This is certainly true for e-commerce businesses, where customer data and personal information can become readily available to hackers due to negligence and weak spots, which raises important questions about the future of safe and secure online shopping, particularly in the South African market.
This particular topic was addressed at the very recent ECOM Africa event during panel discussions, and for good reason. E-commerce sites are looking for ways of ensuring peace of mind for their customers when it comes to safety. But there’s still a lacklustre approach to cybersecurity from some businesses, argues Candice Wilson, who is a cybersecurity leader working for EY.
Wilson delivered a keynote speech on the main stage of the 2023 ECOM event and the gist of her talk was about how cybersecurity is perceived by boards and executives. She made a point that despite the awareness of cybersecurity’s importance, there is still a lack of confidence in its resilience and the value it adds to an organisation.
“We have executives and board members who understand that cybersecurity is important, but they lack the confidence that they can really control the risks. They are resilient to the big risk of cybersecurity, so they believe that throwing more investment in cybersecurity is the answer. However, when I started out in cybersecurity many years ago, the biggest cyber-budget was based on the biggest fear and uncertainty that could be driven through the boards,” she said.
Wilson was also part of a panel discussion on prioritising security issues in e-commerce, alongside Daniel Adaramola, chief information security of SunTrust Bank Nigeria; Faseeg Osman, a cybersecurity executive at Nascent Group; Thamsanqa Khanye, IT risk, cybersecurity, and compliance manager at Astron Energy; as well as Omeshnee Naidoo, head of solution consultancy at Deloitte.
The panel was moderated by Smile radio presenter Bobby Brown, who said that people have become quite comfortable with shopping online, meaning that the awareness and education around cybersecurity is not taken seriously, which can create a barrier between consumer and service provider. “We’ve got most people comfortable with smartphones and computers and they know how to use them confidently. However, the next big tech thing may create another barrier,” he said.
"The nefarious attackers, they're always going to find a way to exploit it to make money out of who you are. And they're going to find new ways to exploit the mess versus new ways to try and disrupt things," Wilson explained. Therefore, the cybersecurity community should work together to mitigate these risks.
"As a cybersecurity community, is there any way that we can come up with ways to work together? We're one team, you know, we were on the good side against the attackers. We just need to work together," she emphasised.
Naidoo stated, "The regulatory environment is at the top to protect us, saving the e-commerce environment and reducing cybersecurity authorisation. So, as e-commerce is growing, it's in charge of e-commerce companies, both its reputation and the fact that it can be trusted. Ultimately, they know that they are protected."
She further emphasised the need for cybersecurity education for consumers, saying, "In every way across the different industries, whether it be e-commerce industry, whether it be the regulators from government, everybody has to focus on educating the consumer in the simplest way of going back to these basics of: What is your password? Did you get it right? Is it complex enough? Are you making sure that when you make a payment, are you logging off properly? So the simplistic education of the dos and the don'ts, so I think, you know, that is going to be successful, but natural."
The idea of a ‘trusted space’ was also discussed with Brown, who offered valuable insight and points during the discussion by suggesting that traditional media, such as news websites, should include cybersecurity education as part of their social responsibility.
The panel also discussed the need for collaboration among organisations to improve cybersecurity, with Adaramola stating, "There is a lot that will gain from collaboration...if we have a common standard by which you all have in terms of security, it is much more seamless."
