A sharper focus on cyber security

University of Cape Town (UCT) Vice-Chancellor Professor Mamokgethi Phakeng told delegates to the Cyber Security Symposium Africa (CSSA) 2018 that the university has sharpened its focus on cybersecurity, in tune with an increase in cyber threats worldwide. The conference, held on upper campus this week, was hosted by UCT in partnership with Dimension Data and Cisco.

“Governments, institutions and companies across the world are all exposed to cyber threats. It is a reality and happens daily. To address this threat at the University of Cape Town, the UCT Council has agreed to make it a top priority at the university.

“This conference is one of our commitments to raise awareness and share knowledge about cybersecurity,” she said.

According to Phakeng, UCT was the first university in South Africa to establish a Computer Incident Response Team, in June 2016. The four-member team resides within the university’s Information and Communications Technology Services (ICTS) department.

ICTS also compiled the university’s Cybersecurity Strategy, which focuses on four components: to measure, protect, educate and respond.

Phakeng said UCT was also the first university in Africa to be affiliated with the Forum of Incident Response and Security Teams (FIRST), a global umbrella organisation for computer and network systems security.

“I am proud of what we have done with regards to cybersecurity. Over time I also look forward to learning more about what other higher education institutions, government and companies are doing to address this issue,” Phakeng told the CSSA delegates.

She announced that UCT will host the International Alliance of Research Universities’ Cybersecurity Forum next year. UCT was represented at the forum this year, together with university counterparts from Singapore, Copenhagen, Tokyo and Zurich, as well as universities in Australia and South Africa.

Emerging risks

Sakkie Janse van Rensburg, executive director of UCT’s ICTS department, said the university had seen an increase in cybersecurity incidents over the past few years and had decided to tighten up its work in the arena.

Janse van Rensburg was recently appointed chairperson of the Association of South African University Directors of Information Technology (ASAUDIT) Cybersecurity Special Interest Group (SIG). The SIG, which consists of ASAUDIT members from various South African universities, seeks to address awareness, skills development and communication.

“Much of the research we do at UCT is of global importance and needs to be protected. We need to protect HR and research data, as well as our staff and students ... and then there’s the infrastructure. If the network is affected, we can’t function.”

“Much of the research we do at UCT is of global importance and needs to be protected.”

He said the university had to strike a fine balance between protecting information and being open, however.

“We have a unique situation at universities. We have to look at it in a layered way. Some things need to be open, other things need to be controlled a bit but accessed by some people, and then there’s information that needs to be completely protected.”

Janse van Rensburg said various devices, such as tablets, cellphones and laptops that students brought on to campus, could pose a risk.

“Students often have up to three or four devices each. We don’t know what viruses they are bringing with them.”

He said that in sync with managing cybersecurity, the university was also rebuilding its ICTS network.

“We want to make it a safer network which will take us confidently into the future.”

On the academic side, postgraduates can drill deep into the field of cybersecurity. The computer forensics postgraduate course in UCT’s Faculty of Commerce covers legal principles, technology, project management and corporate governance.

UCT has also approved the GetSmarter Cybersecurity fundamental course.

Child exploitation

Meanwhile, the conference also addressed the increasingly worrying trend of child exploitation online and the threats that the internet holds for children.

Captain Veronica Banks from the South African Police Service told the conference that children and teenagers were constantly being lured to share compromising photographs online. Paedophiles would then threaten to expose their victims if they refused to send them more photographs and videos. These were in turn shared widely.

Banks called on parents to monitor their children’s use of social media and applications, and to warn their children about the dangers of online predators.

She said children were often lured into chat rooms and online through social media sites such as Facebook, Instagram, WhatsApp and Snapchat, and applications such as Kick.

Delegates to the conference said the session on child exploitation online had been an eye-opener.

Escalating threats

Leading up to the conference, more than 190 staff members from various South African universities took part in a two-day course on emerging risks in cybersecurity. UCT, together with ASAUDIT, brought leading security expert John Tannahill to South Africa to present the course.

Janse van Rensburg said the CSSA conference attracted students, staff and academics from universities, as well as professionals from sectors ranging from finance and banking to local government. He said it was in the university’s interest to learn and share as much information as possible about escalating cyber threats in a rapidly changing world.

“We know what happened in the American elections. We know how nuclear power facilities got taken down by cybersecurity.”

“We know what happened in the American elections. We know how nuclear power facilities got taken down by cybersecurity. We all need to learn more about how to tackle cyber risks. The way we will be attacked will change in future. Things are moving so fast so we need to develop new skills.”

He added that raising awareness about cyber risks was vital.

“It’s important to get everyone together to talk about the subject. We need to look at this as a network of people. We cannot do it alone. It’s everybody’s problem.”