Trustwave held a roundtable in South Africa on May 23, 2013, to discuss the war on cybercrime and the role of compliance in reducing credit card fraud. The panel was hosted by Andrew Kirkland, country manager for Trustwave in South Africa, and Michael Aminzade, Director of Delivery EMEA at Trustwave, and included notaries from VISA, South African Centre for Information Security, SABRIC and the University of Pretoria.
The panellists included:
The panel's discussion was directed by questions from the attending media and the most prevalent issues that came to the fore were: the role of banks, the role of vendors and enterprises, the evolution of mobile commerce, and education.
Trustwave's Aminzade explained that the security solutions industry is getting better at educating organisations, especially when compared with the guidance that was being issued 5-7 years ago. "However," he added, "We put security measures in place, but as the users become more sophisticated, so do the hackers. "
The panellists moved through the impact of m-commerce and how banks and other organisations needed to educate consumers and prepare for the increase in mobile malware today. As the number of uneducated users using mobile phones increases, so does the risk of cybercrime as they are not given the tools to manage their devices securely.
In addition, the role of laws such as the Protection Of Personal Information (POPI) Act came under scrutiny as the media and panellists debated their value and whether or not they would make a difference today. Overall, it is believed that it gives consumers more, much needed, power and the businesses have to face a bigger stick when they fail to comply with compliance laws and mandates.
"Developers take shortcuts and this is where cybercrime focuses its efforts - on those weaknesses in code where rushed solutions have flaws they can exploit," says Trustwave's Kirkland. "The infiltrators know that deadlines, financial pressures and urgency can push developers to overlook aspects of their code. We need to stop taking shortcuts and start treating the data we have as valuable."
It is important that business recognise the importance of education and compliance. It's a process that asks employees and organisations to respect procedures to ensure that data remains secure.
"It's not if you get hacked, but when," concludes Aminzade, "Businesses need to ask what message they can give to their customers to show them that they are protected, that they have put measures in place to protect data and that they are able to respond to an issue quickly and correctly."
Related Media Coverage:
Tech Central - "Joint action needed on cyber crime"
News24 - Education 'key' to SA Cyber threat
News24 - Take cybercrime seriously, urge experts
IT Web - SA needs offensive cyber warriors