By Anthony Pillay
Cyber theft, especially ransomware, has hit businesses and the legal profession has become a key target for cyber-criminals. Critical services to the public, such as healthcare and social services have been targeted, and recently the Department of Justice has seen the adage ‘not if but when’.
Large corporations who have invested millions in cybersecurity have all fallen victim to this scourge.
Business executives have learned that cybersecurity should be treated as a risk and evaluated by cost and benefit analysis.
Dependent on your business and the potential impact and the cost of recovery, this risk may be classified as a strategic risk.
Discussions on cyber risks are not confined to information and communications technology. They must include risk management discussions at the executive level, namely –
Unlike other risks, there must be an audit of the users, devices, critical systems, business recovery plans on post-breach communication strategy.
This information must be used to build resilience in the systems and educate users continuously. Thus, it requires a directed and focused approach.
Based on the National Association of Corporate Directors and the Internet Security Alliance guidelines on ‘Cyber-risk Oversight 2020: Key Principles and Practical Guidance for Corporate Boards’, risk oversight must include the following:
The Board must keep a balance between protecting the organisation’s security and mitigating losses, while ensuring profitability and growth in a competitive environment.
The Law Society of South Africa previously published the following key strategies for cyber risks:
– ‘first, fully understand the problem;
– second, explore a wide range of possible solutions;
– third, iterate extensively through prototyping and testing; and
– finally, implement through customary deployment mechanisms’ (Rebecca Linke ‘Design thinking, explained’ (https://mitsloan.mit.edu, accessed 23-11-2021)).
The Law Society of South Africa’s Cybersecurity Helpdesk is headed by Anthony Pillay. Mr Pillay is currently the Acting Executive Director of the Law Society of South Africa.
This article was first published in De Rebus in 2021 (Dec) DR 41.
De Rebus proudly displays the “FAIR” stamp of the Press Council of South Africa, indicating our commitment to adhere to the Code of Ethics for Print and online media, which prescribes that our reportage is truthful, accurate and fair. Should you wish to lodge a complaint about our news coverage, please lodge a complaint on the Press Council’s website at www.presscouncil.org.za or e-mail the complaint to enquiries@ombudsman.org.za. Contact the Press Council at (011) 4843612.
South African COVID-19 Coronavirus. Access the latest information on: www.sacoronavirus.co.za
|