Cybercrime is real. As the fastest-growing area of crime, more and more criminals are exploiting the speed, convenience and anonymity of the Internet to commit a diverse range of criminal activities that know no borders – either physical or virtual – causing serious harm and posing very real threats to victims worldwide.

Through various online platforms, hackers can gain access to your personal information and really screw around with your life. This not only goes for businesses, but people’s personal lives have been destroyed, too. So how does one prevent it? We spoke to Marthinus Engelbrecht from local company, NEWORDER about cybercrime and information security, just to see what we can expect in the year to come.

How do you become an IT security specialist or enter the profession?

To become an Information Security specialist or to make Information security a career profession, it is not just a career move, it is a way of life. You have to have passion for Information Security and need to be willing to put sleep on a back burner. It is a profession with very long (exciting) hours and you have to be involved in the industry on a daily basis. You will never become an information security specialist just by reading articles, publications, how tos, etc, you have to put in the hard work of actively doing the work, doing research and development and interact with the latest threats.

How do you decide on which area you want to specialise in?

The Information Security realm is extremely vast, so you have to decide what area grabs your interest and to specialise in that area. There are so many aspects to consider, if you want to perform consultation work, product development, product implementation, threat analysis, ethical hacking, cybercrime investigations and the list goes on and on. You won’t become an expert in any of these areas overnight or within a few years. If you do not have the will power and passion to make any aspect of this realm a career, then rather decide on a different career.

How do you get involved?

Monitoring the human aspect is very intriguing for me. What roles and aspect the human element plays within the information security and cybercrime realm, how the human element gets compromised by cybercriminals to breach networks and steal data and information is a passion of mine and a career for more than 20 years now.

IT systems do not design and implement themselves, they need human interaction throughout the complete life-cycle. Cybercriminals only need one area of weakness to compromise and gain access to what they need. Finding this weakness and preventing cybercriminals is the challenge. Whether it’s during the development, implementation or maintenance cycle of any IT system, the human element can make a mistake that needs to be fixed.

A few years back it was fun to investigate a crime committed by technology, but this environment did not pose significant job satisfaction, because you have to scratch through tera/peta bytes of computer data to determine how the crime was committed with very little success of actually identifying the culprit.

The real job satisfaction is to play right in the frontline of cybercrime and information warfare environment. To put every aspect of human capability to the test and to evaluate security products and measures, is the challenge. How are they configured and implemented? How are software applications developed and how do we apply out-of-the-box thinking? We need to think of security flaws that they did not think about during the design and implementation cycle, and to think of ways and means how cybercriminals will apply tactics to circumvent security measures to breach networks. That excites me.

How real is cybercrime in South Africa?

It is very real. A person or organisation that has not been affected by some sort of cybercrime to date can call themselves very lucky. There aren’t too many statistics available for South Africa, nor which aspects of cybercrime is more prevalent than others, but I can confidently say that individuals and companies suffer from cybercrime equally.

Incidents that happen within South Africa rarely makes the headlines – if ever – as most organisations cannot afford bad publicity and a break in confidence with their clients. Organisation’s networks and websites get hacked on a daily basis without them even knowing about it until after the fact, often losing data and incurring great financial losses.

Cybercrime is driven by money – that’s the bottom line. The primary target for cybercriminals is to get to the money first, and that is why there is so many “phishing scams” going around to trick people into giving personal and banking information. Once the cybercriminals have such information they can extract the money. These scams don’t just affect the individual user but large organisations as well.

The other side of cybercrime that generates much more money is to steal data and information. Data and information can be sold to numerous people over and over again, generating money for the cybercriminals on an ongoing basis. Certain data and information is extremely valuable and that is why organisations become targets. Personal information, credit cards information, banking, information, and even your healthcare status is top of the list.

What new threats can be expected for 2016?

Where technology previously was an enabler for the individual and organisation to make everyday functions easier, it has transformed into a necessity. Your life cannot function without a piece of technology, and neither can an organisation function without a robust IT infrastructure. These two aspects come together in the workplace and are ideal for the cybercriminal as it makes it easy to breach security and steal data and information.

Just as cybercrime is a reality so is the new term “IOT” or “Internet of Things”. Meaning every piece of technology nowadays needs to connect at some point in time to the Internet – either to send or to receive updates and share information. These technologies integrate themselves into your life without you even knowing it, and without the required protection the cybercriminals have changed their focus to abuse IOT as the weakest link. There are so many examples to mention, but the more relevant one’s targeted by cybercriminals are your new smart watch, unprotected wireless access points implemented at your home or business by service providers, and numerous unprotected devices to make your everyday life less difficult.

What does NEWORDER provide that others don’t?

NEWORDER – meaning plan of attack – was established in 2010, and now 6 years later is recognised as a leader in the Information Security realm – making a difference to combat cybercrime activities. Their enhanced strategy is to provide Information Security services and solutions not only to corporate organizations but to provide the same offering even to small businesses that previously could not afford the luxury of specialist information security advice.