Cyber security awareness initiatives in South Africa: a synergy approach

Abstract

Technological advances have changed the manner in which ordinary citizens conduct their daily activities. Many of these activities are carried out over the Internet. These include filling tax returns, online banking, job searching and general socialising. Increased bandwidth and proliferation of mobile phones with access to Internet in South Africa imply increased access to Internet by the South African population. Such massive increased in access to Internet increases vulnerabilities to cyber crime and attacks and threatens the national security. As a result, South Africa remains one of top three countries that are targeted by phishing attacks, the other two are the US and the UK (RSA, 2011). As a response, various entities engage in cyber security awareness initiatives and trainings with the aim to create cyber security awareness (CSA) among the citizens of South Africa. In the absence of a national cyber security policy, however, these awareness initiatives and programmes are delivered through a variety of independent mechanisms. Various entities engage in cyber security awareness training each with its specific objectives and focus areas. It is argued in this paper that cyber security is complex and multi-faceted. No single solution can effectively address it. While the current means to create cyber security awareness does make impact, the fragmented and uncoordinated nature thereof have a potential to create its own dynamics. The focus of organisations to deliver on their own objectives translates to some extent into the optimisation of the behaviour of individual entities as opposed to the optimisation of the national cyber security awareness as a whole. This paper evaluates the extent to which the current cyber security awareness initiatives address the cyber security threats and risks. The assessment is based on the initiatives objectives, alignment of the programme to the cyber threats, and the target audience.