South Africa underestimates insiders threats

Access & Identity Management Handbook 2011 Access Control & Identity Management

Evil hackers are not your biggest threat, trusted insiders are.

As many as 71% of South African companies have discovered cases of fraud committed by their own employees over the last few years. This startling statistic was uncovered in the first Insider Threat survey, sponsored by Magix Integration.

The survey was conducted to investigate the level of awareness of insider threats in South African businesses and to determine how prepared organisations are to mitigate these risks. The results show that, while awareness of the threats posed by trusted people within organisations was growing, few companies are in a position to effectively protect their systems and data.

“For example, only 38% of the respondent companies have a data leakage prevention (DLP) strategy and deployment in place,” says Hedley Hurwitz, MD of Magix Integration. “This is after 10% admitted they had suffered financial loss due to abuse of infrastructure, databases or applications.

“Magix views risk as arising out of vulnerabilities in three categories, infrastructure, data and user behaviour. There are two lines of attack on these vulnerabilities, those from outside and those from within. We assert that all threats result from weaknesses on the inside because the outside attack is only an attempt to gain access to the organisation. Once access is gained, the outsider becomes an insider and can exploit the same internal vulnerabilities as trusted employees.”

No monitoring

The survey also found that 42% have no mechanism for monitoring users and only 15% have a reliable software inventory mechanism to prevent malicious and unlicensed software from being installed on corporate systems.

Looking further into the results, 45% of companies do not monitor database access and vulnerabilities, leaving sensitive information open to abuse and theft. Finally, in an age where mobile devices that can hold gigabytes of information are small and easily concealed, only 38% of companies ensure data transferred to removable disks is encrypted, while only 14% are able to detect if unauthorised devices are attached to the corporate network.

Despite the availability of solutions to protect infrastructure and data, too many companies are still leaving confidential information at risk. Not only can companies lose their customer and sales-lead information, but also their pricing strategies and future plans, putting the future of the organisation at risk.

“The results are more surprising when considering governance and compliance legislation,” adds Hurwitz. “Failing to protect data can result in breaches of the King III principles, the Companies Act and the soon to be legislated Protection of Personal Information Act. The results are not embarrassment or a slap on the wrist, but can be hefty fines and even incarceration for directors.”

Hedley Hurwitz, MD, Magix Integration
Hedley Hurwitz, MD, Magix Integration

For more information contact Magix Integration, +27 (0)11 258 4442,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Weatherproof Bluetooth padlock
Issue 4 2020, ASSA ABLOY South Africa , Access Control & Identity Management
The new ABLOY BEAT locking solution includes a novel digital key, a mobile app and an IP68-rated, weatherproof Bluetooth padlock.

Touch-free face recognition terminals
Issue 4 2020, Hikvision South Africa , Access Control & Identity Management
Hikvision announces touch-free MinMoe face recognition terminals for easier access control and time and attendance.

Contactless T&A
Issue 4 2020, LD Africa , Access Control & Identity Management
Matrix COSEC APTA is a mobile-based employee portal, allowing COSEC users to monitor and manage all their time and attendance, total working hours and leave options.

New touchless upgrades
Issue 4 2020 , Access Control & Identity Management
Invixium upgrades touchless biometrics technology and introduces fever detection enhancement kit.

Expanded entrance control
Issue 4 2020, Gunnebo Africa , Access Control & Identity Management
Gunnebo entrance control solutions are now available with body temperature control and building capacity management functionality.

Entrance control from Axis
Issue 4 2020, Axis Communications SA , Access Control & Identity Management
Access control solutions from Axis offer flexibility, agility and open platforms that are fit for both today’s needs and tomorrow’s.

Paxton releases latest door entry monitor
Issue 4 2020, Paxton Access , Access Control & Identity Management
Paxton has added to its video entry product line by launching its next generation standard monitor – the Entry Standard monitor.

Safety in work and education
Issue 4 2020, ASSA ABLOY South Africa , Access Control & Identity Management
Mobile access technology provides innovative ways of keeping safe in work and educational environments.

SALTO KS integrates with FICHAJ.ES T&A software
Issue 4 2020, Salto Systems Africa , Access Control & Identity Management
The technology partnership allows SALTO KS users to add attendance features to its cloud-based wireless smart access control solution.

32-inch touchscreen for facial recognition
Issue 4 2020, ZKTeco , Access Control & Identity Management
FaceKiosk-V43 is ZKTeco’s multipurpose facial recognition smart device running on Android with a 32-inch touch screen to provide a friendly and interactive user experience.