If you have some valuable assets in your house for example....you will do whatever it takes to make sure that your house is secure! Electric fence, alarm system, Surveillance cameras and the like....but if you don't have anything of value in your house....you wouldn't really care much about implementing such security measures. At the end of the day, what will you be protecting anyway because you don't have anything of value to lose!
Current situation in Botswana
As a Cyber Security researcher, i did a bit of probing a few months ago just to see how secure we are as a country in terms of Cyber threats...what i found out is really embarrassing! I found out that most local companies leave their Wireless networks "Open"...all an intruder needs to do is simply click connect & he is in! Some companies have set up WiFi passwords but use weak encryptions like WEP (Wired Equivalent Privacy), which can be cracked in less than 3 minutes, instead of using WPA/WPA2 (WiFi Protected Access) which is a bit more difficult to crack.
The ignorance of some Network Administrators
Another dangerous observation i have made is that, Network Administrators of such companies don't even care to set passwords for these routers used to broadcast WiFi; this makes it easy for a malicious hacker to easily take over the company's router(s). It also becomes easier for him to sniff or steal critical company data from all the machines connected to that network, if he wants....he can disconnect all the machines connected to that WiFi Access point, including those connected by cable (ethernet cable) & literally put the business operations of that company to a complete "Pause"!
Another worrying issue is the security of our local websites. Recently the Mmegi website was hacked twice in a short span of time, a website of some Law firm was hacked as well. Even the Parliament website was hacked last year & nobody noticed a thing! What does this say about us? I have realized that what most companies do if they need a website, is simply go to a Web Designer/Developer who doesn't understand a thing about Cyber Security & ask him to design the website for them, once its done, they immediately put it online. They wouldn't go to a Certified Penetration Tester, to test the security of this website after its done before it goes online! Now you cant help but ask yourself..."Do we really value the critical information/Data of our clients or is this complete ignorance?"
Something definitely needs to be done because chaos is coming...very very soon!
Cyber Security Awareness!
As we slowly adopt the use of technology in Botswana, more money is going to be stolen online, serious identity theft issues will arise, our kids will face the risk of being abducted since they share so much info (pictures, GPS location info etc) on Social Media, Cyber bullying & Cyber Stalking will be on the rise...more serious & mysterious crimes are going to be committed & we wouldn't know how to solve these.
A New Beginning!
I would like to encourage Local companies to start educating their employees about Cyber Security, because even if they think they have secured everything, the human factor always poses a Bigger threat to the company! Hackers can still use their Social engineering skills to trick employees into giving away critical company data & these employees themselves wouldn't notice a thing!
Password Security is another thing...instead of letting your employees write down their passwords on those sticky notes & actually sticking them on their screens for everyone to easily login to their machines.....Teach them how that poses a serious threat to the company or outsource Cyber Security Services from us & let us do what we do Best! You don't necessarily have to wait for the government to do this for you....
It all begins with you & how much you value what you have....Assets, Critical Company data & Customer data.
Cyber Security begins with You! Secure Your most Valuable Assets!
