companies
There are a massive number of cyber security companies in South Africa that are able to review a company’s security and suggest which products and what training must be used to mitigate the risks.
These companies generally make use of a selection of products and a network of global partners to bring you the latest and most advanced technology. They also generally offer cloud computing, IT, and network and internet solutions in addition to their consulting services and solutions.
Did this article answer your question? Make sure to check out my other posts about cyber security should you want to either find a cyber security company to work with or become a cyber security professional.