Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

What’s inside Pandora’s box?

April 2014 Information Security

Small businesses are increasingly becoming prey for hackers, espionage, online fraud and social engineering. It is a growing and pervasive plague across the world.

South Africa is not immune. According to a recent media report by Fin24, cybercrime costs us around R1 billion a year. Internationally, SA has the sixth-highest rate of cybercrime.

In the last few years, there has been a shift away from traditional white-collar crime to cybercrime. According to international statistics, illegal profits of cybercrime will become the highest of all white-collar crime. For example, the massively successful Trojan, Zeus, hit the UK banking sector hard in terms of costly online banking thefts and fraud. The rest of Europe was also affected by the Trojan.

In South Africa, we have also seen an increase in Internet banking and credit card fraud. There are criminals using ICT platforms to gain illegal access to data-access, electronic vandalism and to intercept sensitive or value-rich communications.

The obtrusive forms of cybercrime – hacking, phishing, data espionage and data interference – has been compounded by sophisticated related crimes, such as intellectual property theft, identity theft and social engineering.

These criminals are targeting smaller businesses in South Africa, from as far away as Nigeria, India, and Russia. Keep in mind, these criminals are seldom a rogue hacker but highly organised and effective syndicates.

Social engineering relies on manipulating social networking and face-to-face interactions to soften or fool victims. Increasingly, these criminals take advantage of a user’s trust in social networking connections – on Facebook, Twitter, etc. – to attract fresh prey.

Switching it up

Overall, the latest trend in cybercrime is a change in platform from computers to cell and smartphones, Android tablets and iPads. We all know about phishing, which is fraud related to e-mails and passwords. Now criminals also exploit voice over Internet protocols (VoIP) to perpetrate vishing – telephonic-based phishing swindles. With staff using their own devices for work, this opens up more and more points of attack. For example, smishing – a form of SMS phishing – is also becoming more prevalent.

Criminals have also exploited the second factor in cybercrime: the human factor. Social engineering is a highly effective tool for criminals – they target individuals to infiltrate your company, or exploit and manipulate them to assist in stealing data and funds, not to mention using them to sabotage your credibility.

Don’t forget that once your company or organisation has been targeted, criminals can destroy your reputation or social trust, impersonate personnel online, conceal identity, launder money, steal resources, or extort people within your organisation.

While the Internet may be a small keyhole, it can unlock a Pandora’s box of cybercrime, which will multiply again and again once it has been opened.

Human error

Most companies have stringent spyware, anti-virus software and HR policies governing information. Network administrators can block dangerous network activity, block the download of unknown programs and use encryption to limit risk.

However, there is no technology that can eradicate human error. While cybercriminals may bribe or collude with people within your organisation to commit a crime, most rely on the ignorance, laziness or even their willingness to be helpful.

Education is essential. Companies need to start creating an awareness of cybercrime among employees, shareholders, vendors and other stakeholders. For example, they need to know the risks of using their own devices for work purposes – just leaving a smartphone unattended in a coffee shop could present an opportunity to a criminal.

Even in the office, misuse of company information and communication technology (ICT) can put your company’s security at risk.

Using Skype or IM, file sharing, visiting entertainment or adult sites – these make the device vulnerable because these are the sites hackers use to gain access to your company. It takes just one infected computer to make the whole IT infrastructure sick.

When using Facebook, for example, individuals should not click on any link that looks like spam, even if it comes from a trusted friend. It is always a good idea to limit the information posted on social media.

Create guardians

Because your staff has access to your corporate information daily – passwords, financial statements, procurement documents, intellectual property, marketing strategies – it makes sense to make them the guardians of this information.

Every staff member must be trained on ITC security awareness – what to look for, what to report and, more importantly, what not to do online. It should be a part of your HR, security and management programmes. It makes sense for companies to give people the tools they need to fight cybercrime – the facts, the guidelines, the resources.

For more information contact iFacts, +27 (0)11 609 5124, sonya@ifacts.co.za, www.ifacts.co.za



Credit(s)

Tel: +27 11 453 1587
Email: admin@ifacts.co.za
www: www.ifacts.co.za
Articles: More information and articles about iFacts



Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Who are you?
Access Control & Identity Management Information Security
Who are you? This question may seem strange, but it can only be answered accurately by implementing an Identity and Access Management (IAM) system, a crucial component of any company’s security strategy.

Read more...
What is your ‘real’ security posture?
BlueVision Editor's Choice Information Security Infrastructure AI & Data Analytics
Many businesses operate under the illusion that their security controls, policies, and incident response plans will hold firm when tested by cybercriminals, but does this mean you are really safe?

Read more...
What is your ‘real’ security posture? (Part 2)
BlueVision Editor's Choice Information Security Infrastructure
In the second part of this series of articles from BlueVision, we explore the human element: social engineering and insider threats and how red teaming can expose and remedy them.

Read more...
Strengthening organisational integrity in 2026 and beyond
iFacts Security Services & Risk Management
In 2026, the risks facing organisations, whether in the corporate sector or government, will be more complex and far-reaching. Employee screening will have to be more complex and comprehensive.

Read more...
Sophos announces evolution of its security operations portfolio
Information Security
Sophos has announced significant enhancements to its security operations portfolio via Sophos XDR and Sophos MDR offerings, marking an important milestone in its integration journey following the acquisition of Secureworks in February 2025.

Read more...
Cybersecurity operations done right
LanDynamix SMART Security Solutions Technews Publishing Information Security
For smaller companies, the costs associated with acquiring the necessary skills and tools can be very high. So, how can these organisations establish and maintain their security profile amid constant attacks and evolving technology?

Read more...
AI security with AI Cloud Protect
Information Security
AI Cloud Protect is now available for on-premises enterprise deployments to secure AI model development, agentic AI applications, and inference workloads with zero impact on performance.

Read more...
Kaspersky finds security flaws that threaten vehicle safety.
News & Events Information Security Transport (Industry)
At its Security Analyst Summit 2025, Kaspersky presented the results of a security audit that exposed a significant security flaw enabling unauthorised access to all connected vehicles of one automotive manufacturer.

Read more...
The overlooked risks of everyday connectivity
Information Security
That free Wi-Fi you are using could end up costing you a lot more money than your hotspot data if it has been compromised, says Richard Frost, head of technology solutions and consulting at Armata Cyber Security.

Read more...
Syndicates exploit insider vulnerabilities in SA
Information Security Security Services & Risk Management
Today’s cyber criminals do not just exploit vulnerabilities in your systems; they exploit your people, turning trusted team members into unwitting accomplices or deliberate collaborators in their schemes.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.