Cybercrime continues to evolve, with new threats surfacing every day. Last year an Accenture study revealed a huge spike in cyberattacks on all fronts – banks, Internet service providers (ISPs), utilities and ecommerce platforms were hit, as were consumers. In a recent media release the FSCA confirmed that more than nine attempted attacks take place every second.
“Addressing this risk and the catastrophic consequences that come from it requires an intensive approach, something we as the Financial Sector Conduct Authority (FSCA) are aware of, take seriously and are investing in. As the authority responsible for regulating the way SA financial firms conduct themselves, we are required to stay ahead of the curve,” the FSCA confirms.
According to Phokeng Mogase, the FSCA’s chief information officer, the focus of prevention is detection, response and recovery. Mogase shares that the SA Banking Risk Information Centre has found that banking fraud incidents are on the rise, with the biggest threats coming from mobile banking, where there was a 64% increase in the number of incidents between 2017 and 2018 and a 7% increase on losses of R250bn.
“Cybercriminals take the time to study their potential victims, their business cycles and ways of working so they know the best time to attack. This means organisations need to anticipate and plan responses for possible attacks and implement incident reporting strategies accordingly,” Mogase mentions. She stresses that the FSCA is continually studying global best practice to guide and ensure that internal and external risk factors to the FSCA do not trigger other vulnerabilities in and to their system. “Some of key factors constantly under review to limit data breaches are limiting (and even negating where possible) inadequate security technology, IT configuration errors, failure to fully implement purchased security products, accidentally published data/information through internal negligence, malicious insiders, physical loss and social engineering/phishing.”
As legislation is key in the fight against cybercrime, Mogase reminds every one of the Cybercrimes Bill which is before parliament and still needs to be passed into law. “Once passed it will allow the hub and the department of communication & digital technologies to adopt sub-legislation,” she remarks. “As it stands, the Financial Sector Regulatory Act defines the specific role the FSCA plays, including protecting and enhancing financial stability and if a systemic event has occurred or is imminent, restoring or maintaining financial stability. We are also required to monitor status and take reasonable steps to prevent systemic events from occurring,” she concludes.
Click here to read the Business Day article.