Cybercrime is a Reality – Is your business cyber resilient?

The digitised world is growing at a phenomenal pace. Businesses are embracing the digital era in order to realise technological advantages as much as out of necessity to keep up with competitors, as the Internet of Things drives entrepreneurship.

The falling costs of information and communications technologies is helping Africa realise a fundamental transformation in the continent’s economic, political and social environment. Especially impressive has been digitisation’s benefits to disadvantaged consumers, such as those without bank accounts or electricity. Major drivers of the continent’s digitisation include for example the various cable systems connecting the African continent to the rest of the world such as SEACOM, East African Submarine Marine Systems (EASSy), West African Cable System (WACS), and the rapid diffusion of mobile phones and smart devices.

Companies around the world, but particularly in Africa where defences are inadequate, are highly vulnerable to cyber-attacks. Africa’s businesses and governments are several steps behind the smart operators quietly entering networks to access valuable data, disrupt activities and blackmail companies.

According to the United Nations, cybercrime covers any illegal behaviour directed by means of electronic operations that target the security of computer systems and the data processed by them.

Malware and Ransomware are now concepts that businesses need to understand as cybercriminals use these to attack their digital infrastructure, which cost business and their clients millions of Rands every year. The rise of cybercrime has been astonishing and totally under estimated.

Potential impact of a ransomware attack on your organisation:

  • Inability to trade
  • Loss of revenue
  • Loss of intellectual property
  • Loss of confidential client information
  • Loss of confidential employee information
  • Loss of reputation
  • Identity theft
  • Potential liability for damages resulting from lost data

Ransomware attacks go hand-in-hand with cyber extortion. The ransomware encrypts all your documents and denies you access to your systems or data, thereby potentially disabling your ability to trade. After the ransomware has successfully encrypted your data it will present you with a message letting you know that the key to decrypt your data will be provided to you, provided you transfer a specific amount in Bitcoin (which is an untraceable currency).

When your systems are down following a ransomware attack, you may be unable to access your information, making normal trading almost impossible due to the vast reliance on data and information organisations have.

When a company is hacked information may be stolen and that information, which could contain sensitive trade, client or employee information, is then sold on what is referred to as ‘the dark web’, which is the part of the internet the normal internet user does not have access to, and from where cybercriminals operate. Cybercriminals then use that information either to scam their targets, or to commit identity theft, using all the personal information obtained to pose as a different person to buy houses or run up massive amounts of expenses in that individual’s name. You as the company have the responsibility to look after your customers and your employee’s information, and if you don’t and that information is leaked, the company could then potentially be held liable for those damages suffered by the affected third parties.

WannaCry Global Cyber-Attack

A global cyber-attack was launched on Friday, May 12, 2017, and continued through the weekend. The attack was executed as a form of ransomware called WannaCry that encrypted the data on vulnerable computers on the networks it managed to penetrate and demanded payment to restore access to the data.

The ransomware targets a specific vulnerability on computers running the Microsoft Windows operating system, exploiting the vulnerability and then encrypting data and demanding ransom payments in the Bitcoin crypto-currency. It is one of the worst ransomware attacks to date. The attack leveraged hacking tools believed to be developed by the U.S. National Security Agency that was leaked online last month by a nefarious group known as “The Shadow Brokers.”

The attack infected more than 230,000 computers in nearly 150 countries, by spreading across local networks and the Internet to systems that have not been updated with the most recent security updates, to directly infect any exposed systems.

It even disrupted Britain’s health system and global shipper FedEx. At least 16 hospitals in the United Kingdom were forced to divert emergency patients as their systems were rendered useless and physicians unable to access electronic medical records. Perhaps this could be the beginning of a new trend for international organised crime, experts have told the BBC. http://www.bbc.com/news/av/uk-39905839/nhs-cyber-attack-the-next-step-for-organised-crime

Europol, the pan-EU crime-fighting agency, said the threat was escalating and predicted the number of ransomware victims was likely to grow across the private and public sectors. Cyber security experts said the malware could spread through computers with unpatched versions of Microsoft Windows.

https://www.theguardian.com/technology/2017/may/14/cyber-attack-escalate-working-week-begins-experts-nhs-europol-warn

South African companies and individuals have also been the victim of the WannaCry ramsonware although not to the same degree as some of the other countries as seen in the picture below.

It goes without saying that the phenomenon goes far beyond the common scams perpetrated through emails – the famous Nigerian “419” scam.

https://www.scamwatch.gov.au/types-of-scams/unexpected-money/nigerianscams

Recently, a number of South African companies’ and government institutions systems were infiltrated by cyber attackers and data was stolen or held for ransom. These incidents illustrate the risks that the use of cyberspace poses to the African continent in the 21st Century.

The Way Forward

Businesses need to embrace new technologies and understand they’re exposing themselves to new risks. The questions are how to guard against data breaches, how to mitigate damages, and how to manage cyber risk. The world is changing at a bewildering pace due to rapid digitisation and urgent solutions are needed to ensure that businesses are cyber resilient.

Security has to be on management’s and the board’s agenda. They need to be constantly thinking about the worst-case scenario: what would happen if your information were stolen? How badly would your business be damaged if one individual were bribed or blackmailed? What are all the possible ways someone could attack?

There are two key areas to consider: the regulatory environment and organisational culture.

Regulatory Environment  Organisational Culture

A crucial aspect is the impact of different regulatory environments. Today’s globalised and digitally integrated world means that most organisations are to some extent international. Whether it’s a business, which serves a global market or a manufacturer hooked into global supply chains, awareness and adherence to local rules and regulations in all areas of operation are crucial.

The EU General Data Protection Regulation (GDPR), due to come into effect in 2018, which requires every organisation operating in Europe to abide by several regulatory provisions – and this doesn’t just mean companies based in Europe, but also those offering goods or services to EU markets in a way that involves processing any European-owned data. Cyber challenges are global, and regions everywhere will need to come up with appropriate regulatory responses.  Management or the board members can’t do everything themselves. You need to build security awareness into your organisation’s culture by making it part of every employee’s roles and responsibilities. Give the employee responsibility, and encourage them to speak up.

If everyone thinks about security, they’ll ask the right questions. For example, a recruiter can consider how much a planted employee could steal. They might then be proactive and help ensure you have the right vetting processes in place. Other security issues can result from scammers working on the inside or employees not being educated about the risks of accepting for example free USB drives or bringing their own devices to work. Business owners should consult with security professionals.

If businesses do nothing, assuming a “nothing can happen to us” mentality, then it’s only a matter of time before a security hack occurs.

Companies, multinationals, government and individuals can’t avoid an attack. It’s going to happen eventually. You can do everything possible to recover what’s been stolen and catch the criminal, but eventually they’ll find that tiny hole and squeeze through.

The trick is to make sure you have layers between your systems. If your customer data is behind another wall, it’s safer. You want to make sure your most valuable information is hidden – even from your own employees. You don’t see bank vaults out on the street. They’re behind checkpoints, cameras and closed doors. Do the same with your data.

So, what can you or your organisation do? How can you protect yourself?
These are complex questions that you need to address, but for now, consider the following:

  • Get educated about cybersecurity. You can’t defend from what you don’t understand. Cybercrime is real. It’s a threat to all organisations. It’s no longer a matter of “if” but “when”.
  • Implement a cybersecurity strategy. Are you taking the proper measures to adequately protect your organisation? How will you know if a hacker is on your network?
  • Have an incident response plan. How will you bounce back after an attack? Have a plan in place to respond and bounce back after an attack.

Nexia SAB&T’s Cyber Security Offering

Nexia SAB&T offers various ICT security assessments or Security Audits, including vulnerability assessments and penetration testing covering your ICT environment and systems such as servers including mail servers, network authentication servers, file servers, network devices, database review, security awareness training, etc.

We also offer a Unified Security Management Platform. This platform will monitor network traffic for any vulnerabilities including the existence of any ransomware ,malware and other known viruses within you organisation as well as identifying the source within your ICT systems to identify the origin of the particular attack.

This article was adapted from an article published by Sujata Jaffer, CPA (T) PP; CISA of Nexia SJ, Tanzania.

Contact Us

Herman Van Der Merwe
herman@nexia-sabt.co.za
www.nexia-sabt.co.za
Contact: +27 12 682 8800

 

 

Disclaimer
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in future, and, to the extent permitted by law. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

Nexia SAB&T does not accept liability for any loss arising from any action taken, or omission, on the basis of the content in this article or any documentation and external links provided.

Nexia SAB&T is a member firm of the “Nexia International” network. Nexia International Limited does not deliver services in its own name or otherwise. Nexia International Limited and the member firms of the Nexia International network (including those members which trade under a name which includes the word NEXIA) are not part of a worldwide partnership. Member firms of the Nexia International network are independently owned and operated.

Nexia International Limited does not accept liability for any loss arising from any action taken, or omission, on the basis of the content in this publication or article or any documentation and external links provided.

The trade marks NEXIA INTERNATIONAL, NEXIA and the NEXIA logo are owned by Nexia International Limited and used under licence.

References to Nexia or Nexia International are to Nexia International Limited or to the “Nexia International” network of firms, as the context may dictate.

For more information, visit www.nexia.com.

Meet the new chairperson of Nexia SAB&T

NDUMI MEDUPE reveals what it takes to succeed  and her vision for Top 10 Audit Practice Nexia SAB&T:

Ndumi Medupe was elected Chairperson of Nexia SAB&T in April 2017. Her election followed on from the merger of her practice, Indyebo, with Nexia SAB&T on March 1, 2017.

Ndumi hails from Bizana in the Eastern Cape, she has more than 20 years of professional experience, having started her path to becoming a chartered accountant at Deloitte in 1994.

Ndumi qualified as a chartered accountant in 2002 completing her studies at the University of Natal.

Ndumi has both private and public sector experience, having served in senior positions at the Gauteng Department of Finance, MTN and Joburg City Parks.

In 2003, she was one of the founding partners of Xabiso Chartered Accountants, where after she decided to go it alone in 2007, when she founded Indyebo.

During her 10 years at the helm of Indyebo, Ndumi grew the firm into a brand with an outstanding reputation for quality, excellence and integrity.

The merger with Nexia SAB&T came about as a natural development out of several projects undertaken by Nexia SAB&T and Indyebo jointly. Indyebo has long benefitted from Nexia SAB&T’s enterprise development initiatives and as such shared a long and mutually beneficial relationship.

With the other Black owned assurance provider firms in the market having experienced growth in the past years, this merger sees Nexia SAB&T solidifying its position among South Africa’s top ten audit firms as well as, as one of the premier Black empowerment firms.

“The benefits for myself and the staff that joined Nexia SAB&T include: JSE accreditation for the conduct of audits of listed entities, a national footprint with offices in each of South Africa’s nine provinces and experience in the private and public sector at all levels.” commented Ndumi when asked about the merger.

“Gender discrimination and stereotyping, juggling the pressures of a career and family and coping with failure are the biggest challenges women in business face,” says Ndumi.

“Women should be confident in their abilities and skills in order to excel in their roles. Creating a strong support and network base is key to success.”

“In my role as chairperson of Nexia SAB&T I will look to ensure the firm executes its approved long-term strategy which means protecting and enhancing the firm’s brand while cementing ourselves as a top 10 professional services practice in South Africa.”

”Our focus will be on increasing service quality by developing and retaining key talent and expanding our capabilities across all areas of the business.”

When asked what gets her up in the morning Ndumi replied: “I have a strong sense of purpose and set myself goals, I’m excited to execute, implement, correct and fine tune.”

“I’m excited for the future, each client brings a unique dynamic that stretches our service excellence ambitions. The diversity of the Nexia SAB&T team and our clients makes my life fascinating as a business advisor.”

Indyebo and Nexia SAB&T tie the knot!

Centurion,   Gauteng,   27   February   2017   –   Representatives    from    Nexia    SAB&T    and    Indyebo,   announced   today   that   the   two   companies  will  be  merging  effective  1  March  2017.  The  business  will  continue  to  trade  under  the  Nexia  SAB&T  brand,  to  emphasise  its ties to the 10th largest international network in the sector, Nexia International.

Nexia  SAB&T  is  a  top  ten  audit,  accounting  and  consulting  professional  services  provider,  with  a  history  that  dates  back  to  the  birth  of  democracy   in   South   Africa,   having   been   founded in 1994. Nexia SAB&T has always strived to reflect the demographics of the country in its ownership structure, while providing a service to its clients that is inspired by a vision to be “Closer to you!”

Indyebo is a progressive Black female owned firm that offers assurance, advisory and consulting services and has an outstanding reputation for quality, excellence and integrity.

The merger has come about as a natural development out of several projects undertaken by Nexia SAB&T and Indyebo  jointly.  Nexia  SAB&T  has  long  identified  Indyebo  as  a  candidate  for  its  enterprise  development  initiatives and as such shared a long and mutually beneficial shared relationship with Indyebo over the years. With  the  other  Black  owned  assurance  provider  firms  in  the  market  having  experienced  growth  in  the  past  years, this merger will see Nexia SAB&T solidifying its position among South Africa’s top ten audit firms as well as, as one of the premier Black empowerment firms.

Nexia  SAB&T  is  truly  a  multi-disciplinary  professional  service  provider,  with  a  wide  range  of  services  and  accreditations in the audit, accounting and consulting fields. These include JSE accreditation for the conduct of audits  of  listed  entities,  a  national  footprint  with  offices  in  each  of  South  Africa’s  nine  provinces  and  experience in the private and public sector at all levels.

Bashier  Adam,  CEO  and  founder  of  Nexia  SAB&T  explained  the  new  direction  of  the  merged  company  as  follows:  “This  merger  is  in  line  with  Nexia  SAB&T’s  vision  to  entrench  itself  as  a  top  Black  empowerment  professional services firm in South Africa. We have no doubt that the addition of Indyebo and particularly Ms Ndumi Medupe will go a long way to achieving this!”

Indyebo has experienced highs and lows since its inception in 2007 and with the enhanced capacity brought about  through  the  merger  with  Nexia  SAB&T,  is  now  ready  for  bigger  challenges.  This  includes  exposure  to  JSE Listed Assurance Services and a national footprint.

Ndumi Medupe, CEO and founder of Indyebo expressed enthusiasm for the merger: “By merging with Nexia SAB&T  we  will  attract  clients  in  new  sectors  and  geographical  locations  to  create  a  formidable  professional  services firm in SA. I believe the market is ready for strong, empowered brands and this merger will solidify the firm’s position. These are truly exciting times.”

The  “new”  Nexia  SAB&T  is  set  to  continue  to  chart  a  course  that  sees  it  living  its  vision  of  being  “Closer  to  you”  through  professional  services  that  provide  strategic,  innovative,  resource  management  advice  to  its  clients.

 

How to choose a good BEE verification agency

How to choose a good BEE verification agency

Our belief is that the implementation of a BEE strategy is not about statutory compliance, but rather about the economic growth of the organisation and thereafter the national economy, through meaningful up-skilling, planned procurement and the engagement in enterprise and social initiatives.

Having been involved in the B-BBEE verification and consulting industry since the inception of the codes, we have been exposed to just about all of the idiosyncrasies within the industry.

A lot of the advice we have given in this article, has been based on client satisfaction surveys that we have conducted over the years, and below is some of the feedback that we have received from our clients and strategic partners, as well as some facts one needs to consider when looking for a BEE verification agency:

• The agency should be SANAS accredited as a sign of their credibility. SANAS is the only accrediting body in the B-BBEE verification industry, so it is imperative that the agency be able to demonstrate this.

• The agency should have an exceptional BEE level themselves, to show that they truly understand transformation as being a national, social and business imperative. The agency should have a succinct process that determines verification from start to end. Their process should be highlighted to the client before deciding on which agency to appoint.

• The agency’s marketing & verification staff should be up to date with all relevant BEE knowledge.

• The agency should be price competitive whilst maintaining a high degree of quality and service delivery.

• Conduct market research by approaching businesses within your industry and establishing which are the common verification agencies that are appointed. This will ensure that you are appointing an agency that understands your environment and most importantly your business.

• Pay attention to how well the agency strives to understand your business.

• A great agency makes verification a simple, hassle free and informative process for their client.

Should you wish to engage SAB&T BEE Services in order to understand more about B-BBEE feel free to visit our website at www.sabtbee.co.za or contact us at marketing@sabtbee.co.za

By Mr Abisha Katerere, Nexia SAB &T BEE Services

First Limpopo then the World – Aspiring CA(SA) makes his mark despite humble beginnings

Pretoria, Friday May 6 2016 – Musa Ndlovu grew up in Limpopo, a province more often in the headlines for protests than feel good stories. But occasionally someone comes along who beats the odds. Ndlovu has risen above his personal circumstances to make his hometown and family proud.

He has always scored high marks for mathematics. Only one in twenty children who start school score over 50% for maths. The reasons range from a legacy of sub-standard Apartheid education system to poor subject choices, and the fact that only 50% of those who start school even write matric.

Ndlovu’s story is a tribute to how far determination can carry a person. It also illustrates the life-changing consequences of extending a helping hand when help is needed most. A gifted mathematician, Ndlovu hasn’t had it easy. A disability in his fingers makes it difficult to write, but this hasn’t deterred him from developing his full potential.

“Life gets real at high school,” says Ndlovu. “I couldn’t play sport, because of my disability, so I concentrated on my school work instead.” He writes slower than usual. In matric his teachers wouldn’t give him extra time to complete his exam paper – but he still achieved a credible 78% for mathematics.

Ndlovu was proving the usefulness of his mathematics ability as a budding entrepreneur. His most successful venture was selling pre-paid electricity, airtime and cold drinks, enabling him to pay the deposit for his first year university fees with his earnings.

While some people with disabilities begin to believe they aren’t as worthy as their able bodied counterparts, Ndlovu is disproving this. Many learners have the same self-limiting beliefs about mathematics. It is seen as a subject to be feared. “This attitude is their disability. I was lucky. I was always good at maths,” Ndlovu says.

His perceptive parents encouraged his logical leaning. Realising their son would benefit from the best schooling possible, in grade 9 they moved him to Khanyisa Education School , in Giyani, Limpopo.

“My parents sacrificed a lot for me to get a private school education,” says Ndlovu. In grade 11 Ndlovu registered for the South African Maths Olympiad training and submitted weekly assignments online. His hard work paid off – he entered and reached the second round of the Maths Olympiad and was awarded Best African Learner in the Maths Olympiad in 2011, his matric year.

“The value of participating in any Olympiad is to promote that subject,” says Ellie Olivier, Operations Manager at the South African Mathematics Foundation (SAMF), “getting the message across to learners that mathematics is important and that it can open doors for you. The mathematics competitions are primarily to identify talent. The next step is developing talent.” Fortunately for Ndlovu, Olivier recognised his talent.

“The Maths Olympiad for grades 8 to 12 is one of our flagship programmes and is co-sponsored by the South African Institute of Chartered Accountants (SAICA),” says Olivier. In 2012 Ndlovu enrolled for an undergraduate degree at the University of Pretoria. “Because of my maths marks I was accepted into the Actuarial Studies programme and also into the BCom Accounting stream. But my parents couldn’t afford university fees,” he says.

Despite good academic results Ndlovu didn’t qualify for a bursary from the National Students Financial Aid Scheme (NSFAS). “I was in the missing middle – the majority of students whose parents are considered rich in terms of NFSAS – yet who cannot afford to send their kids to university,” he comments.

Ndlovu struggled to obtain funding so he called the person who represented his last hope. “By this time I had written my National Benchmark Test (NBT) and had performed well. I sent my results to Ellie who introduced me to the Thuthuka representatives at SAICA.”.
“Ellie could only help me apply for a Thuthuka Bursary Fund in Accounting as the Actuarial Society had closed its applications. I’m grateful I was selected for this bursary because I think Thuthuka is the best programme. It doesn’t just support the cost of your studies. You get mentored from day one. There is nothing to worry about as Thuthuka pays for food and things like books and calculators, so you can focus on your studies.”

The aspiring chartered accountant completed his undergraduate degree in record time, and in 2015 completed his honours degree at the University of Johannesburg. “Musa did very well. I am very proud of him,” says Olivier.

“I think I can change people’s mind-sets about how they perceive people with disabilities and inspire many people academically,” Ndlovu reflects. He is currently a trainee accountant at Nexia SAB&T Chartered Accountants in Centurion. Ndlovu is receiving in-house training and appreciates the open door policy which he enjoys with all directors. All trainees are allocated to mentors from their first day of training.

Ndlovu’s next hurdle is writing his SAICA professional exam in November 2017. He plans to complete his training and build his career from there. Ndlovu would ultimately like to return to Gigale in Limpopo to be with his family and become a role model in his community.
Ndlovu counts himself as lucky. “I have gained supporters as I have progressed in life.” He has extended an invitation to Thuthuka that he is available for talks at schools to inspire learners that they can become anything they want to become. All it takes is determination, hard work, besides encouragement and support from other. The rest is up to them!

Willie Coates, Senior Executive: Brand at SAICA says, “I am glad that both our SAICA sponsorship of the Maths Olympiad and our valued partnership with SAMF has paved the way for Musa’s success. His determination to achieve success is a beacon of light to all who aspire to be leaders. SAICA is committed to transforming the profession and to promoting the CA(SA) designation to the youth in the country. SAICA’s Thuthuka programme is also yielding the desired results.”