Biggest IT security threats in South Africa

Jamie McKane

MyBroadband Journalist
Super Moderator
Joined
Mar 2, 2016
Messages
4,478
Biggest IT security threats in South Africa

As businesses and consumers alike become increasingly reliant on technology and online systems for efficiency and entertainment, they become more vulnerable to attackers.

And the more services you are subscribed to, the greater your potential attack surface.
 

ghoti

Karmic Sangoma
Joined
Jan 17, 2005
Messages
45,693
A large threat to cyber security in SA are admins who dont really know what they are doing (not all of them, but many of them) and bad corporate governance infosec practices. My experience is that many admins are divorced from the reality of modern infosec and are still stuck back on the internet 20 years ago.
 

ActivateD

Expert Member
Joined
Jun 7, 2004
Messages
1,342
My take on the biggest IT security threat. I believe that there is a disconnect between IT and the rest of the company. Users think cyber security are "IT issues" and they do not want to get involved. Some SA organisations are spend large sums of money on cyber security initiatives and technology only for a user to click on a phishing email, plug unknown USBs or download games with malware(Eskom lol). Users are not interested or lose interest as soon as the security campaign are stopped.

We need to get buy in from users as well by threat or dangling something good in front of them.
 

Daruk

Honorary Master
Joined
Jul 18, 2008
Messages
39,038
My take on the biggest IT security threat. I believe that there is a disconnect between IT and the rest of the company. Users think cyber security are "IT issues" and they do not want to get involved. Some SA organisations are spend large sums of money on cyber security initiatives and technology only for a user to click on a phishing email, plug unknown USBs or download games with malware(Eskom lol). Users are not interested or lose interest as soon as the security campaign are stopped.

We need to get buy in from users as well by threat or dangling something good in front of them.
Spot on. Only when firms invest in cybersecurity education across the board will things improve. Endpoint protection is good and all that but it means squat when the crims are already in your system through some non IT staff member bringing crap on a flash stick, their personal laptop, or clicking crap in emails. Have even seen guys bring their own unsecured wifi hotspots to work to connect their phones thinking they're being very clever.
 

MidnightWizard

Expert Member
Joined
Nov 14, 2007
Messages
4,694
Have even seen guys bring their own unsecured wifi hotspots to work to connect their phones thinking they're being very clever.
Immediate grounds for TERMINATION of employee service
Just hit the door running and never come back
Applies to opening "strange" emails as well

I would have thought that a properly segmented network would obviate such problems
USB can be disconnected / locked in OS by ADMIN
A WiFi "sniffer"can be used to check "pirate" transmissions
ALL mail should be screened at entry and egress by a proper enterprise system [ UNIX]

Everything you have said so far are normal things a PROPER Admin should be taking care of -- EVERY DAY !

EVERY sensible SysAdmin KNOWS that the weakest link exists between the chair and the KB !
 

ghoti

Karmic Sangoma
Joined
Jan 17, 2005
Messages
45,693
My take on the biggest IT security threat. I believe that there is a disconnect between IT and the rest of the company.
You are not wrong here

Users think cyber security are "IT issues" and they do not want to get involved.
Users that are not educated correctly are just another attack surface to be exploited by criminal elements.
 

Genisys

Executive Member
Joined
Jan 12, 2016
Messages
9,478
Immediate grounds for TERMINATION of employee service
Just hit the door running and never come back
Applies to opening "strange" emails as well

I would have thought that a properly segmented network would obviate such problems
USB can be disconnected / locked in OS by ADMIN
A WiFi "sniffer"can be used to check "pirate" transmissions
ALL mail should be screened at entry and egress by a proper enterprise system [ UNIX]

Everything you have said so far are normal things a PROPER Admin should be taking care of -- EVERY DAY !

EVERY sensible SysAdmin KNOWS that the weakest link exists between the chair and the KB !
Hold up, terminating someones employment because they used their personal devices in a way they see fit won't sit well with the CCMA (Especially if they use their own personal hotspot on their personal cellphone as per the post you quoted), nor will it sit well with any director/HR department who knows that is a BS reason to dismiss someone. Whats next? Getting someone dismissed for using their mobile data on their personal device rather than your WiFi network?
 

ekske1

Executive Member
Joined
Apr 22, 2017
Messages
5,073
Immediate grounds for TERMINATION of employee service
Just hit the door running and never come back
Applies to opening "strange" emails as well

I would have thought that a properly segmented network would obviate such problems
USB can be disconnected / locked in OS by ADMIN
A WiFi "sniffer"can be used to check "pirate" transmissions
ALL mail should be screened at entry and egress by a proper enterprise system [ UNIX]

Everything you have said so far are normal things a PROPER Admin should be taking care of -- EVERY DAY !

EVERY sensible SysAdmin KNOWS that the weakest link exists between the chair and the KB !
[X] caps
[X] bold

retardation levels high.
 

Johnatan56

Honorary Master
Joined
Aug 23, 2013
Messages
24,971
Hold up, terminating someones employment because they used their personal devices in a way they see fit won't sit well with the CCMA (Especially if they use their own personal hotspot on their personal cellphone as per the post you quoted), nor will it sit well with any director/HR department who knows that is a BS reason to dismiss someone. Whats next? Getting someone dismissed for using their mobile data on their personal device rather than your WiFi network?
If your policy bans you using personal devices and/or hotspots at work, then I think you can use it as a dismissal as long as warnings are given.
 

ToxicBunny

Honorary Master
Joined
Apr 8, 2006
Messages
81,771
If your policy bans you using personal devices and/or hotspots at work, then I think you can use it as a dismissal as long as warnings are given.
It would be tricky... So long as that personal use doesn't breach the company network and doesn't impact the work of the employee it would be difficult to sell that to the ccma.
 

access

Executive Member
Joined
Mar 17, 2009
Messages
9,034
Not really a good approach to dealing with the issue when the CEO and CFO are "users".
bet some sysadmins / post-as-goers didn't think of that ;)
how does their title prevent them from doing something idiotic.

in fact, many times some will tell you they are an idiot/stupid when it comes to "these things". others try act like they know whats going on and end up looking like an idiot, but you dont tell them... ;)
 

Genisys

Executive Member
Joined
Jan 12, 2016
Messages
9,478
If your policy bans you using personal devices and/or hotspots at work, then I think you can use it as a dismissal as long as warnings are given.
It depends on circumstances, most contracts won't provision for that as its a very specific requirement.
 

Johnatan56

Honorary Master
Joined
Aug 23, 2013
Messages
24,971
It would be tricky... So long as that personal use doesn't breach the company network and doesn't impact the work of the employee it would be difficult to sell that to the ccma.
It depends on circumstances, most contracts won't provision for that as its a very specific requirement.
Yep, but you could state ban on personal devices, must be used in certain areas, etc.

Never said it was a very good idea.
 

ToxicBunny

Honorary Master
Joined
Apr 8, 2006
Messages
81,771
Yep, but you could state ban on personal devices, must be used in certain areas, etc.

Never said it was a very good idea.
You could... But I think the ccma would take a bit of a dim view of a policy like that in some work segments...
 

ekske1

Executive Member
Joined
Apr 22, 2017
Messages
5,073
how does their title prevent them from doing something idiotic.

in fact, many times some will tell you they are an idiot/stupid when it comes to "these things". others try act like they know whats going on and end up looking like an idiot, but you dont tell them... ;)
Do I need to point out the obvious?

Think you missed the point here labeling isn't fixing the problem. Which is pretty much (I am sure) ghoti was pointing out.
 
Top