South Africa underestimates insiders threats

Access & Identity Management Handbook 2011 Access Control & Identity Management

Evil hackers are not your biggest threat, trusted insiders are.

As many as 71% of South African companies have discovered cases of fraud committed by their own employees over the last few years. This startling statistic was uncovered in the first Insider Threat survey, sponsored by Magix Integration.

The survey was conducted to investigate the level of awareness of insider threats in South African businesses and to determine how prepared organisations are to mitigate these risks. The results show that, while awareness of the threats posed by trusted people within organisations was growing, few companies are in a position to effectively protect their systems and data.

“For example, only 38% of the respondent companies have a data leakage prevention (DLP) strategy and deployment in place,” says Hedley Hurwitz, MD of Magix Integration. “This is after 10% admitted they had suffered financial loss due to abuse of infrastructure, databases or applications.

“Magix views risk as arising out of vulnerabilities in three categories, infrastructure, data and user behaviour. There are two lines of attack on these vulnerabilities, those from outside and those from within. We assert that all threats result from weaknesses on the inside because the outside attack is only an attempt to gain access to the organisation. Once access is gained, the outsider becomes an insider and can exploit the same internal vulnerabilities as trusted employees.”

No monitoring

The survey also found that 42% have no mechanism for monitoring users and only 15% have a reliable software inventory mechanism to prevent malicious and unlicensed software from being installed on corporate systems.

Looking further into the results, 45% of companies do not monitor database access and vulnerabilities, leaving sensitive information open to abuse and theft. Finally, in an age where mobile devices that can hold gigabytes of information are small and easily concealed, only 38% of companies ensure data transferred to removable disks is encrypted, while only 14% are able to detect if unauthorised devices are attached to the corporate network.

Despite the availability of solutions to protect infrastructure and data, too many companies are still leaving confidential information at risk. Not only can companies lose their customer and sales-lead information, but also their pricing strategies and future plans, putting the future of the organisation at risk.

“The results are more surprising when considering governance and compliance legislation,” adds Hurwitz. “Failing to protect data can result in breaches of the King III principles, the Companies Act and the soon to be legislated Protection of Personal Information Act. The results are not embarrassment or a slap on the wrist, but can be hefty fines and even incarceration for directors.”

Hedley Hurwitz, MD, Magix Integration
Hedley Hurwitz, MD, Magix Integration

For more information contact Magix Integration, +27 (0)11 258 4442,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Enhanced biometric technology for mines
September 2019, ZKTeco , Mining (Industry), Access Control & Identity Management
Biometric identification and authentication are currently used at various mines in South Africa and in the SADC region.

Improving access in mines
October 2019, Astra Fasteners , Mining (Industry), Access Control & Identity Management, Products
The VP1 controller provides full access control and remote monitoring of intelligent locks without having to wire into a network or install, manage and maintain software.

Invixium and Pyro-Tech partner in South Africa
October 2019 , News, Access Control & Identity Management
Invixium, a manufacturer of IP-based biometric solutions and Pyro-Tech Security Suppliers have announced a new distribution partnership.

Suprema receives FBI PIV/FAP30 certification
October 2019, Suprema , News, Access Control & Identity Management
Suprema has announced that the company's BioMini Slim 3 has received FBI PIV (Personal Identity Verification) and Mobile ID FAP30 certification.

Frictionless access with a wave
October 2019, IDEMIA , Access Control & Identity Management, Residential Estate (Industry)
IDEMIA was the Platinum Sponsor for the Residential Estate Security Conference 2019 and set up its MorphoWave Compact frictionless fingerprint biometric scanner at the entrance to the conference.

Streamlined access and reporting
October 2019, Comb Communications , Access Control & Identity Management, Residential Estate (Industry)
The main focus of the Comb stand was its practical demonstration of the MK II Lite intercom system with third-party integrated products.

Customised and integrated solutions
October 2019, Suprema , Access Control & Identity Management, Residential Estate (Industry)
iVisit offers both high-end and low-end residential complexes a cost-effective visitor management solution that is fully integrated into Suprema's offerings.

Access solutions for every estate
October 2019, Impro Technologies , Access Control & Identity Management, Residential Estate (Industry)
Impro's flagship Access Portal solution comprises one of the most user-friendly software solutions on the market.

SALTO achieves Environmental Product Declaration (EPD)
October 2019, Salto Systems Africa , News, Access Control & Identity Management
SALTO Systems has announced that it has received the first Environmental Product Declaration (EPD) for XS4 smart locking solutions, including the XS4 Original model for the European and Scandinavian standard ...

Managing staff effectively
September 2019, dormakaba South Africa, iPulse Systems , Integrated Solutions, Access Control & Identity Management
Workforce management solutions allow organisations to track the relationship between productivity and the cost of employment, incorporating issues such as health and safety, T&A, rostering and more.