Cybercrime is a Reality – Is your business cyber resilient?

The digitised world is growing at a phenomenal pace. Businesses are embracing the digital era in order to realise technological advantages as much as out of necessity to keep up with competitors, as the Internet of Things drives entrepreneurship.

The falling costs of information and communications technologies is helping Africa realise a fundamental transformation in the continent’s economic, political and social environment. Especially impressive has been digitisation’s benefits to disadvantaged consumers, such as those without bank accounts or electricity. Major drivers of the continent’s digitisation include for example the various cable systems connecting the African continent to the rest of the world such as SEACOM, East African Submarine Marine Systems (EASSy), West African Cable System (WACS), and the rapid diffusion of mobile phones and smart devices.

Companies around the world, but particularly in Africa where defences are inadequate, are highly vulnerable to cyber-attacks. Africa’s businesses and governments are several steps behind the smart operators quietly entering networks to access valuable data, disrupt activities and blackmail companies.

According to the United Nations, cybercrime covers any illegal behaviour directed by means of electronic operations that target the security of computer systems and the data processed by them.

Malware and Ransomware are now concepts that businesses need to understand as cybercriminals use these to attack their digital infrastructure, which cost business and their clients millions of Rands every year. The rise of cybercrime has been astonishing and totally under estimated.

Potential impact of a ransomware attack on your organisation:

  • Inability to trade
  • Loss of revenue
  • Loss of intellectual property
  • Loss of confidential client information
  • Loss of confidential employee information
  • Loss of reputation
  • Identity theft
  • Potential liability for damages resulting from lost data

Ransomware attacks go hand-in-hand with cyber extortion. The ransomware encrypts all your documents and denies you access to your systems or data, thereby potentially disabling your ability to trade. After the ransomware has successfully encrypted your data it will present you with a message letting you know that the key to decrypt your data will be provided to you, provided you transfer a specific amount in Bitcoin (which is an untraceable currency).

When your systems are down following a ransomware attack, you may be unable to access your information, making normal trading almost impossible due to the vast reliance on data and information organisations have.

When a company is hacked information may be stolen and that information, which could contain sensitive trade, client or employee information, is then sold on what is referred to as ‘the dark web’, which is the part of the internet the normal internet user does not have access to, and from where cybercriminals operate. Cybercriminals then use that information either to scam their targets, or to commit identity theft, using all the personal information obtained to pose as a different person to buy houses or run up massive amounts of expenses in that individual’s name. You as the company have the responsibility to look after your customers and your employee’s information, and if you don’t and that information is leaked, the company could then potentially be held liable for those damages suffered by the affected third parties.

WannaCry Global Cyber-Attack

A global cyber-attack was launched on Friday, May 12, 2017, and continued through the weekend. The attack was executed as a form of ransomware called WannaCry that encrypted the data on vulnerable computers on the networks it managed to penetrate and demanded payment to restore access to the data.

The ransomware targets a specific vulnerability on computers running the Microsoft Windows operating system, exploiting the vulnerability and then encrypting data and demanding ransom payments in the Bitcoin crypto-currency. It is one of the worst ransomware attacks to date. The attack leveraged hacking tools believed to be developed by the U.S. National Security Agency that was leaked online last month by a nefarious group known as “The Shadow Brokers.”

The attack infected more than 230,000 computers in nearly 150 countries, by spreading across local networks and the Internet to systems that have not been updated with the most recent security updates, to directly infect any exposed systems.

It even disrupted Britain’s health system and global shipper FedEx. At least 16 hospitals in the United Kingdom were forced to divert emergency patients as their systems were rendered useless and physicians unable to access electronic medical records. Perhaps this could be the beginning of a new trend for international organised crime, experts have told the BBC. http://www.bbc.com/news/av/uk-39905839/nhs-cyber-attack-the-next-step-for-organised-crime

Europol, the pan-EU crime-fighting agency, said the threat was escalating and predicted the number of ransomware victims was likely to grow across the private and public sectors. Cyber security experts said the malware could spread through computers with unpatched versions of Microsoft Windows.

https://www.theguardian.com/technology/2017/may/14/cyber-attack-escalate-working-week-begins-experts-nhs-europol-warn

South African companies and individuals have also been the victim of the WannaCry ramsonware although not to the same degree as some of the other countries as seen in the picture below.

It goes without saying that the phenomenon goes far beyond the common scams perpetrated through emails – the famous Nigerian “419” scam.

https://www.scamwatch.gov.au/types-of-scams/unexpected-money/nigerianscams

Recently, a number of South African companies’ and government institutions systems were infiltrated by cyber attackers and data was stolen or held for ransom. These incidents illustrate the risks that the use of cyberspace poses to the African continent in the 21st Century.

The Way Forward

Businesses need to embrace new technologies and understand they’re exposing themselves to new risks. The questions are how to guard against data breaches, how to mitigate damages, and how to manage cyber risk. The world is changing at a bewildering pace due to rapid digitisation and urgent solutions are needed to ensure that businesses are cyber resilient.

Security has to be on management’s and the board’s agenda. They need to be constantly thinking about the worst-case scenario: what would happen if your information were stolen? How badly would your business be damaged if one individual were bribed or blackmailed? What are all the possible ways someone could attack?

There are two key areas to consider: the regulatory environment and organisational culture.

Regulatory Environment  Organisational Culture

A crucial aspect is the impact of different regulatory environments. Today’s globalised and digitally integrated world means that most organisations are to some extent international. Whether it’s a business, which serves a global market or a manufacturer hooked into global supply chains, awareness and adherence to local rules and regulations in all areas of operation are crucial.

The EU General Data Protection Regulation (GDPR), due to come into effect in 2018, which requires every organisation operating in Europe to abide by several regulatory provisions – and this doesn’t just mean companies based in Europe, but also those offering goods or services to EU markets in a way that involves processing any European-owned data. Cyber challenges are global, and regions everywhere will need to come up with appropriate regulatory responses.  Management or the board members can’t do everything themselves. You need to build security awareness into your organisation’s culture by making it part of every employee’s roles and responsibilities. Give the employee responsibility, and encourage them to speak up.

If everyone thinks about security, they’ll ask the right questions. For example, a recruiter can consider how much a planted employee could steal. They might then be proactive and help ensure you have the right vetting processes in place. Other security issues can result from scammers working on the inside or employees not being educated about the risks of accepting for example free USB drives or bringing their own devices to work. Business owners should consult with security professionals.

If businesses do nothing, assuming a “nothing can happen to us” mentality, then it’s only a matter of time before a security hack occurs.

Companies, multinationals, government and individuals can’t avoid an attack. It’s going to happen eventually. You can do everything possible to recover what’s been stolen and catch the criminal, but eventually they’ll find that tiny hole and squeeze through.

The trick is to make sure you have layers between your systems. If your customer data is behind another wall, it’s safer. You want to make sure your most valuable information is hidden – even from your own employees. You don’t see bank vaults out on the street. They’re behind checkpoints, cameras and closed doors. Do the same with your data.

So, what can you or your organisation do? How can you protect yourself?
These are complex questions that you need to address, but for now, consider the following:

  • Get educated about cybersecurity. You can’t defend from what you don’t understand. Cybercrime is real. It’s a threat to all organisations. It’s no longer a matter of “if” but “when”.
  • Implement a cybersecurity strategy. Are you taking the proper measures to adequately protect your organisation? How will you know if a hacker is on your network?
  • Have an incident response plan. How will you bounce back after an attack? Have a plan in place to respond and bounce back after an attack.

Nexia SAB&T’s Cyber Security Offering

Nexia SAB&T offers various ICT security assessments or Security Audits, including vulnerability assessments and penetration testing covering your ICT environment and systems such as servers including mail servers, network authentication servers, file servers, network devices, database review, security awareness training, etc.

We also offer a Unified Security Management Platform. This platform will monitor network traffic for any vulnerabilities including the existence of any ransomware ,malware and other known viruses within you organisation as well as identifying the source within your ICT systems to identify the origin of the particular attack.

This article was adapted from an article published by Sujata Jaffer, CPA (T) PP; CISA of Nexia SJ, Tanzania.

Contact Us

Herman Van Der Merwe
herman@nexia-sabt.co.za
www.nexia-sabt.co.za
Contact: +27 12 682 8800

 

 

Disclaimer
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in future, and, to the extent permitted by law. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

Nexia SAB&T does not accept liability for any loss arising from any action taken, or omission, on the basis of the content in this article or any documentation and external links provided.

Nexia SAB&T is a member firm of the “Nexia International” network. Nexia International Limited does not deliver services in its own name or otherwise. Nexia International Limited and the member firms of the Nexia International network (including those members which trade under a name which includes the word NEXIA) are not part of a worldwide partnership. Member firms of the Nexia International network are independently owned and operated.

Nexia International Limited does not accept liability for any loss arising from any action taken, or omission, on the basis of the content in this publication or article or any documentation and external links provided.

The trade marks NEXIA INTERNATIONAL, NEXIA and the NEXIA logo are owned by Nexia International Limited and used under licence.

References to Nexia or Nexia International are to Nexia International Limited or to the “Nexia International” network of firms, as the context may dictate.

For more information, visit www.nexia.com.

Meet the new chairperson of Nexia SAB&T

NDUMI MEDUPE reveals what it takes to succeed  and her vision for Top 10 Audit Practice Nexia SAB&T:

Ndumi Medupe was elected Chairperson of Nexia SAB&T in April 2017. Her election followed on from the merger of her practice, Indyebo, with Nexia SAB&T on March 1, 2017.

Ndumi hails from Bizana in the Eastern Cape, she has more than 20 years of professional experience, having started her path to becoming a chartered accountant at Deloitte in 1994.

Ndumi qualified as a chartered accountant in 2002 completing her studies at the University of Natal.

Ndumi has both private and public sector experience, having served in senior positions at the Gauteng Department of Finance, MTN and Joburg City Parks.

In 2003, she was one of the founding partners of Xabiso Chartered Accountants, where after she decided to go it alone in 2007, when she founded Indyebo.

During her 10 years at the helm of Indyebo, Ndumi grew the firm into a brand with an outstanding reputation for quality, excellence and integrity.

The merger with Nexia SAB&T came about as a natural development out of several projects undertaken by Nexia SAB&T and Indyebo jointly. Indyebo has long benefitted from Nexia SAB&T’s enterprise development initiatives and as such shared a long and mutually beneficial relationship.

With the other Black owned assurance provider firms in the market having experienced growth in the past years, this merger sees Nexia SAB&T solidifying its position among South Africa’s top ten audit firms as well as, as one of the premier Black empowerment firms.

“The benefits for myself and the staff that joined Nexia SAB&T include: JSE accreditation for the conduct of audits of listed entities, a national footprint with offices in each of South Africa’s nine provinces and experience in the private and public sector at all levels.” commented Ndumi when asked about the merger.

“Gender discrimination and stereotyping, juggling the pressures of a career and family and coping with failure are the biggest challenges women in business face,” says Ndumi.

“Women should be confident in their abilities and skills in order to excel in their roles. Creating a strong support and network base is key to success.”

“In my role as chairperson of Nexia SAB&T I will look to ensure the firm executes its approved long-term strategy which means protecting and enhancing the firm’s brand while cementing ourselves as a top 10 professional services practice in South Africa.”

”Our focus will be on increasing service quality by developing and retaining key talent and expanding our capabilities across all areas of the business.”

When asked what gets her up in the morning Ndumi replied: “I have a strong sense of purpose and set myself goals, I’m excited to execute, implement, correct and fine tune.”

“I’m excited for the future, each client brings a unique dynamic that stretches our service excellence ambitions. The diversity of the Nexia SAB&T team and our clients makes my life fascinating as a business advisor.”

Indyebo and Nexia SAB&T tie the knot!

Centurion,   Gauteng,   27   February   2017   –   Representatives    from    Nexia    SAB&T    and    Indyebo,   announced   today   that   the   two   companies  will  be  merging  effective  1  March  2017.  The  business  will  continue  to  trade  under  the  Nexia  SAB&T  brand,  to  emphasise  its ties to the 10th largest international network in the sector, Nexia International.

Nexia  SAB&T  is  a  top  ten  audit,  accounting  and  consulting  professional  services  provider,  with  a  history  that  dates  back  to  the  birth  of  democracy   in   South   Africa,   having   been   founded in 1994. Nexia SAB&T has always strived to reflect the demographics of the country in its ownership structure, while providing a service to its clients that is inspired by a vision to be “Closer to you!”

Indyebo is a progressive Black female owned firm that offers assurance, advisory and consulting services and has an outstanding reputation for quality, excellence and integrity.

The merger has come about as a natural development out of several projects undertaken by Nexia SAB&T and Indyebo  jointly.  Nexia  SAB&T  has  long  identified  Indyebo  as  a  candidate  for  its  enterprise  development  initiatives and as such shared a long and mutually beneficial shared relationship with Indyebo over the years. With  the  other  Black  owned  assurance  provider  firms  in  the  market  having  experienced  growth  in  the  past  years, this merger will see Nexia SAB&T solidifying its position among South Africa’s top ten audit firms as well as, as one of the premier Black empowerment firms.

Nexia  SAB&T  is  truly  a  multi-disciplinary  professional  service  provider,  with  a  wide  range  of  services  and  accreditations in the audit, accounting and consulting fields. These include JSE accreditation for the conduct of audits  of  listed  entities,  a  national  footprint  with  offices  in  each  of  South  Africa’s  nine  provinces  and  experience in the private and public sector at all levels.

Bashier  Adam,  CEO  and  founder  of  Nexia  SAB&T  explained  the  new  direction  of  the  merged  company  as  follows:  “This  merger  is  in  line  with  Nexia  SAB&T’s  vision  to  entrench  itself  as  a  top  Black  empowerment  professional services firm in South Africa. We have no doubt that the addition of Indyebo and particularly Ms Ndumi Medupe will go a long way to achieving this!”

Indyebo has experienced highs and lows since its inception in 2007 and with the enhanced capacity brought about  through  the  merger  with  Nexia  SAB&T,  is  now  ready  for  bigger  challenges.  This  includes  exposure  to  JSE Listed Assurance Services and a national footprint.

Ndumi Medupe, CEO and founder of Indyebo expressed enthusiasm for the merger: “By merging with Nexia SAB&T  we  will  attract  clients  in  new  sectors  and  geographical  locations  to  create  a  formidable  professional  services firm in SA. I believe the market is ready for strong, empowered brands and this merger will solidify the firm’s position. These are truly exciting times.”

The  “new”  Nexia  SAB&T  is  set  to  continue  to  chart  a  course  that  sees  it  living  its  vision  of  being  “Closer  to  you”  through  professional  services  that  provide  strategic,  innovative,  resource  management  advice  to  its  clients.