Connect with us

Featured

E-crime fight must go unconventional

Both the private and public sector must engage out-of-the-box complex systems and more holistic security models to protect themselves from the increasing threat posed by online and cyber-related crimes, says MICHIEL JONKER.

“Due to the complex nature of cyberspace, whereby billions of users and infinite systems and networks are intertwined, it has now become virtually impossible to control the ecosystem,” he says.  “Security therefore could not be treated in isolation but effective security management should employ a 360-degree complex systems philosophy that engages multiple conventional and unconventional (e.g. futuristic) models of security assessment.”

While statistics are not readily available in South Africa, numerous breaches have been recorded over the past few years. In 2013 Bloomberg reported that South African banks had lost tens of millions of rands to an international organisation that hacked the bank card details of fast-food restaurant customers. Based on data from the Payments Association of SA, the report found that every South African bank had been affected.

“Recent breaches, including JP Morgan Chase, The White House, Sony and even South African government website hacking incidents, have called into question the future of cyberspace as a means of safe transaction. Cybercrime holds potentially catastrophic consequences for businesses and government – not to mention the security of nation states. 2014 was a watershed year for cyberspace security and in 2015 the issues will become even more noticeable,” Jonker said.

“The current model of applying ‘best practices’ addresses many aspects of cyber security but is not enough. A new approach designed to deal with threats requires more than standard analytical IT frameworks because we are steadily losing the war against cyber criminals, like hackers and information thieves,” said Jonker.

He said that in addition to legislation, such as the Protection of Personal Information (POPI) partly enacted last year, and best practice guides, it is now imperative that measures be scaled up. The POPI Act, which was gazetted in November 2013, and which is currently awaiting an effective enactment date, provides strict guidelines, among other things, on what data can be obtained, how that data can be used, and the requirement that it should be kept up-to-date.

In a recent Grant Thornton International Business Report (IBR) survey, for the first quarter of 2015, SA businesses were asked if their current business strategy plans included breaches to IT security as a potential threat to the future of the business.

“It is encouraging to note that 72% of the 150 SA business executives who were asked this question responded that their strategies DO include plans to prevent IT security breaches,” says Jonker. “One very important measure needed and which is often overlooked, is the thorough testing of systems by skilled individuals whose sole purpose would be to find compromising points of entry into the system. Ironically, the majority of cyber criminals do not have formal IT qualifications.”

Jonker suggested a holistic approach incorporating the futuristic concept of “exploration-discovery.”

“The IT security industry has to change its recruitment policies. There is a need for certain IT security personnel to come from non-formal education, those who employ outside-of-the-box thinking. These persons tend to think more in systemic ways – while formally educated IT professionals traditionally think analytically. We need to have conventional and unconventional IT skills in place that will test for infiltration by those whose sole purpose is to exploit the weaknesses of IT and online systems.”

He said the concept of “exploration-discovery” in systems development practice is not new. For example, when testing new systems, software companies will often monitor how children interact with the system – with the aim of detecting any unforeseen failures not picked up by standard testing procedures.

“A similar methodology in devising security for cyberspace would allow private and public sector organisations to view their systems as an outsider, or specifically as a criminal (i.e. to ‘think or explore/discover like a criminal’). This creates a vastly improved context for security as it not only allows mitigating the rational threats but the anticipation of those systemic threats for intentional nefarious purposes,” Jonker concluded.

* Michiel Jonker, Director: IT Advisory at Grant Thornton Johannesburg. 

Featured

Mobile is the new branch

Standard Bank has launched an account for mobile devices that gives back 500MB of data a month

Standard Bank has introducd a R4.95p/m bank account called MyMo that customers can open on their mobile devices, loaded with data and airtime offerings and other benefits such as virtual and Gold physical card.

MyMo account holders will also enjoy the convenience of a cheque account through a Visa and Mastercard gold card. Once the account is open, users can choose to either receive R50 in airtime or 500MB of data a month, if their card is swiped more than four times a month. A further megabyte of data is loaded on the account for every R20 spent.

“MyMo is an account for everyone, whether you just landed your first job or have been around the block. With no documentation required it only takes a few minutes to open the account,” says Funeka Montjane, Chief Executive for Personal and Business Banking, South Africa, at Standard Bank Group. “For just R4.95 a month customer will be able to enjoy free swipes and ATM withdrawals at only R6.50 for amounts under R 1 000.

“Mobile is the new branch. This account is about bringing the mobile branch into customers hands, it is about convenience and security while banking.”

She says mobile offers low cost transactional banking which integrates people and businesses into the new connected economy, making mobile the new branch ecosystem that will drive and connect Africa’s growth. Physical connections to the economy are rapidly changing to digital where banks have to move from being financial institutions to service organisations.

“In the past people congregated in communities and eventually cities to maximise the advantages of connectivity. Today a simple hand-held device has the potential to open infinite doors, transforming individuals’ access to opportunities, regardless of where they are, and like never before in history. 

“Historically, a bank account represented access to economic citizenship. Today, having a simple device enabling digital access to a modern banking platform is a passport to global connectivity and vast human development potential.”

The bank says it is using technology, and mobile phones in particular, to deliver low-cost transactional channels accessible to all our customers. The evolution in mobile can be seen in transaction options like cash back at the retail checkout till rather than the ATM, free digital banking rather than using a branch, and the ability to transact using digital wallets, even without a bank account.

“Developing comprehensive connected ecosystems requires a mind-set change from Africa’s banks,” says Montjane. “Banks will evolve away from traditional financial service organisations, into service ecosystems enabling broad universal access to almost everything like enhanced purchasing experiences of vehicles and homes, online procurement of goods and services and lifestyle elements like rewards and travel. 

“These connectivity drivers will also act to future-proof evolving connectivity ecosystem by allowing us to offer untold future services while deriving income from as yet unrealised revenue streams,.   

From a customer perspective, the kind of ecosystems of knowledge, access and, ultimately, connectivity that banks will come to provide will radically transform the share of life that almost all individuals will be able to access.”

Continue Reading

Featured

Two-thirds of SA staff hide social media from bosses

With 90% of people in employment going online several times a day, it can be hard for most workers to keep their private and work-life separate during the working day (and beyond). The recently published Global Privacy Report from Kaspersky Lab reveals that 64% of South African consumers choose to hide social media activity from their boss. This secretive stance at work also extends to their colleagues, with 60% of South Africans also preferring not to reveal online activities to their co-workers.

Globally, the average employee spends an astonishing 13 years and two months at work during their lifetime. Interestingly though, not all this time is directly related to solving work tasks or earning a promotion: almost two thirds (64%) of consumers admit visiting non-work-related websites every day from their desk.

Not surprisingly, 35% of South African employees are against their employer knowing which websites they visit. However, more interestingly, 60% of South African are even against their colleagues knowing about their online activities. This probably means that colleagues constitute an even greater threat to future perspectives of an office slouch or maybe the relationships with colleagues are more informal and therefore, more valuable.

On the contrary, social media activity appears to be a less private domain for many and therefore, more suitable for sharing with colleagues but not the boss. This is probably because workers fear harming the public image of a company or interest in decreased staff productivity motivates companies to monitor employees’ social networks and make career changing decisions based on that. Such policies have led to 64% of South Africans saying that they don’t want to reveal their social media activities to their boss and 53% even don’t want to disclose this information to their colleagues.

A further 29% are against showing the content of their messages and emails to their employer. In addition, 3% even said that their career was irrevocably damaged as a consequence of their personal information being leaked. Thus, people are worried about how to build a favourable internal reputation and how not to destroy existing workplace relationships.

“As going online is an integral part of our life nowadays, lines continue to blur between our digital existence at work and at home. And that’s neither good nor bad. That’s how we live in the digital age. Just keep remembering that as an employee you need to be increasingly cautious of what exactly you post on social media feeds or what websites you prefer using at work. One misconceived action on the internet could have an irrevocable long-term impact on even the most ambitious worker’s ability to climb the career ladder of their choice in the future,” comments Marina Titova, Head of Consumer Product Marketing at Kaspersky Lab.

To ensure workers don’t fall prey of the internet threats at a work, there are some core guidelines to adhere to in the digital age:

  • Don’t post anything that could be considered defamatory, obscene, proprietary or libellous. If in doubt, don’t post.
  • Be aware that system administrators may at least, in theory, be informed about your web browsing patterns.
  • Don’t harass, threaten, discriminate or disparage against any colleague, partner, competitor or customer. Neither on social networks or in messages, emails, nor by any other means.
  • Don’t post photographs of other employees, customers, vendors, suppliers or company products without prior written permission.
  • Start using Kaspersky Password Manager to ensure your social media and other personal accounts are not at risk of unauthorised access by someone else in an office. Install a reliable security solution such as Kaspersky Security Cloud to protect your personal devices.

Continue Reading

Trending

Copyright © 2019 World Wide Worx