LITERATURE REVIEW

2.8. CURRENT RESEARCH PERSPECTIVES ON CYBER-SECURITY IN SOUTH AFRICA

2.8. CURRENT RESEARCH PERSPECTIVES ON CYBER-SECURITY IN

security culture is necessary to inculcate acceptable user behaviour in cyberspace. The increasing dependence on cyberspace and digital resources has, unintentionally, invited many exposures to malicious cyberspace attacks. South Africa aims to promote a cyber- security culture which is envisaged to advance the national cyber-security policy framework;

however, there is no discussion on how this cyber-security culture will be promoted.

According to the research in question, awareness and education are regarded as pillars in promoting a cyber-security culture (Kortjan & Von Solms, 2014) and it is argued that appropriate awareness campaigns would aid in fostering the desired cyber-security culture.

It is highlighted that comprehensive awareness initiatives could impact positively on changing the behaviour of cyberspace users towards a cyber-secure culture (Kortjan & Von Solms, 2014).

2.8.3. Cyber-security awareness initiatives in South Africa: A synergy approach One of the top cyber-crime types reported in South Africa is phishing attacks and the country is one of the top three countries facing this threat, behind only the UK and US (Dlamini &

Modise, 2013). It is argued that the existing approach to promoting cyber-security awareness is not making an adequate impact, especially because of the uncoordinated and fragme nted nature of the approaches (Dlamini & Modise, 2013). It is acknowledged, however, that cyber-security is multi- faceted and complex. The estimated total cost of cyber-crime in South Africa is R10.9 billion, which is one per cent of the R2.9 trillion of global cost (Dlamini & Modise, 2013). Their research suggests that the first line of defence against cyber-attack is cyber-security awareness.

Their study also highlights the fact that, in South Africa, initiatives that are intended for cyber-security awareness are delivered via various independent mechanisms that are uncoordinated. Cyber-security awareness is intended to promote and inspire cyberspace users to practise safety precautions when using cyberspace. Users should be kept well informed on the criticality of practising cyberspace hygiene at all times; hence the awareness initiatives should include a plan that is clear, with goals and objectives clearly articulated and the targeted results clearly stipulated (Dlamini & Modise, 2013). Their research indicates that the cyber-security initiatives in the country are effective, although these initiatives are on a smaller scale than they should be. These initiatives are reported to be comparable with counterparts internationally and their focus is on communities. A recommendation is made that a single forum to integrate a cyber-security awareness

mechanism be formulated to ascertain whether all necessary roles and key players of each initiative are spelt out clearly, and that these awareness programmes reach every cyberspace population in the country.

2.8.4. An e-safety educational framework in South Africa

This study highlights the concern around the safety of children in cyberspace (De Lange &

Von Solms, 2012). IT has an important role to play in human lives, but the benefits it brings also expose individuals to risks. The research argues that IT threats should be taught to children at a young age and that children need to be educated on acceptable online behaviour.

They also need to be educated on cyber-bullying and illegal or inappropriate online behaviour. Currently, there appears to be a generational divide between parents and their children and many parents are unaware of both cyber-ills and of activities being conducted by their children online. E-safety is considered essential and should be implemented to protect the lives of children.

Most countries have introduced e-safety in their curricula; however, South Africa is lagging behind in terms of e-safety implementation. E-safety awareness in the country is lacking and should be viewed seriously by the government. Their study acknowledges that the implementation of e-safety at schools will inculcate the desired cyber-security culture in the entire population.

2.8.5. Implementation of the NCPF for South Africa

Volatility and dynamicity of cyberspace warrant robust research in the area of cyber-security in South Africa (Van Vuuren, Leenen, & Zaaiman, 2014). In order for South Africa to safeguard its resources and population, the country needs to protect its critical infrastruct ure, especially as it relates to national security. The South African geographical regions are incorporated into the global cyberspace, warranting government’s extra efforts at addressing the digital divide and cyber-security. Cyber-security has been identified as a basic essential element contributing towards national security with critical information infrastructures and information itself being essential in the implementation and roll-out of a cyber-security policy. Government has a critical responsibility to enhance and advance cyber-security awareness campaigns, particularly because the entire nation is hugely dependent on essential services that are rendered by government. The process of developing the national cyber- security policy framework has taken far too long, but the policy framework has since been

finalised. Van Vuuren et al. (2014) argued that there is no adequate emphasis on the national cyber-security policy, despite the fact that such a policy would be an overarching document to guide the cyber-security implementation in the country. In an effort to safeguard the cyberspace, this research proposes an ontology that identifies various stakeholders and defines their roles. It has been recognised that a multi- levelled structure of key stakeholders exists in the cyber-security environment and that, more often than not, the responsibilit ies and roles overlap.