While South Africa’s Cyber Crimes Act is ranked among the world's best, the lack of a national cyber security strategy obstructs its enforcement efforts, putting the country and its people at risk of cyber threats.
This is according to advocate Jacqueline Fick, CEO of VizStrat Solutions, speaking this week at ITWeb Security Summit 2024, in Johannesburg.
She discussed the key elements that effective cyber security legislation should address, exploring how good governance practices can assist with the practical implementation of cyber security legislation, regulations and standards.
SA’s Cyber Crimes Act 19 of 2020 was signed into law by president Cyril Ramaphosa in June 2021; however, it remains in partial operation.
The Act creates cyber crimes as new criminal offences under South African law. These relate to unlawful access to a computer system or computer data storage medium, as well as unlawful interception of data and/or processing of unlawfully intercepted data.
“While the Act is a brilliant piece of legislation, the laws are nothing on their own. The country first needs to have a national cyber security strategy and we have to demonstrate to the rest of the world that our country is serious about cyber security,” commented Fick.
“SA also needs to finalise the Cyber Security Bill, and invest in continuous education and awareness programmes, not just have these as once-off. Because the cyber security threats that bite you in the backside are often the ones you don't know about, an ostrich approach is not going to work when it comes to cyber security in South Africa.”
Defining a national cyber security strategy, she explained it is a policy framework that outlines the vision, priorities and approaches needed to understand and manage risks nationally. It also highlights priorities for national cyber security programmes.
“The cyber security strategy will provide direction and outline the priorities of the various legislation. It highlights what is important for the country. It also recommends how to put in place the right structures, in order to implement the strategy.”
The national strategy must be accompanied by other important elements, including stakeholder involvement and buy-in, a maturity assessment of the security landscape, governance and risk management, and making the crucial decision on whether to legislate or regulate certain instruments.
To effectively combat cyber crime, SA needs to combine the effective enforcement of the Cyber Crimes Act and the Protection of Personal Information Act with a comprehensive Cyber Security Bill – which is still in development phase, as a revision of the Cyber Crimes and Cyber Security Bill, she asserted.
“I always say cyber security and cyber crime are two parts of the same coin, because you have the good and the bad. But that coin is the most important contribution to the digital economy, because without cyber crime legislation, and without cyber security legislation to address things that go wrong, how is the world going to trust in doing business with South Africa?”
While lack of skills and resources continue to hamper the efforts of law enforcement agencies in investigating cyber crimes, Fick believes education and awareness programmes for citizens and organisations are a critical weapon to fight cyber threats and make systems hack-proof.
“South Africa is still a young democracy; we know our human rights but do we know enough about how to behave in cyber space? This is not a SAPS problem, it's an ‘us’ problem, because if people have enough awareness and education, they would understand what types of crimes they are exposed to, and they would take the necessary steps to protect themselves because cyber criminals rely on our ignorance.”
Share