Information system security vulnerabilities: Implications for South African financial firms in Cape Town
Abstract
Cybersecurity is the collection of tools, policies, security concepts, security safeguards,
guidelines, risk management approaches, actions, training, best practices, assurance, and
technologies that can be used to protect the cyber environment and organisation and user’s
assets. According to the Utica University (2020) the rate of cybercrimes has grown
exponentially and is consistent with the growth of technology. Additionally, due to the global
Corona Virus Disease-2019 (COVID-19) pandemic, the cybercrime rate rose exponentially;
The Interpol (2023) states that with organisations and businesses rapidly deploying remote
systems and networks to support staff working from home, criminals are also taking
advantage of increased security vulnerabilities to steal data, generate profits and cause
disruption. Cybersecurity has become significant nationally, not only within companies, but
also within societies.
This study analysed the factors that contribute to information systems security vulnerabilities
in South African financial institutions; with the focus to addressing areas such as cybercrime,
investments in cybersecurity and challenges, as well as the preparedness of organisations to
address cybercrime. The study adopted an interpretivist approach, hence the use of a
qualitative methodology. Microsoft Teams-based interviews were used to collect data from
financial institutions’ participants; these were recorded and analysed using thematic analysis
method.
Findings revealed that the adoption of technologies in firms introduces cybersecurity risks and
with technology advancements, new risks emerge; identified threats to organisations include
third-party technologies and humans in the organisation. Participants mentioned phishing,
insider attacks, and Distributed Denial of Service (DDoS) attacks that are usually experienced
in organisations. Moreover, the study found that knowing your assets, frameworks, standards,
and protection of Open Systems Interconnection (OSI) layers as strategies that financial firms
adopt. Other strategies firms can implement include Identity and Access Management (IAM),
data protection, detection systems, containment capabilities and incident response readiness,
and cybersecurity training. However, the findings revealed that companies face challenges
when implementing the strategies; these include business buy-in, availability, budget, skills,
resources, regulatory compliance, building playbooks, and effective use of technologies. Even
though the companies have adopted strategies, there is improvement needed. Lastly, the
study offers recommendations to improve information systems security controls in order to
reduce information systems security vulnerabilities.