Change the world

News

07/09/2017

By 2050, people will have e-pets and even e-partners – which will bring with them a multitude of ethical e-challenges.

So says Prof Rossouw von Solms, Director of Nelson Mandela University’s Centre for Research in Information and Cyber Security, who is an expert on IT governance, cyber security and the many risks facing lax or uninformed internet users.

These range from identity theft, to the legal perils of “sexting”, to “phishing” (scamsters after your personal bank information), to cyber-crimes within companies, and more.

Just about everybody can name an epic cyber-fail that took place in the realm of social media, such as Facebook, Twitter or Instagram. 

“Both adults and youngsters don’t realise that what you publish today stays in cyber space forever – and it remains linked to you.”

“When you are applying for a job, companies will check your social media profile. It will definitely count against you if your profile suggests you are a ‘party animal’, sexist or racist – even if [the information] was published five or 10 years ago.

“Identify theft is a common problem, specifically on social media. For example, a paedophile could take on the identity of a young school boy, and deliberately mislead people to the possible detriment of a young boy or girl. That is a huge risk.”

Parents with children who surf the net often don’t understand what their cyber responsibilities are.

“Parents can’t just buy their kids an expensive cell phone and let them surf the net [without restriction]. Parents are responsible for what is being done on that phone and also for their children until they are 18.

“If a child has a racist rant online, the parents can be held accountable.” Likewise, if a child is “sexting” – that is, texting naked or half-naked photographs of themselves – or forwarding pictures they might receive, the parent could be charged with the distribution of pornography as, from a legal point of view, the parent is responsible for the child’s phone.”

Meanwhile, in the business world, cyber security and IT governance have become critical components of corporate success.

“With IT becoming such a core part of the business world, cyber security and IT governance have grown in prominence … Senior management teams have to ensure that their IT and related information is properly governed. Nowadays it is the quality of information and how it is utilised that gives one company a competitive edge against its competitors.

“Much of our research in the Centre focuses on IT governance, including protecting information and IT resources, as well as the management of security, i.e. putting policies in place, from board level to management to the rest of the employees.”

One major problem facing South African companies is that often their boards of directors have very little IT knowledge amongst board members.

“The board doesn’t always realise their responsibility and accountability, as far as that is concerned.

“Legislation in the United States demands that the financial statements of a company cannot be approved before the underlying IT systems have been declared reliable. If you don’t know whether the IT systems are functioning correctly, how can you trust the statistical and financial reports generated by these systems?”

He said each time a company created a new system or installed a new piece of hardware, they needed to assess potential risks and adapt their security and related policies accordingly.

“A lot of our research looks at the human element of information security. You can have good security technology, like a sound password system, but if your users write down their passwords or share them with others, then the system becomes of no value because it is not protected.”

Von Solms said an employee’s carelessness with regards to cyber security could also get them fired. “If a staff member is educated about cyber security, don’t follow the rules and as a result the organization loses lots of money, he/she can be charged with negligence and possibly get fired. But if the employee is not educated about cyber security by the employer and he/she makes a mistake out of ignorance, he/she cannot be prosecuted.

“Companies have an absolute responsibility to educate all their information workers, which is anyone who signs onto a computer, about sound cyber security practices.

 “This field of cyber security changes and advances fast. There are so many aspects where one can get involved. I choose to focus on the human aspects of information security.

“We put a lot of attention on user awareness education and training aspects. We make people aware of the latest threats and how to handle them.”

Von Solms and his daughter, Dr Suné von Solms, a computer engineer at the University of Johannesburg, have jointly developed a cyber security syllabus for primary schools.

“We are very involved with schools … We try to give them material to empower them to make the school children safer, specifically in the areas of social networking and cyber-bullying.”

Von Solms is a B2-rated researcher, who has published papers in the technology field with both his daughters, Suné and Woudi, as well as his brother, Prof Basie von Solms.

He has published 80 journal articles, presented 70 international and 59 national conference papers. He has successfully supervised 13 PhD and 63 masters’ students. 

Prof von Solms (right) with collaegaues Profs Johan van Niekerk and Kerry-Lyn Botha at a Cyber-Security workshop for teachers held at the University.

Contact information
Professor Rossouw Von Solms
Director: Centre for Research in Information and Cyber Security
Tel: 27 41 504 3604
Rossouw.VonSolms@mandela.ac.za