The Sony Playstation network hack attack of 2011 may be the most well known such incident but it is hardly an isolated case. The disheartening reality is that unlawful online activity is flourishing, whether it involves distributing viruses, hacking systems or stealing money.
The worst viruses are estimated to have caused billions of dollars in losses worldwide. There has not been a serious virus attack in the past few years but this is probably more luck than superior anti-virus technology. No cyber security vendors seriously suggest that the war against viruses has been won. It is most likely only a matter of time before the next big one.
South Africa is a major victim of the cybercrime assault. Phishing attacks are on the increase. South Africa is reportedly amongst the highest targeted countries in the world for phishing attacks. Although astonishing to some, 419 scams remain lucrative for online fraudsters. People are duped daily into believing that they have won lotteries they did not enter, that they have inherited millions from relatives overseas they have never heard of or that complete strangers are prepared to share a pot of gold with them for no apparent reason.
The law has struggled to control the scourge. The Electronic Communications and Transactions Act outlaws all of these activities but detection is almost unheard of and prosecutions are rare.
In February the government announced that cabinet had approved a cyber security policy framework for South Africa. The policy originated as a request by government for public comment. The introductory note to the request stated that current law and legal structures are inadequate to deal with the increasing threat of online criminal threat.
The aims of the resulting policy are laudable: the development of indigenous cyber security technologies, interaction with international internet crime fighting organisations, a safe and secure cyberspace, public awareness and the promotion of a culture of cyber security, amongst others. The amendment of existing laws to promote and enforce these objectives is envisaged.
As would be expected from a policy document, the framework lacks detail on firm steps to be taken to achieve these things and since February little progress appears to have been made. This is unsurprising beause the task is stupendous. New, tougher laws by themselves will not enhance safety in the internet environment any more than they would in the physical world.
Significant investments will be needed in a number of different areas ranging from criminal detection and pursuit agencies to prosecutors and public education. With so many urgent demands on the public purse, it is questionable whether the will exists to prioritise cyber security over human rights needs such as health, education and housing.
A short-sighted approach now will result in damage to our society in the long term that affects our ability to address these basic human rights. Phishing and 419 scam onslaughts continue unabated. The Information Security Group of Africa estimated in 2011 that the country’s loss to cybercrime over the previous three years was R1 billion.
Cybercrime is insidious. Its effects are less dramatic than the violent crime that has hold over the popular consciousness but they are no less serious. The trajectory of a society enveloped by crime is downward. The cyber security policy framework is a recognition that we are at a decision point whether we are resolute or weak in our approach to cyber crime. But it will take more than consultants and policymakers to achieve the difference needed. If we do not take action now to overwhelm cybercrime we risk being overwhelmed by it in the future.