DEFENCE AND SECURITY
Co-hosted by Dr Noluntu Mpekoa, CSIR Research Group Leader, CSIR Information and Cyber Security Centre and Dr Heloise Meyer: CSIR Senior Researcher
Recently, well-known and established South African organisations have experienced cyberattacks. The South African Bank Risk Information Centre (SABRIC) confirmed in October 2019 that the industry had been hit by a wave of Distributed Denial of Service attacks targeting multiple banks. This happened shortly after the website of City of Johannesburg succumbed to a ransomware attack. These attacks are a wakeup call for South African organisations and underlines the essential need for suitable detection mechanisms to prevent cyberattacks.
The detection of cyberattacks relies not only on understanding existing attacks, but also being able to identify emerging threats. The continuous and strategic collection of relevant and valuable cybersecurity data sets can offer insight into ongoing threats or cyberattacks, while also assisting with the combatting of cybercrime. Although various third-party providers, such as Shodan and Have I Been Pwned (HIBP), exist and do provide access to cybersecurity data sets, these providers have little to no presence in South Africa. Most of the available cybersecurity data sets are heavily slanted towards the United States and the identified trends might not be relevant to the South African context.
This talk introduces the Lost Packet Warehousing Service, a technological solution that will function as the primary source for cyber security within South Africa, allowing for the continuous but passive collection of cybersecurity data sets. The speakers also discuss the steps taken to maintain the security and privacy of the collected cybersecurity sets.