The 3rd edition of the AfICTA Quarterly webinar was successfully organized on 29 September 2021. The event was hosted by the Southern African Region spearheaded by Ms Ulandi Exner. The session was channelled to company representatives and business owners in attendance and was moderated by Ms Ulandi Exner, Vice-Chairman, Southern Africa, AfICTA; alongside her were panellists: Moira de Roche, Vice-President, IFIP IP3 and Director IITPSA; Dr Ghada Bahig, Engineering Manager, Mentor A Siemens; Sonja Coetzer, Managing Director, SALT Essential IT.
The theme of the session was Date is the New Oil: the Good, the Bad & the Ugly. The webinar aimed to enlighten the attendees on the necessary measures and policies to ensure the security and privacy of our personal data online as well the essential considerations for the public and private sector in the aftermath of the COVID 19 crisis. The expected outcome was to develop recommendations for both the individuals and organizations to ensure digital safety and necessary policy questions to mitigate cyber threats amid the spike in the remote workforce globally due to the COVID-19.
In the opening session, guest speaker Dr. Ghada Bahig commented on the difference between data security and data privacy, she explains that data security restricting unauthorized access by third parties to data stored while data privacy connotes the regulation and mechanism in place to properly handle, collate, process, store and use data that doesn't breach any confidentiality or rights as stipulated.
There are 3 pillars of Information security otherwise referred to as the triad which is Confidentiality, Integrity and Availability. Confidentiality deals with who accesses the data, Integrity deals with the maintenance of consistencey and accuracy of the data over its lifecycle while availability deals with the readiness to which data can be accessed.
According to a Gartner study carried out in 2019, the number one hindrance to industry adoption of AI and industry 4 technologies if the security and privacy concerns hence emphasizing the need for better policies and data security measures implemented in all sectors as we are becoming more digitalized and in conclusion, she stated that "Cybersecurity and data protection is everyone's responsibility and should not be limited to boardrooms"
Moira de Roche, Vice President of IFIP presented on the Data and Trust. The correlation between trust and data privacy can not be overstated as bad actors tirelessly work to obtain and use peoples data for good, bad and ugly. The bedrock of trust when handling people's data is consent and we must begin to implement consent laws that govern when and how people use and collect data.
The duty of care and its responsibilities is not limited to the systems and technologies in our organizations but we are the last line of defence and we must ensure that so long as we use digital products, then we must ensure we are safe with what, whom we give information to.
Trust is a major issue because trust breeds confidence and if confidence in technologies and products is minimal then it hampers economic growth which in many cases is a function of digital growth. Trust is a multi-disciplinary concept that deals with usability, reliability, security, privacy and safety and data security and privacy are 21st-century soft skills that everyone must have. One of the major challenges of trust is that consumers are unable to evaluate the security of service providers but the questions that need to be asked are: is security built-in at every level of manufacturing of the digital devices and technologies being deployed?
In conclusion, she stated that "Trust is a very expensive commodity, it takes years to earn but only seconds to lose it".
Sonja Coetzer spoke about the ISACA publication assessing the state of cybersecurity in 2021 and preparing for 2022, Dustin brewer highlights that cybercriminals are working relentlessly to cause business disruption and outage and the same reports highlight that the top 5 forms of cyber threats in 2021 are social engineering 14%, advance persistent threats 10%, Ransomware 9%, Unpatched systems 8% DOS attacks 8%.
Typically the onus of data protection and security is left to trusted technology advisers, experts, service providers and the belief that ICT infrastructure, security and data belongs to the ITs department is still held in high regard but truth be told, as cash flow is to bank balances, so is data and the related technology turning data into actionable insights, accelerating innovation and creative technologies to the business.
Data security is more crucial now as it is the heart of any business strategy and as most business functions it should be empowered by the budgetary demands that help accelerate and drive business growth. Global trends suggest that as much as 60% should be put towards a planned, designed, refined and secured ICT environment while empowering the employees, partners and other stakeholders in order to attain business goals and objectives.
In conclusion, until the C-Suite fully understand that data is no longer an enabling tool of the business but rather at the heart of the business then they can begin to treat data privacy and security seriously giving more attention and capital investment in raising awareness among employees on the necessity to be very data security conscious.
Consumers of digital services and technologies have a responsibility to ensure that they apply the same rules of security when it comes to physical entities and universal interactions daily to our engagements online. Online Security cannot be achieved by complete detachment from the virtual world but we must ensure we understand and use the same principles of security taught at homes to the virtual world online. Awareness can not be overemphasized when we are dealing with cybersecurity. As stated earlier, social engineering is the most prevalent cyber threat recorded across the globe and in other to ensure that humans beings are less of the weak links as cybersecurity experts conclude, then we must ensure that awareness on safety online has to be taught and re-thaught at all levels of education.
Data privacy and protection has to be elevated on the priority chain in all our organizations and we must also hold forums where all stakeholders are brought together to ensure accountability to regulations on data protection within our countries. Cybersecurity should not be limited to the boardrooms at the organization but we as consumers and users of technologies must ensure we are less susceptible to risks online use to prevent us from being weak links.
The third edition of the AfICTA Quarterly series was very successful with recommendations for better data privacy and protection regulations accountability when it comes to enforcing the regulations. There is also a need for comprehensive integration of cyber education in the basic education schemes. The next edition of the AfICTA webinar would be in the 4th Quarter (Q4), 2021. The date for the 4th series of the webinar is November 30th 2021. Read More
