South Africa underestimates insiders threats

November 2010 Access Control & Identity Management

Evil hackers are not your biggest threat, trusted insiders are.

As many as 71% of South African companies have discovered cases of fraud committed by their own employees over the last few years. This startling statistic was uncovered in the first Insider Threat survey, sponsored by Magix Integration.

The survey was conducted to investigate the level of awareness of insider threats in South African businesses and to determine how prepared organisations are to mitigate these risks. The results show that, while awareness of the threats posed by trusted people within organisations was growing, few companies are in a position to effectively protect their systems and data.

“For example, only 38% of the respondent companies have a data leakage prevention (DLP) strategy and deployment in place,” says Hedley Hurwitz, MD of Magix Integration. “This is after 10% admitted they had suffered financial loss due to abuse of infrastructure, databases or applications.

“Magix views risk as arising out of vulnerabilities in three categories, infrastructure, data and user behaviour. There are two lines of attack on these vulnerabilities, those from outside and those from within. We assert that all threats result from weaknesses on the inside because the outside attack is only an attempt to gain access to the organisation. Once access is gained, the outsider becomes an insider and can exploit the same internal vulnerabilities as trusted employees.”

No monitoring

The survey also found that 42% have no mechanism for monitoring users and only 15% have a reliable software inventory mechanism to prevent malicious and unlicensed software from being installed on corporate systems.

Looking further into the results, 45% of companies do not monitor database access and vulnerabilities, leaving sensitive information open to abuse and theft. Finally, in an age where mobile devices that can hold gigabytes of information are small and easily concealed, only 38% of companies ensure data transferred to removable disks is encrypted, while only 14% are able to detect if unauthorised devices are attached to the corporate network.

Despite the availability of solutions to protect infrastructure and data, too many companies are still leaving confidential information at risk. Not only can companies lose their customer and sales-lead information, but also their pricing strategies and future plans, putting the future of the organisation at risk.

“The results are more surprising when considering governance and compliance legislation,” adds Hurwitz. “Failing to protect data can result in breaches of the King III principles, the Companies Act and the soon to be legislated Protection of Personal Information Act. The results are not embarrassment or a slap on the wrist, but can be hefty fines and even incarceration for directors.”

Hedley Hurwitz, MD, Magix Integration
Hedley Hurwitz, MD, Magix Integration

For more information contact Magix Integration, +27 (0)11 258 4442,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

HID addresses identification challenges at ID4Africa
August 2019 , News, Access Control & Identity Management, Government and Parastatal (Industry)
Being able to verify people’s identities is critical for a nation’s growth and prosperity and yet HID says nearly half of all African citizens can’t prove who they are to vote, travel freely and receive government benefits and services.

Came acquires Turkish company Özak
August 2019, CAME BPT South Africa , News, Access Control & Identity Management
Came broadens its market horizons and signals growth and consolidation in the Middle East.

The benefits of electronic visitor management
August 2019, Powell Tronics , Access Control & Identity Management, Residential Estate (Industry)
Access control is a critical aspect of estate security as it represents the controls put in place to restrict entry (and possibly exit) along the outer boundary of the location.

Addressing risks by means of access control layout and design
August 2019 , Access Control & Identity Management, Security Services & Risk Management
In order to develop a suitable, practical and appropriate security system for any organisation, it is essential to first develop a master security and life safety plan strategy.

Secure hands-free access
August 2019, Suprema , Access Control & Identity Management, Residential Estate (Industry)
Suprema’s facial biometric terminals bring no-touch access into secure residential estates, high-rise apartments and luxury homes providing fast, easy and intuitive user authentication with the added benefit of hygiene.

MorphoAccess Sigma Extreme
August 2019, IDEMIA , Products, Access Control & Identity Management
MorphoAccess Sigma Extreme from IDEMIA is a touchscreen device with multiple recognition device interfaces (NFC chip reader, PIN and BioPIN codes, contactless card readers).

Outdoor access terminals
August 2019, Suprema , Access Control & Identity Management, Residential Estate (Industry), Products
Rugged, dust- and weather-proof access control solutions that provide exceptional durability in extreme conditions is a strong requirement for many residential estates.

MorphoWave Compact
August 2019, IDEMIA , Products, Access Control & Identity Management
The MorphoWave Compact captures and matches four fingerprints on either the right or left hand in any direction. It is robust to environmental factors such as extreme light or dust.

MorphoAccess Sigma Lite
August 2019, IDEMIA , Products, Access Control & Identity Management
IDEMIA’s MorphoAccess Sigma Lite and Lite + are fingerprint access control terminals, offering time and attendance in and out function keys.

Eliminating forced gate opening scenarios
August 2019, ET Nice , Home Security, Access Control & Identity Management
When activated by the gate forced open alarm feature, the transmitter transmits a wireless alarm signal up to 750 metres in any direction.