SA's place in cyber security's 'superpower struggle'

South Africa is facing a very real cyber threat and it will impact the entire country and society as a whole – unless all stakeholders in the cyber security war get serious about security, the country finds leaders actively engaged in security and there is genuine concern for society in general.

This is according to Charl van der Walt, Chief Strategy Officer at SecureData SensePost (UK), who opened the ITWeb Security Summit 2019 in Johannesburg with a keynote address evaluating the digital security status of South Africa and real-world threats to society.

Van der Walt highlighted vulnerabilities with truth, the internet, people and national security.

"For us as a community it is time for us to step in and really realise how significant the threat is and take the responsibility seriously," he said.

In his overview of where South Africa stands from a cyber security point of view and how robust it is, compared to global counterparts, Van der Walt said the country has a deep pool of cyber security talent, but at the same time, the country has fallen victim to major breaches – including the Master Deeds breach.

He added that a discussion of South Africa's posture, it is important to remember that discussion over security tends to focus on likelihood – how often could it happen, how many machines or systems will be impacted – and not enough attention to the severity thereof.

"When we benchmark South Africa, it is very difficult to know whether we are better or worse than others... on the one hand we have a great pool of skill, talent, technical capability, but on the other hand clearly these big breaches can and do happen to us in ways that are very significant."

Van der Walt believes the notion of benchmarking and defining the country's technical level and where it fits is misleading.

"To illustrate, let me talk to you today about the idea that risk has a knock-on effect. That because systems are so complexly connected with each other, when something goes wrong in one place, it has a knock-on effect in other places. It makes the impact of the systemic failure much more significant than what would perhaps be perceived," he said.

Van der Walt said the 2007 global financial crisis is a classic example, and stressed that security is a necessary condition for economic development.

He referenced research conducted by the Cambridge Centre for Risk Studies which examined the interconnectedness of IT systems, which found that these systems have similar characteristics to financial systems.

"They are very prone to high levels of debt when you underinvest, they are highly interconnected, and they are also vulnerable to the sense of panic ... people losing faith in the system and abandoning it wholesale," Van der Walt added.

The researchers modelled out the potential impact of a timely and severe breach, and discovered that in the worse-case scenario, the estimated impact on the global economy over a five-year period could be as much as US$15-trillon.

Van der Walt believes South Africa is behind on skills development, a sound policy framework, among other factors, and the net effect is that the country is sliding further backwards.

"The threat is very real, if we don't get security right, then other things won't come right," he added.