With the creation of business-related WhatsApp groups becoming something of a norm in today’s digitally-connected society, Simone Dickson, Director within the Technology and Sourcing practice at commercial law firm Cliffe Dekker Hofmeyr, says that businesses need to be especially aware of the inherent data security risks associated with using these social platforms.
“As is the case with any social media platform today, businesses and their employees need to exercise discretion in what information is shared and made available, also ensuring that the host or provider of the social media platform has taken security measures acceptable to the business and appropriate to the risk. Awareness of who the business is actually engaging with is critical.”
Cyber breaches are a real risk, she explains, referring to the World Economic Forum 2018 Global Risks Report, which ranks large scale cyberattacks and major data breaches or fraud among top five most likely risks in next 10 years. “On an international level, UK market research company, Ipsos MORI undertook a cyber-security breaches survey in 2017 and identified that 46% of UK business experienced cybersecurity breaches in the last 12 months.
“There have also been a number of data breaches either in South Africa or affecting South African users which have hit the headlines as of late,” she adds. “The potential risks to businesses affected include damage to reputation, loss of shareholder and customer confidence, business interruption, loss of competitive edge, loss or damage to technology and infrastructure, possible regulatory scrutiny, fines and penalties and costs to remedy the breach.”
When asked what legal recourse is currently available locally, Dickson says that businesses would generally need to rely on common law remedies in the event of a breach, although this would need to be assessed on a case-by-case basis. “Whilst the Protection of Personal Information Act, No. 4 of 2013 (POPI) and Cybercrimes and Cybersecurity Bill (Bill) do introduce statutory measures which will assist businesses in legal recourse in the event of cyber breaches, neither of these are fully in effect as yet.”
As such, she urges business owners to undertake effective due diligence on service providers providing them with social media platforms and online services. “This includes assessing levels of data security and deciding whether the platform is appropriate in the context for which it is going to be used.
“In the context of WhatsApp in particular, whilst this may be used effectively as a business tool, it is still ultimately user-based and not centrally controlled by the business itself. Accordingly, the rules of engagement and employee policies must be clearly established upfront. It is also essential to determine where data is to be hosted to consider which data protection laws are in place in the relevant jurisdiction.
“Where sensitive business data is shared via a social media platform (including any backups of such data), this should be subject to stringent security measures. Due to the prevalence of cybersecurity risk, this should be a board level agenda item with a dedicated focus. Businesses should also formulate a breach response plan in order to be fully prepared in the event of a data breach so as to allow for pro-active management rather than crisis driven responses,” Dickson explains.
She adds that data breaches are unfortunately inevitable and it is up to business to be aware of inherent risks and take pro-active steps to mitigate these risks. “Awareness and education is critical,” she says.
Worldwide ICT spending poised to hit $4.3-Tn in 2020
Worldwide spending on ICT will increase by 3.6% this year over 2019, with commercial and public sector spending accounting for well over half the total
A new forecast from International Data Corporation (IDC) predicts worldwide spending on information and communications technology (ICT) will be $4.3 trillion in 2020, an increase of 3.6% over 2019. Commercial and public sector spending on information technology (hardware, software and IT services), telecommunications services, and business services will account for nearly $2.7 trillion of the total in 2020 with consumer spending making up the remainder.
Serena Da Rold, program manager in IDC’s Customer Insights and Analysis group, says: “The slow economy, weak business investment, and uncertain production expectations combined with protectionist policies and geopolitical tensions — including the US-China trade war, threats of US tariffs on EU automobiles and the EU’s expected response, and continued uncertainty around the Brexit deal — are still acting as inhibitors to ICT spending across regions. On the upside, our surveys indicate a strong focus on customer experience and on creating innovative products and services driving new ICT investments. Companies and organizations across industries are shifting gears in their digital transformation process, investing in cloud, mobility, the Internet of Things, artificial intelligence, robotics, and increasingly in DevOps and edge computing, to transform their business processes.”
IT spending will make up more than half of all ICT spending in 2020, led by purchases of devices (mainly mobile phones and PCs) and enterprise applications. However, when combined, the three IT services categories (managed services, project-oriented services, and support services) will deliver more than $750 billion in spending this year as organizations look to accelerate their digital transformation efforts. The application development & deployment category will provide the strongest spending growth over the 2019-2023 forecast period with a five-year compound annual growth rates (CAGR) of 11.1%.
Telecommunications services will represent more than one-third of all ICT spending in 2020. Mobile telecom services will be the largest category at more than $859 billion, followed by fixed telecom services. Both categories will see growth in the low single digits over the forecast period. Business services, including key horizontal business process outsourcing and business consulting, will be about half the size of the IT services market in 2020 with solid growth (8.2% CAGR) expected for business consulting.
Consumer ICT spending will grow at a much slower rate (0.7% CAGR) resulting in a gradual loss of share over the five-year forecast period. Consumer spending will be dominated by purchases of mobile telecom services (data and voice) and devices (such as smartphones, notebooks, and tablets).
Four industries – banking, discrete manufacturing, professional services, and telecommunications – will deliver 40% of all commercial ICT spending in 2020. IT services will represent a significant portion of the spending in all four industries, ranging from 50% in banking to 26% in professional services. From there, investment priorities will vary as banking and discrete manufacturing focus on applications while telecommunications and professional services invest in infrastructure. The industries that will deliver the fastest ICT spending growth over the five-year forecast are professional services (7.2% CAGR) and media (6.6% CAGR).
More than half of all commercial ICT spending in 2020 will come from very large businesses (more than 1,000 employees), while small businesses (10-99 employees) and medium businesses (100-499 employees) will account for nearly 28%. IT services will represent a significant portion of the overall spending for both market segments – 54% for very large businesses and 35% for small and medium businesses. Application and infrastructure spending will be about equal for very large businesses while small and medium businesses will invest more in applications.
“SMBs are increasingly embracing digital transformation to take advantage of both the opportunities it presents, and the disruption it can mitigate,” says Shari Lava, research director, Small and Medium Business Markets at IDC. “Digitally determined SMBs, defined as those that are making investments in digital transformation-related technology, are almost twice as likely to report double-digit revenue growth versus their technology indifferent peers.”
IDC’s Worldwide ICT Spending Guide Industry and Company Size is IDC’s flagship all-in-one data product capturing IT spending across more than 120 technology categories and 53 countries. This IDC Spending Guide will provide a granular view of the market for IT spending from a country, industry, company size, and technology perspective. This comprehensive database delivered via pivot table format or IDC’s custom query tool allows the user to easily extract meaningful information about various technology markets and industries by viewing data trends, relationships, and making data comparisons across more than three million data points.
The Worldwide Small and Medium Business Spending Guide provides detail on small and midsize business IT spending across 40 technology categories in nine geographic regions and 53 countries. Spending details are also provided for four company size categories: 1–9 employees, 10–99 employees, 100–499 employees, and 500–999 employees. Unlike any other research in the industry, the comprehensive spending guide was designed to help IT decision-makers to clearly understand the direction of SMB spending today and over the next five years.
Hackers hit SA with fake VPN
Kaspersky researchers have detected an unusual malicious campaign that uses phishing to mimic a popular VPN service. This helps spread AZORult, a Trojan stealer, under the guise of installers for Windows. The campaign, which kicked off at the end of November 2019 with the registration of a fake website, is currently active and focused on stealing personal information and cryptocurrency from infected users. This shows that cybercriminals are still hunting for cryptocurrency, despite reports that interest in the currency has died down. AZORult is highly active: in 2019 this malware targeted 78,189 users in Africa, with 16,975 users located in South Africa, 8,165 in Kenya and 1,965 in Nigeria. January 2020 has already seen the continuation of this dangerous trend, with 759 users hit in South Africa, 128 in Nigeria, and 639 in Kenya.
AZORult is one of the most commonly bought and sold stealers on Russian forums, due to its wide range of capabilities. This Trojan poses a serious threat to those whose computers may have been infected as it is capable of collecting various data, including browser history, login credentials, cookies, files from folders, cryptowallet files, and can also be used as a loader to download other malware.
In a world where privacy is heavily fought for, VPN services play an important role by enabling additional data protection and safe internet browsing. Yet cybercriminals try to abuse the growing popularity of VPNs by impersonating them, as is the case in this AZORult campaign. In the most recent campaign, the attackers created a copy of a VPN service’s website, which looks exactly the same as the original with the only exception being a different domain name.
Links to the domain are spread through advertisements via different banner networks, a practice that is also called ‘malvertizing’. The victim visits the phishing website and is prompted to download a free VPN installer. Once a victim downloads a fake VPN installer for Windows, it drops a copy of AZORult botnet implant. As soon as the implant is run, it collects the infected device’s environment information and reports it to the server. Finally, the attacker steals cryptocurrency from locally available wallets (Electrum, Bitcoin, Etherium, and others), FTP logins, and its passwords from FileZilla, email credentials, information from locally installed browsers (including cookies), credentials from WinSCP, Pidgin messenger and others.
Upon the discovery of the campaign, Kaspersky immediately informed the VPN service in question about the issue and blocked the fake website.
“This campaign is a good example of how vulnerable our personal data is nowadays”, says Dmitry Bestuzhev, head of Kaspersky’s Global Research and Analysis Team (GReAT) in Latin America in Latin America. “In order to protect it, users need to be cautious and be especially careful when surfing online. This case also shows why cybersecurity solutions are needed on every device. When it comes to phishing copies of websites, it is very difficult for the user to differentiate between a real and a fake version. Cybercriminals often capitalise on popular brands and this trend is not likely to die down. We strongly recommend using a VPN for protection of data exchange on the web, but it is also important to closely study where the VPN software is downloaded from.”
Kaspersky detects this threat as HEUR:Trojan-PSW.Win32.Azorult.gen
Read more about this AZORult campaign on Securelist.com.