Towards a cybersecurity framework for South African e-retail organisations

Abstract

With the current in technology and information communications technology devices cybersecurity amongst organisations to deal with a plethora of cyber-ills. Organisations and governments continue to seek ways to improve cybersecurity. This study seeks to understand the cybersecurity environment of e-retail in South Africa. This study is intended to offer and/or inform the creation of a framework for cyber-securing e-retail organisations in South Africa, and to set parameters through which current legislation on cybersecurity can be made relevant to e-retail. It looks into the basis for further research into the security of e-retailers and how it can be used to support the national cybersecurity plan of South Africa in its entirety. The aim of the study is to identify cybersecurity challenges of e-retail organisations. The study adopted a multiple case study approach. Qualitative data collection methods using purposive sampling (i) direct and in-depth interviews with e-retail company managers and e-retail employees - directly linked to the use and security of critical infrastructure such as technology (ii) document analysis on cybersecurity legislation and frameworks currently in use, as well as other relevant government documents on e-retail in South Africa were used. Data collected from interviews were analysed using content analysis. The findings, which were presented thematically, constructed the narrative of cybersecurity in South Africa, bringing together cybersecurity challenges. From an organisational point of view, cybersecurity is normally relegated to the background without any emphasis on how e-retailers stand to benefit from operational cybersecurity practices. The study provides theoretical and practical contributions. A conceptual framework positioning e-retail in South Africa relating to cybersecurity challenges is presented. One new category has been suggested/added to the NIST framework (2014) used called compliance. The NIST framework of 2014 was the framework used as this was the current accepted version at the time of the study. Suggestions for further research were also suggested.