Menu
BUI CISSP Neil du Plessis and First Digital KZN Managing Executive Gabriel Malherbe discuss why a security strategy is critical for any enterprise with web-facing assets.
In 2019, South Africa had the third-highest number of cybercrime victims in the world. Attacks from the darkest corners of the web cost our economy more than R2.2bn. From government portals to municipal networks and databases, the public sector was a regular target. In the private sector too, cyberattackers zeroed in on e-commerce platforms, internet service providers, and financial institutions.
There’s a similar trend in 2020. Since the beginning of the year, hackers have taken aim at local enterprises including chemical supplier Omnia, hospital group Life Healthcare, and vehicle-recovery firm Tracker. Internationally, headline-making incidents involving car manufacturer Honda, GPS technology company Garmin, and energy group Enel have also highlighted the consequences of digital villainy, and put corporate cybersecurity practices in focus across the globe.
In 2019, South Africa had the third-highest number of cybercrime victims in the world, according to researchers.
“When it comes to defending against cyberattacks, modern enterprises must consider the growing complexity of their operational environments and the web-enabled commercial landscape at large,” explains Neil du Plessis, our CISSP and cloud security architect. Connectivity can be a powerful business driver, but it can also be a double-edged sword: the greater the number of integrated platforms, systems, and applications, the broader the attack surface. “You no longer have the luxury of drawing a perimeter around your organisation,” states Du Plessis.
Gabriel Malherbe, the KZN managing executive at our sister company First Digital, agrees. “In a hyperconnected world, your cybersecurity measures cannot stop at the front gate. Those days are long gone. Today, a business environment is not just a physical space: it extends beyond walls and fences, across devices, across networks, and across borders. The challenge now – especially for those moving ahead with digital transformation – is holistic protection,” says Malherbe.
South Africa is one of the fastest-growing countries globally for IT expenditure, and local enterprises are spending significant funds on software and services delivered via the internet. They’re also moving core systems online. “Modernisation is a big motivator,” says Malherbe. “There’s a growing interest in disruptive technologies, and how they can be leveraged to help people accomplish more. The ‘more’ factor may change from company to company, but I think the stimulus is the same in many cases, and that’s the desire to prepare for an increasingly digital future,” he explains.
Being online can open the door for businesses to become more agile, more productive, more efficient, more responsive, and more cost-effective – but there are risks to consider in pursuit of such rewards, cautions Du Plessis. “Whether an online presence is part of your overall business development strategy, or a planned transition to serve your customers where they are, or even a productivity requirement to enable remote work right now, cybersecurity should be a primary concern. Unfortunately, this is not always the case, and some of the biggest security incidents in recent history are now cautionary tales about the perils of poor cyber hygiene,” he says.
Du Plessis highlights the 2018 ViewFines data leak as an example. “The PII records of almost a million South African motorists were leaked publicly, and sensitive personal information – including full names, ID numbers, and plaintext passwords – was compromised. The root cause was a web server vulnerability that could have been addressed beforehand through mitigation techniques like vulnerability scanning, penetration testing, server hardening, and patch management,” he explains.
Malicious actors continue to employ a wide range of scams to try to gain access to valuable data and corporate assets. Phishing, smishing, and vishing are common methods of attack, but malware is becoming a popular choice as cyber villains look beyond everyday IT infrastructure to more complex OT ecosystems in sectors as diverse as retail and industrial manufacturing.
“The EKANS ransomware used against Honda earlier this year is a case in point,” Du Plessis says, referencing the sophisticated malware that targeted the auto-maker’s industrial control systems and affected production lines in Europe, Japan, and the United States. “It’s absolutely critical for modern enterprises to establish cybersecurity practices that include all web-enabled processes, not only traditional IT,” he advises.
Security should be built in from the ground up and across the board, concurs Malherbe. “There’s a duality to the internet that you need to remember: it connects you to the world and it connects the world to you. Every web-facing resource, from your homepage to your e-commerce store, is exposed to a degree of risk. When you understand that, then you can take action to protect your assets while you reap the rewards of doing business on the web,” he says.
“Cost, convenience, and customisation potential are all factors pushing local businesses to explore some kind of online presence,” continues Malherbe, adding that First Digital has seen a dramatic increase in the number of clients asking for e-commerce solutions in recent months. The trend, he argues, can be attributed to the prevailing market conditions as well as the changing behaviour of tech-savvy consumers.
“Even before the movement restrictions imposed during the COVID-19 lockdown, brick-and-mortar stores and shopping malls had started to feel the ripple effect of our stagnant economy: dwindling foot traffic, conservative spending, and tougher competition for every available rand. On top of that, there’s growing consumer demand for personalised, intuitive retail experiences. More and more, we’re seeing brands turn to e-commerce to drive sales and boost shopper engagement,” he says.
Modern enterprises need to establish cybersecurity practices that include all web-enabled processes, not only traditional IT, advises BUI CISSP Neil du Plessis.
Business-to-consumer enterprises aren’t the only ones taking advantage of web-enabled technology. In the business-to-business space, bespoke trading platforms and vendor portals are being deployed to enable broader collaboration, integration, and co-operation. Greater functionality, however, demands greater security measures, reiterates Du Plessis. “Several high-profile cyberattacks have been linked to human error, or the misconfiguration of IT resources, or inadequate security controls. In B2C and B2B companies, cybersecurity strategy needs to be prioritised to help safeguard data, applications, infrastructure, and users,” he says.
BUI and First Digital have partnered on several projects to deliver secure solutions to local organisations. “I think customers understand the value of such engagements, especially given our complementary disciplines,” says Malherbe, citing a recent piece of work for Korbicom that drew on both teams’ expertise. “First Digital was brought in to provide Azure support, and BUI came on board later to perform penetration testing. The result was an intensive review of Korbicom’s web application, from architecture through to security,” explains Malherbe.
Korbicom’s application architect, Shaun Rust, was pleased with the results. “As a niche software development company, Korbicom creates custom solutions for clients in the legal sector, the insurance industry, and the financial services industry. Understandably, security and compliance are particular concerns. Our consultations with First Digital and BUI revolved around the functionality and security of a newly developed application, and their advice and assistance was very much appreciated.”
South African companies have to be prepared for sustained and increasingly sophisticated cyberattacks designed to compromise web-facing assets. “If you collect customer data through your website, or payment details through your e-commerce store, then you’re a potential target because sensitive information like that is valuable to somebody, somewhere,” cautions Du Plessis. “It doesn’t matter how big or small you are: data is a commodity. And I think we’ve all seen enough headlines to know that it is being bought and sold worldwide. The protection of your online business environment has never been more important than it is today,” he says.
Malherbe feels the same way. “If you don’t put adequate defences in place, then your enterprise is exposed, vulnerable, and at risk. You cannot afford to be in that position when the threat landscape changes by the minute. You have to make cybersecurity a priority – from day one, and every day after that,” he concludes.
A version of this article was published by First Digital, a fellow First Technology Group company specialising in application development, business process management, enterprise content management, integration, and managed services. Connect with First Digital on LinkedIn, Facebook, Twitter, and YouTube, or visit www.firsttech.digital to learn more.
Our state-of-the-art cybersecurity facility is backed by world-class Microsoft security technology, including Azure Sentinel – Microsoft’s cloud-native security information and event management software.
The BUI Cyber Security Operations Centre is the first of its kind in Africa. It is staffed 24 hours a day, seven days a week, by certified security specialists who can help you to safeguard your critical business assets.
Emmanuella Tieku joined BUI earlier this year as part of our internship programme. Her passion is cyber security and she’s determined to lead the way for the next generation of women in tech. We asked her about her career ambitions and her thoughts on South Africa’s IT industry…
Q: Emmanuella, what did you study at university, and how did it influence your career trajectory?
A: I went to Pearson Institute of Higher Education, in Midrand. I got my Bachelor’s Degree in Computer Science and at the time I didn’t really know what I wanted to do as a career. My love for cyber security didn’t come in varsity; it came after, when I went to a cyber security institute to do a course there. I thought I would be a software developer or a coder.
Q: What drew you to the field of cyber security?
A: My varsity has an entire office dedicated to helping graduates at the start of their career journey. After I’d finished my degree, they called me and said there was an institution that wanted to train students in cyber security. I knew I had to go for it. So, I grabbed that opportunity. And when I started the course, I thought it was so interesting. I felt like a real hacker! Like the ones you see in the movies. When I started to understand what actually goes into it, that’s when I got really interested in it… Since then, I’ve never looked back. Wherever I go, I know I want to be in cyber security. I don’t want to do other stuff.
Q: You’re a cyber security intern here at BUI. What’s the most rewarding aspect of your job?
A: What is most rewarding is getting all this knowledge, and knowing that I can use it and my new skills to help somebody else in the future… Maybe somebody who was like me in the beginning.
Q: How do you feel about being the only woman in the cyber security team at the moment?
A: Even when I was studying Computer Science at varsity, women were always in the minority. In a class with 40 students, we’d have maybe 4 or 5 women sitting together.
Q: Do you see a similar trend in South Africa’s IT industry?
A: I’m definitely seeing it… Maybe things are changing faster overseas, but here in South Africa it’s still a big issue because we’re a developing country. I think a lot of people still believe that women can’t be engineers. And I know that it’s hard for a lot of young women to study today. I’d like to help change that, because we have to pave the way for those who come after us. I want it to become a normal thing for girls to study engineering or computer science.
When I used to fail at something, the first thing that would come to mind is ‘you failed because you’re a girl’. I had to change my own thinking. I had to stop comparing myself to other people – men and women. And I did it. I told myself: ‘Do what you want to do. Attain your goals the way you want to attain them. Don’t make it a boy-girl thing. Do it for yourself.’
Q: How has your internship been so far?
A: The whole atmosphere at BUI is lovely. When I come to work, it doesn’t feel like I’m coming to work. Since the lockdown, everyone has been working from home and I miss the office vibe… That buzz from everyone working together. I really enjoyed the BUI birthday party earlier this year. I have such fun memories from that day!
Q: What excites you about the tech industry?
A: If you look at the computers we used to work with in the past and what we have now… Who would have thought we would ever be able to carry around a computer in our bag. Things are becoming better and better. There’s always something fresh and new. There’s always something to learn and look forward to, so you aren’t stuck in the same spot, doing the same thing every year.
Q: How do you keep up with the latest trends and technology changes?
A: BUI posts a lot of technical articles and I like to check them out and grab information that is interesting and relevant to me. I also spend time on YouTube and social media; there are a lot of cyber security channels that I follow.
Q: What do you do in your spare time?
A: I’m all over the place. I’m a person who can’t sit too long doing one thing. So, I would either read a book, play games, or learn something new. For instance, this weekend I’m learning to sew with my mom!
Q: How do you think South Africans should spend Women’s Day this year?
A: I think people should make a real effort to highlight our country’s problem with gender-based violence. And personally, I’d like to see more projects to support young women, through education and job placement, so that they can find their place in society.
We’re going to implement the DMARC email security standard for our existing customers, free of charge, as part of our ongoing efforts to help create a safer internet.
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication system designed to protect an email domain from cyberattackers who may try to compromise the owner, brand, or business through domain spoofing, phishing, or cyber fraud.
Created by PayPal together with Google, Microsoft, Yahoo! and other industry leaders, the DMARC protocol leverages two existing email authentication techniques – SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) – while adding a reporting function that provides visibility into the domain owner’s email ecosystem.
As a domain owner, you want to have peace of mind about the emails that are being sent under your banner. Not only for your reputation, but for the reputation of your business, too. You want to know that your staff, customers, partners, and suppliers are receiving legitimate emails from real representatives of your organisation, not scammers impersonating you or your people. DMARC assures all those who receive your emails that the messages are authentic and trustworthy – and that they originated from your true domain.
There were an estimated 3.9 billion active email users last year – and that number is expected to reach 4.2 billion by 2022. Email is a big part of our personal and professional lives – but it’s also an information-rich environment that attracts malicious actors. For cybercriminals, the ability to mimic a business through email is extremely valuable, and could open the door for data theft, identity theft, and account fraud.
More than a million organisations – including Amazon, Apple, Cisco, Dell, Facebook, LinkedIn, and Twitter – are already using DMARC to help secure their email. DMARC is considered best practice by industry leaders around the globe. We’ve decided to deploy DMARC for our customers because we want to make sure that they have comprehensive email protection, in compliance with the latest standards.
We’ve enlisted local technology startup Sendmarc to help us do this as seamlessly as possible. The South African company, co-founded by entrepreneurs Keith Thompson, Sam Hutchinson, and Sacha Matulovich, specialises in DMARC implementation and monitoring.
The Sendmarc software gathers, interprets, and analyses DMARC data reports to provide actionable insights for domain owners. It takes a complex collection of technical data and makes it clear, visual, and easy to understand so that domain owners can see exactly what’s happening in their email environments – and then take steps to address any issues detected.
Phishing plays a role in over 90 percent of all cyberattacks – and that’s why it’s critical for domain owners to be proactive about email security. Brands and businesses can’t afford to ignore the fact that cyberattackers are constantly searching for new ways to steal money, personal information, credit card data, and login credentials. Email will remain a target, but the DMARC protocol can help strengthen cyber resilience at the domain level.
Customers will receive correspondence from BUI, outlining the steps for DMARC deployment and providing additional resources to help them understand the benefits of this email security measure.
The DMARC protocol will then be added to the customer’s DNS, and approximately 4-6 weeks later, the customer will receive a report outlining any issues detected.
Managing cybersecurity for an increased remote workforce requires careful consideration of the people and protocols throughout your business.
South Africa’s nationwide COVID-19 lockdown has made remote work a business necessity. And while you may have supported a handful of work-from-home employees before the pandemic, a rapid transition to a fully remote workforce is likely to test your capabilities. There isn’t a one-size-fits-all solution when you pivot from a traditional, physical hub to a virtual workspace, but there is one critical concern that should guide your actions: cybersecurity.
Effective cybersecurity requires both visibility and control. When your day-to-day business operations are centralised, it’s simpler for IT personnel to safeguard data and resources. They’re able to monitor networks, supervise hardware and software usage, and help govern employee behaviour to insulate your company from cyberthreats. They’re gatekeepers and guardians with defined perimeters, 360-degree views, and the power to manage endpoints and end users alike.
But what happens when your employees have to work remotely from their homes? What happens when they use household wi-fi, personal devices, and public applications to keep in touch with colleagues and complete job-related tasks? And what happens to your corporate security posture when it’s suddenly linked to domestic ecosystems that you cannot see and do not own?
The digital landscape has been changed by COVID-19. The threat landscape has been changed as well. One of the biggest challenges for cybersecurity teams right now is the protection of remote workers (and workloads) in a fluid environment where the risks have been greatly amplified by the current social and economic circumstances. While businesses are grappling with the coronavirus fallout on all fronts, cyberattackers are looking for novel ways to exploit systemic vulnerabilities and individual fears. Security measures that factor in technological and human considerations are more important than ever before. You need to look at your protocols and your people as you adjust your defensive strategy for the continuing lockdown, and the future beyond it. Our remote-work checklist will help you to close the gaps and strengthen cyber hygiene…
Few organisations were equipped to transform their employees into remote workers at the pace required for sustained productivity after South Africa’s lockdown announcement in March. Travel limitations and retail restrictions also made it difficult to purchase new corporate hardware for personnel to use at home. As a result, there are several remote-work scenarios in play: staff using company-owned devices; staff using their own devices; staff using borrowed devices from friends and relatives; or a combination of these.
A comprehensive policy that outlines the terms and conditions of remote access to corporate resources, as well as the roles and responsibilities of everyone involved, can reduce the risk of costly disputes in the event of a security incident. Your business may also have additional legal obligations regarding the handling of personally identifiable information and intellectual property in such circumstances, and you may need to consult an expert for guidance on the applicable local and international laws.
Make sure that your employees understand the importance of system updates, program updates, and software patches as part of a healthy cybersecurity routine – and be prepared to offer additional support to those who do not usually perform these tasks on their own.
You can also put device maintenance and protection under your corporate umbrella with a cloud-based endpoint management platform like Microsoft Intune, which gives you the ability to manage and secure company-owned and employee-owned Android, iOS, Windows, and macOS devices.
Check that all devices used by remote workers have adequate firewalls and up-to-date antivirus software installed. This is particularly important for the smartphones, tablets, and laptops that employees use personally and professionally.
Windows 10 has Windows Defender Antivirus built in, and if your IT teams are monitoring endpoints with Intune or a similar solution, then you may have additional functionality to improve the cyber safety nets around remote devices.
Your employees’ home office environments may be shared by their spouses, partners, children, roommates, or even tenants. And their home networks may support web-enabled appliances like smart TVs, or IoT automation systems like lighting control, or wearable technology like fitness trackers, in addition to their own portable devices. Every connected item is a potential gateway for cyberattackers.
You can buffer corporate resources against this wider threat landscape by enforcing the use of Virtual Private Networks (VPNs) and remote desktop applications. Make sure that remote workers do all they can to safeguard their home wi-fi routers as well, in terms of physical security (making it tamper-proof) and cybersecurity (changing its default password out of the box).
Implementing multi-factor authentication will help you to maintain control over core system access and protect sensitive business data. The extra steps that remote users have to take to verify their identities are essential security checkpoints for your organisation – and additional obstacles for malicious actors.
Phishing attacks are increasing as cybervillains move to exploit the public demand for coronavirus-related news and information. And you may already know that around 80% of data breaches are linked to compromised, weak, or reused passwords. Enabling MFA can help you to secure every employee login, no matter where the employee is located.
You have to account for the fact that technical aptitude differs from person to person, and that remote work in itself may be daunting for employees who are more comfortable in a communal office where the IT department is a few metres away. Make sure remote staff know who to contact for everyday troubleshooting and emergency intervention, so that they don’t have to look for workarounds and quick fixes that could compromise their cybersecurity, and by extension, your company’s as well.
SEE HOW WE DO IT | Step inside the BUI Cyber Security Operations Centre
The COVID-19 pandemic may have pushed you to explore remote productivity earlier than you’d planned – but if you make cybersecurity the guiding principle for your remote workers today, then they’ll be better prepared to face the digital environment of the future.
We’ve embraced the idea of the modern workplace, and we’ve helped many of our customers to do the same. Neil du Plessis, our cloud solutions security architect, will discuss rapid deployment for remote work in our webinar on 27 May 2020.
He’ll be covering key areas including secure connectivity, secure collaboration, and business productivity options for small and medium-sized enterprises, with a special focus on Microsoft Teams.
