South Africa underestimates insiders threats

Access & Identity Management Handbook 2011 Access Control & Identity Management

Evil hackers are not your biggest threat, trusted insiders are.

As many as 71% of South African companies have discovered cases of fraud committed by their own employees over the last few years. This startling statistic was uncovered in the first Insider Threat survey, sponsored by Magix Integration.

The survey was conducted to investigate the level of awareness of insider threats in South African businesses and to determine how prepared organisations are to mitigate these risks. The results show that, while awareness of the threats posed by trusted people within organisations was growing, few companies are in a position to effectively protect their systems and data.

“For example, only 38% of the respondent companies have a data leakage prevention (DLP) strategy and deployment in place,” says Hedley Hurwitz, MD of Magix Integration. “This is after 10% admitted they had suffered financial loss due to abuse of infrastructure, databases or applications.

“Magix views risk as arising out of vulnerabilities in three categories, infrastructure, data and user behaviour. There are two lines of attack on these vulnerabilities, those from outside and those from within. We assert that all threats result from weaknesses on the inside because the outside attack is only an attempt to gain access to the organisation. Once access is gained, the outsider becomes an insider and can exploit the same internal vulnerabilities as trusted employees.”

No monitoring

The survey also found that 42% have no mechanism for monitoring users and only 15% have a reliable software inventory mechanism to prevent malicious and unlicensed software from being installed on corporate systems.

Looking further into the results, 45% of companies do not monitor database access and vulnerabilities, leaving sensitive information open to abuse and theft. Finally, in an age where mobile devices that can hold gigabytes of information are small and easily concealed, only 38% of companies ensure data transferred to removable disks is encrypted, while only 14% are able to detect if unauthorised devices are attached to the corporate network.

Despite the availability of solutions to protect infrastructure and data, too many companies are still leaving confidential information at risk. Not only can companies lose their customer and sales-lead information, but also their pricing strategies and future plans, putting the future of the organisation at risk.

“The results are more surprising when considering governance and compliance legislation,” adds Hurwitz. “Failing to protect data can result in breaches of the King III principles, the Companies Act and the soon to be legislated Protection of Personal Information Act. The results are not embarrassment or a slap on the wrist, but can be hefty fines and even incarceration for directors.”

Hedley Hurwitz, MD, Magix Integration
Hedley Hurwitz, MD, Magix Integration

For more information contact Magix Integration, +27 (0)11 258 4442,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Simple steps to protect yourself against identity theft
November 2019 , Access Control & Identity Management
Are you doing enough to reduce the risk of having your identity stolen?

Looking ahead with mobile access technologies
Access & Identity Management Handbook 2020, Technews Publishing, HID Global, dormakaba South Africa, Salto Systems Africa, Suprema, Gallagher , Access Control & Identity Management, Integrated Solutions
Given the broad use of smartphones around the world and the numerous technologies packed into these devices, it was only a matter of time before the access control industry developed technology that would ...

Mobile access is more secure than card systems
Access & Identity Management Handbook 2020 , Access Control & Identity Management
The ability to use mobile phones as access credentials is one of the biggest trends in a market that historically has been slow in adopting new technology.

This is the future. This is what we do.
Access & Identity Management Handbook 2020, ZKTeco , Access Control & Identity Management
ZKTeco has created a unique range of visible light facial recognition products combined with a flexible Android platform.

The security of biometrics
Access & Identity Management Handbook 2020, ViRDI Distribution SA, IDEMIA , Technews Publishing, Suprema , Access Control & Identity Management
Hi-Tech Security Solutions asks whether your personal biometric data is safe from prying eyes.

A picture spoofs a thousand cameras
Access & Identity Management Handbook 2020, NEC XON, Hikvision South Africa, Technews Publishing , Access Control & Identity Management
Hi-Tech Security Solutions looks into the reliability and effectiveness of facial biometrics as well as the concerns about privacy.

IoT and behavioural authentication
Access & Identity Management Handbook 2020, CA Southern Africa , Access Control & Identity Management
IoT represents an increasing security risk to individuals in the form of pervasive, always-on monitoring of your personal activity with a potential compromise of your most personal security credentials.

Border crossing and national identification
Access & Identity Management Handbook 2020 , Access Control & Identity Management
Amidst a choice of technologies, diversity of policy frameworks, and emergent priorities, countries that intend to upgrade their identification systems today find themselves drawn into a complex vortex.

T&A by biometrics in the cloud
Access & Identity Management Handbook 2020 , Access Control & Identity Management
Time and attendance solutions have evolved from punch cards to cost-effective and more accurate cloud-based biometric systems.

Scalable access solution
Access & Identity Management Handbook 2020 , Access Control & Identity Management, Integrated Solutions
Bosch Building Technologies makes access management simple, scalable and always available with Access Management System 2.0.