The following article is very pertinent to any organisation or group considering cloud computing. Soft-marketing tends to delude would-be users into believing they will have full control over their data, and as such, is fully secure. Even in the international Customs and Border Management space there is lots of talk on this subject, yet very little substance. Unfortunately, organisations and individuals are slaves to the technology they use which fashions not only their work ethic but attitudes as well. It is no longer true that technology is a ‘tool’. More time and money is spent these days on technology choice than on training and education. In fact technology is so important it influences law-making and business operations, rendering human discretion obsolete in many instances. Therefore it is imperative that organisations involve business and legal experts in their systems development. 

The recent spate of hackings and electronic security breaches serves to highlight the endemic threat and associated cost of cyber crime. Globally, organisations are forced to reconsider their cyber security measures as cyber criminals become more audacious and technologically innovative. Crimes can take place in both the physical and the electronic medium, with the possibility of technology infrastructure being used as both a “subject” and an “object” of a crime.

The criminal justice system faces a number of challenges in the successful prosecution of cyber crimes. While the Electronic Communications and Transactions Act of 2002 does create a framework for criminalising cyber crimes, including hacking, it does not provide any concrete preventative measures to combat cyber crime. The technical and often remote nature of cyber crimes, including multi-jurisdictional issues where cyber criminals are operating abroad, often prevents prosecutors from being able to present viable cases and bring cyber criminals to book.

Fortunately, the South African government has acknowledged that more proactive measures are required to address the scourge of cyber crime. Cabinet has recently approved a National Cyber Security Policy published by the Department of Communication. The policy creates, among other things, a platform for the creation of a number of structures that would be responsible for analysing and responding to the threat of cyber crime with the ultimate objective of mitigating the effects of cyber crime in South Africa. The State Security Agency has been tasked with responsibility and accountability for the implementation of cyber security measures. It is hoped that this policy and the measures it intends to implement results in the prevalence of cyber crime in South Africa being effectively addressed and countered. Organisations should, in addition to any measures being taken by government, continue to carefully assess their cyber security measures proactively, including by implementing robust systems, particularly in instances where personal data is processed (which includes the collection, recording, transferring or storing of such personal information). The Protection of Personal Information Bill requires the implementation of “appropriate” security safeguards where an individual’s personal information is processed. What will be considered appropriate will need to be determined on a case by case basis and with reference to steps taken in foreign jurisdictions, which may provide guidance in interpreting this requirement.

On account of the fact that there is no way to precisely document the far reaching effects of cyber crime, individuals, organisations and government must ensure that a more cautious and prudent approach is adopted to manage security in any electronic environment. Source: SAPA