Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
News Releases

New Trustwave Survey Reveals Many South African Companies Are Not Ready for POPI

Johannesburg, SOUTH AFRICA - 22 October 2014 - Trustwave today released findings from a survey of 113 South African IT professionals, asking if they are ready for POPI - South Africa's Protection of Personal Information Act which seeks to regulate the processing of personal information and standardize compliance with privacy and data protection legislation.

The survey was completed by C-level executives, mid-level managers and IT specialists from a variety of industries including finance, government, retail, manufacturing, mining, construction, education, communication, healthcare and tourism.

The first section of the survey focused on the processes that companies should have in place to classify sensitive data such as medical records, credit card data and personally identifiable information (PII) including names, surnames, ID numbers and medical histories. More than half of those surveyed (51 percent) said they do not have processes in place to classify data correctly.

When asked about measures in place to prevent the loss, damage and unauthorized access to PII, more than a third (38 percent) said they have technical or organizational measures in place, but not both or they don't have any measures at all.

According to the POPI requirements, companies must notify the regulator as well as customers in the event of a data security breach. When asked about known data breaches within their organization where PII was lost, damaged or unauthorized access occurred within the past 24 months, 67 percent of survey respondents were confident that they had not experienced a breach where PII was affected. However, according to the 2014 Trustwave Global Security Report that details the findings from 691 breach investigations across 24 countries conducted by Trustwave forensic investigators in 2013, the median number of days from the initial intrusion to detection was 87, possibly indicating that some South African companies may be unaware a breach has occurred.

Only 14 percent said they had suffered a data breach where PII was affected and 19 percent said they did not know.

Finally, about a third (38 percent) of participants felt confident their companies would be compliant with POPI within the next 12 months.

Leon van Aswegen, Security Consultant at Trustwave said, "We conclude from this survey that many South African companies do not have security controls aligned with POPI. Not only should companies be making POPI compliance a front burner issue, but they should also be looking beyond compliance with any regulatory standard, including POPI. These standards serve as a baseline for security. The most effective security strategy entails multiple layers beginning with a risk assessment to vulnerability scanning and penetration testing to deploying technologies that cover their attack vectors to ensuring they have enough manpower and skillsets to make sure those technologies are installed, updated and continuously working properly. If they do not have enough manpower and skillsets in-house, they should consider partnering with a third party team of experts whose sole responsibility is to focus on security, enabling the in-house team to focus on other revenue-generating priorities."

Action Plan

The Trustwave POPI compliance assessment is tailored to meet the requirements for each business regardless of the organization's size and complexity. Trustwave helps organizations define a strategy and roadmap to comply with POPI Condition 7, "Security Safeguards." Trustwave's compliance experts also define the scope of the assessment by identifying the business areas involved in PII as well as the business's needs and processes related to the collection, storage, use, share/transfer, and destruction/archival of PII data. Trustwave also helps businesses identify critical PII processed by the organization, and assess any existing security controls/framework that are in use to protect PII.

Trustwave offers Privacy Risk Assessments, Privacy Impact Assessments, Controls GAP Assessments as well as technical assessments including database security reviews, vulnerability assessments and penetration testing.

About Trustwave

Trustwave helps businesses fight cybercrime, protect data and reduce security risks. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs while safely embracing business imperatives including big data, BYOD and social media. More than 2.7 million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective data protection, risk management and threat intelligence. Trustwave is a privately held company, headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit

Follow Trustwave on Twitter at, on Facebook at, and on LinkedIn at All trademarks used herein remain the property of their respective owners. Their use does not indicate or imply a relationship between Trustwave and the owners of such trademarks.

Latest News Releases

New Trustwave SpiderLabs Research Exposes Unique Cybersecurity Threats Facing Education Industry

Chicago – February 22, 2024 – Trustwave, a leading cybersecurity and managed security services provider, today released comprehensive research uncovering unique cybersecurity threats faced by...

Read More

Trustwave MailMarshal Now Available on Microsoft Azure Marketplace

Chicago – February 1, 2024 – Trustwave, a global cybersecurity and managed security services leader, today announced the availability of Trustwave MailMarshal on the Microsoft Azure Marketplace, an...

Read More

Aquion and Trustwave Announce Strategic Partnership to Boost Cybersecurity in Australia and New Zealand

Sydney, Australia - Jan 30, 2024 - Aquion, a specialist in value-added software distribution, proudly announces its strategic partnership with global managed cybersecurity leader Trustwave. This...

Read More