Feb.06

Feb.05

Cybersecurity – It’s Just One Piece of a Comprehensive Information Security Program

Written by John Remsey, IMEC Senior Technical Specialist

Cybersecurity has become a hot topic within manufacturing over the past months, especially for the Defense supply chain with the federal government increasing their emphasis on addressing threats to the security of information.  In December 2015, the U.S. Department of Defense (DOD) released a rule to the Defense Acquisition Federal Regulation Supplement (DAFRS) that requires government contractors to implement the requirements of National Institutes of Standards and Technology (NIST) Special Publication (SP) 800-171 by December 31, 2017.  With this deadline fast approaching, conversation, and urgency, to become compliant is increasing.

The requirements of NIST SP 800-171 are intended to protect the confidentiality of Controlled Unclassified Information (CUI) in non-federal organizations and their supply chains.  A failure to meet these requirements may result in the loss of supply contracts and liability for the organization should an escape of CUI occur internally or their suppliers and service providers.  While organization doing business with the federal government should expect these types of requirements to increase over time, it is good practice for all organizations (manufacturers included) to protect information they have been provided during business activities.

While Cybersecurity, and the external threats commonly associated with it such as Hacking, Spyware, Ransomware and Malware, is very important, it’s also important to realize that it is just ONE PIECE of an effective Information Security Program.  An organization’s exposure to information vulnerabilities extends well beyond the interconnected world.  A comprehensive Information Security program also includes:

•  Privacy: Adequately protecting the information and identity of your Employees, Customers, Suppliers and other Resource Providers.  Ensuring that controls, systems and procedures are in place to restrict access to this information to only those who absolutely need it and include procedures for the archiving and purging of excess, expired or unnecessary information.

•  Physical Security: Protecting, limiting and monitoring access to information stores and access points.  Securing data storage, access points and other means of physical access.

•  Contingency Planning & Disaster Recovery: Developing, testing and deploying the tools and processes needed to quickly and effectively recover information in event of a catastrophe.  Speed to recovery from an information event can be the difference between recovery and loss of operations.

•  Operational Security: Protecting private business intentions, processes and Media response channels.  Limiting the access to strategic and market differentiating information.  Developing an informational response plan to quickly and effectively address any potentially adverse information regarding the organization.

•  Personnel Security: Implementing background checks for staff and service providers with access to information as well as behavior monitoring to proactively detect exposure risks.  Implement the tools and procedure necessary to have confidence that those invited to access information are focused on using it for the good of the organization and its stakeholders.  Monitor activity at all levels and implement triggers and warnings should information flow or user behaviors vary beyond normal expectations.

Manufacturers have a variety of tools available to help pursue comprehensive organizational security, starting with cybersecurity.  The first step is to determine one’s existing cybersecurity protections and tools and identify easy gaps to fill.  Taking protective steps can decrease the time and resources spent on a security breach.  Contact IMEC at info@imec.org or 888.806.4632 to learn more about existing self-assessments to get your company started.

Source

http://blog.imec.org/blog/2017/09/cybersecurity-just-one-piece-comprehensive-information-security-program

Management

Feb.05

Feb.01

South Africa’s information security challenges

South Africa is one country that has been struggling to come to terms with the huge cyber security problem it faces. According to the Global Fraud Report, an annual publication that ranks regions according to the number of incidents of cybercrime, sub-Saharan Africa has the third highest exposure to incidents of cyber fraud of any region in the world. And, according to the research, incidences of cybercrime and cyber security breaches are rising.

South Africa is one of the leading targets for cybercriminals on the African continent due to its relatively high rate of internet connectivity in relation to other African countries. This opens it up to all kinds of threats, many of which businesses and private individuals are ill-equipped to deal with.

What type of risks does it face?

As with other countries around the world, South Africa faces and an ever-evolving range of threats. However, the Global Fraud Report ranks data deletion due to system issues as the most prevalent form of attack. After that, wire transfer accounted for 26 percent of cybercrime in the country, which was far above the global average of 14 percent.

Other prevalent forms of attack include viruses and email-based phishing scams, which cause such problems that short-term South African lender Wonga has recently produced a guide to help its customers identify genuine and fake emails.

The report also looked at the numerous threats to South African businesses, with unlawful acquisition or interference with sensitive data the most common. In fact, data breaches were found to have a total organisational cost of R20,6 million.

The introduction of the Cybercrimes and Cyber Security Bill

Until very recently, South Africa did not have any legislation in place to combat cybercrimes. On 21 February 2017, all that changed with the introduction of the Cybercrimes and Cyber Security Bill. That criminalised a number of activities that includes but is not limited to:

  • Unlawful acquisition of data

  • Unlawful acts in respect of software or hardware tools

  • Unlawful interference with a computer programme

  • Unlawful acquisition, possession, provision, receipt or use of password, access codes or similar data or devices

  • Unlawful interference with a computer data storage medium or computer system

The Bill also imposes a range of penalties for offenders which includes fines and custodial sentences of up to 15 years.

The first line of defence

Although the new legislation will make it easier to prosecute those involved in cybercrime, it will not help to protect businesses and private individuals in the first instance. When it comes to your personal finances, the onus is on you to protect yourself.

This can be done by:

  • Updating your operating system, software and internet browser

  • Regularly running up-to-date antivirus software

  • Keeping a backup of important files

  • Regularly changing your passwords

  • Learning to recognise the signs of phishing scams

Do you think the government is doing enough to combat cybercrime?

Perhaps you’ve been a victim?

Please share your experiences in the comments below.


Partner Content: This article is brought to you by Wonga.

Source

https://www.iafrikan.com/2018/04/19/the-ongoing-battle-against-cybercrime-in-south-africa/

Management

Feb.01

South Africa’s information security challenges

South Africa is one country that has been struggling to come to terms with the huge cyber security problem it faces. According to the Global Fraud Report, an annual publication that ranks regions according to the number of incidents of cybercrime, sub-Saharan Africa has the third highest exposure to incidents of cyber fraud of any region in the world. And, according to the research, incidences of cybercrime and cyber security breaches are rising.

South Africa is one of the leading targets for cybercriminals on the African continent due to its relatively high rate of internet connectivity in relation to other African countries. This opens it up to all kinds of threats, many of which businesses and private individuals are ill-equipped to deal with.

What type of risks does it face?

As with other countries around the world, South Africa faces and an ever-evolving range of threats. However, the Global Fraud Report ranks data deletion due to system issues as the most prevalent form of attack. After that, wire transfer accounted for 26 percent of cybercrime in the country, which was far above the global average of 14 percent.

Other prevalent forms of attack include viruses and email-based phishing scams, which cause such problems that short-term South African lender Wonga has recently produced a guide to help its customers identify genuine and fake emails.

The report also looked at the numerous threats to South African businesses, with unlawful acquisition or interference with sensitive data the most common. In fact, data breaches were found to have a total organisational cost of R20,6 million.

The introduction of the Cybercrimes and Cyber Security Bill

Until very recently, South Africa did not have any legislation in place to combat cybercrimes. On 21 February 2017, all that changed with the introduction of the Cybercrimes and Cyber Security Bill. That criminalised a number of activities that includes but is not limited to:

  • Unlawful acquisition of data

  • Unlawful acts in respect of software or hardware tools

  • Unlawful interference with a computer programme

  • Unlawful acquisition, possession, provision, receipt or use of password, access codes or similar data or devices

  • Unlawful interference with a computer data storage medium or computer system

The Bill also imposes a range of penalties for offenders which includes fines and custodial sentences of up to 15 years.

The first line of defence

Although the new legislation will make it easier to prosecute those involved in cybercrime, it will not help to protect businesses and private individuals in the first instance. When it comes to your personal finances, the onus is on you to protect yourself.

This can be done by:

  • Updating your operating system, software and internet browser

  • Regularly running up-to-date antivirus software

  • Keeping a backup of important files

  • Regularly changing your passwords

  • Learning to recognise the signs of phishing scams

Do you think the government is doing enough to combat cybercrime?

Perhaps you’ve been a victim?

Please share your experiences in the comments below.


Partner Content: This article is brought to you by Wonga.

Source

https://www.iafrikan.com/2018/04/19/the-ongoing-battle-against-cybercrime-in-south-africa/

Management