In the aftermath of a security incident involving NordVPN and a third-party data center, the company says it is taking action to enhance its security.
One of its first moves is a long-term strategic partnership with VerSprite, a leading cybersecurity consulting firms. The partnership will include threat and vulnerability management, penetration testing, compliance management and assessment services. VerSprite will also help to form an independent cybersecurity advisory committee, which will consist of selected experts and oversee NordVPN’s security practices.
“We are planning to use not only our own knowledge, but to also take advice from the best cybersecurity experts and implement the best cybersecurity practices there are,” says Laura Tyrell, Head of Public Relations at NordVPN. “And this is the first of many steps we are going to take in order to bring the security of our service to a whole new level.”
According to NordVPN, they are ready to take action in five different fields to become more secure than ever. Here’s the list of the planned measures:
1. Partnership with the top cybersecurity consulting firm VerSprite. Penetration testers are a key part of NordVPN’s security efforts. Their job is to prod the infrastructure for weaknesses and mitigate the vulnerabilities. That’s why NordVPN is engaging in a long-term strategic partnership with VerSprite, a leading cybersecurity consulting firm.
VerSprite will work with NordVPN’s in-house team of penetration testers to challenge the infrastructure and ensure the security of customers. The main tasks covered in the new agreement include comprehensive penetration testing, intrusion handling, and source code analysis. VerSprite will also help to form an independent cybersecurity advisory committee.
2. Bug bounty program. Over the next few weeks, NordVPN is going to introduce a bug bounty program. Bug bounties reward cybersecurity experts for catching potential vulnerabilities and reporting to the developers so they can fix them. Bounty hunters will get a well-earned payout, and NordVPN users will get a service they know is scoured for bugs by thousands of people every day to make it as secure as possible.
3. Infrastructure security audit. NordVPN is planning to complete a full-scale third-party independent security audit in 2020. The audit will cover the infrastructure hardware, VPN software, backend architecture, backend source code, and internal procedures. The chosen vendor for the security audit will be announced in the future.
4. Vendor security assessment and higher security standards. NordVPN is planning to build a network of collocated servers. While still located in a data center, collocated servers are wholly owned exclusively by NordVPN. NordVPN is currently finishing its infrastructure review so that they can eliminate any exploitable vulnerabilities left by third-party server providers. NordVPN is committed to ensuring that their exclusively owned data centers maintain the highest security standards.
5. Diskless servers. NordVPN is planning to upgrade their entire infrastructure (currently featuring over 5100 servers) to RAM servers. This will allow to create a centrally controlled network where nothing is stored locally — not even an operating system. Everything the servers need to run will be provided by NordVPN’s secure central infrastructure. If anyone seizes one of these servers, they’ll find an empty piece of hardware with no data or configuration files on it.
“The changes we’ve outlined will make you significantly safer every time you use our service. Every part of NordVPN will become faster, stronger, and more secure – from our infrastructure and code to our teams and our partners,” says Laura Tyrell. “That’s our promise – we owe it to you.”
What happened last week
Last week, it was announced that 1 of more than 5,000 NordVPN’s servers was accessed by an unauthorized third party. The hacker managed to access this single server located in Finland because of mistakes made by the data center owner, of which NordVPN was not aware.
However, NordVPN is sure that no customer data was affected or accessed by the malicious actor, as the server did not contain any user activity logs, usernames, or passwords. NordVPN’s service as a whole was not hacked, the code was not hacked, the VPN tunnel was not breached, and the NordVPN apps stayed unaffected.
Meet the accountant of the future
The accountant of the future will need a new set of skills, writes ARTHUR GOLDSTUCK, as he meets both the local users and the global creators of Xero accounting software
Meet Buchule and Sivenathi Sibaca. They are not only partners in marriage, but also in a thriving accounting business. Buchule and Sivenathi are, respectively, chief executive officer and chief financial officer of SMTAX, which focuses on tax and accounting services for small businesses in the Western Cape, but includes the likes of Absa and Old Mutual among its clients. It employs 18 people and has 4,500 individual and business customers.
That’s not what makes the outfit remarkable. The startling feature of this business is that it has been structured to be a model accounting firm of the next decade. Even more remarkable is the fact that the couple both hail from rural areas where thoughts of the future tend to be about survival rather than blazing new trails.
Last week, they made their first trip out of the country, to attend Xerocon London 2019. This 2-day conference, hosted by the world’s fastest growing accounting software maker, Xero, attracted more than 3,000 delegates from the United Kingdom, Europe Middle East and Africa. A total of 57 Xero partners and users, mostly from accounting practices or suppliers to accountants, made the trek from South Africa.
“It was really about seeing how other accountants on other continents operate in terms of how they think and where their headspace is at,” Buchule told us during Xerocon. “Also, being our first time out of the country, it was to see the culture of other small businesses outside of South Africa.
“London’s quite different in that regard, but it’s been a really a great learning curve, and we were pleasantly surprised to find elements that look like South Africa, where we can say, at least you’re doing something right. The banking environment is quite unique, as it’s been a really good learning curve in terms of where banking might go to in the future of South Africa if they follow the same trend.”
Buchule comes from the “dusty streets” of Uitenhage in the Eastern Cape, while Sivenathi grew up on a farm in a deep rural area near Mthatha.
“I had no idea about technology or the rest of the world or how it could impact the economy in general,” she said. The two met at the University of Cape Town, where she was studying to be an actuary, and he completed a Masters degree in tax. She decided to put actuarial science behind her, however, when the opportunity arose to join Buchule’s business. But her skills helped transform the business.
Said Buchule: “When Sivenathi came on board we did the modeling of the business, and we said that in order to in order to automate the whole bookkeeping journey, we would need to turn closer and closer towards ‘x’, meaning fully automated bookkeeping. We looked at the journey of how long it will it take for us to get to time ‘x’. And then we said, OK, once we get there, what then?
“It was a big realization that when we do get to time ‘x’, the most important thing will be the human touch. That will be the differentiator. So we then spent our time developing that.”
Visit the next page to read more about the Xerocon 2019 event.
Takealot reveals startling numbers for Black Friday
Takealot has revealed startling numbers for expected bumper sales this holiday season, beginning next week, and peaking with Black Friday.
South Africa’s leading ecommerce group expects to ship at least one order every second, with roughly 10,000 boxes leaving their warehouses every hour, this shopping season.
Black Friday was first introduced to South Africa by Takealot in 2012, and has since become an important day in South Africa’s annual retail calendar. It has been a record-breaker for both retailers in the Takealot Group: Takealot and Superbalist. Takealot’s Black Friday gross merchandise value (GMV) grew 125% from 2017 to 2018, with orders up 127%. Superbalist’s Black Friday GMV has grown on average around 50%. This year, CEO Kim Reid is anticipating the biggest Black Friday yet, a culmination of months of tech and operational business-wide focus to prepare for increased predicted traffic and shopper volumes.
ABSA bank estimates that two out of three South Africans participated in Black Friday sales in 2018. And FNB reports in 2018, Black Friday transaction volumes grew by 16% compared with 2017 and anticipates a 15% increase in transactions over the sales period in 2019.
Successfully meeting this massive growth in orders has been a key focus for the Takealot Group. CEO Kim Reid says throughout the year they have been working to scale operations across multiple areas within the business. “After expanding our Johannesburg distribution centre (DC), our warehouse storage space now stands at 75 000m2. We house over 3.7 million items at any given time, and have opened 47 Takealot Pickup Points in the Eastern Cape, Western Cape, Gauteng, Kwa-Zulu Natal, Limpopo, Free State and Mpumalanga for order collections and returns, with more to open in the coming months.”
Takealot Delivery Team delivers to more South African homes than any other courier company in the country. On a monthly basis, they carry out over 1.6-million deliveries, with this number expected to increase to over 2-million during the shopping season. More than 4,500 drivers currently deliver for the Takealot Delivery Team; a number that is growing every month. The Takealot group anticipates they’ll travel over 4,000 000km from Black Friday until 24 December. “To put that in context, it is the equivalent of circumnavigating the globe over 100 times” says Reid.
Takealot.com’s Blue Dot Sale is a five day sale period which starts on Black Friday (29 November) and sees a range of new deals throughout the weekend as well as on Cyber Monday (2 December) and Takealot Tuesday (3 December), with up to 60% off thousands of items. For the first time, takealot.com will also be giving their shoppers early access to some of its Black Friday deals, starting on 24 November. Fresh new app-only deals will be added daily.
The Superbalist Showdown will run from 29 November to 3 December, with up to 70% off more than 15 000+ items. Superbalist shoppers will also have early access to Black Friday deals on selected days throughout November, with Superbalist’s Black Friday Spoilers – 24 hours to shop deals that they say won’t be beaten on Black Friday.