Cyber crime in South Africa - top of the agenda for CFOs
When it comes to cyber security, South African businesses are ill-equipped to deal with emerging cyber security threats, according to Nathan Desfontaines, Cyber Security Manager at KPMG.
According to Nicolaas van Wyk, SA Institute for Business Accountants' (SAIBA) CEO and International Association of Finance Executives Institutes (IAFEI) Board member, the recent scam involving Standard Bank and the loss of 300 million rand has sent shocked the CFO community. Cybercrime has therefore moved up the agenda of the global CFO Council meeting being held in November in Cape Town.
“Cyber criminals have increased their attacks on SA companies, but company strategies have lagged behind in terms of preparing for emerging threats. The rate of change with regards to cyber-related risk is accelerating rapidly, increasing the security gaps organisations must contend with, and leaving them more exposed than ever before,” states Desfontaines.
“The matter of securing systems and databases is a technical issue, but CFOs should still be knowledgeable of where potential attacks can come from. Cyber attacks could cost a company hundreds of thousands and even millions of rands, directly impacting the bottom-line,” continues Desfontaines, who will be speaking at the upcoming World CFO Congress taking place in Cape Town during November 2016.
According to the South African Banking Risk Information Centre (SABRIC), South Africans lose in excess of 2.2 billion rand annually to internet fraud and phishing attacks. On a business level, Desfontaines elaborates on the cost associated with a security breach: “A study conducted by IBM and the Ponemon Institute released in July this year indicates that the total average organisational cost of a data breach for the 19 companies represented in the research is 28.6 million rand. The largest cost component identified was lost business at an average of 10.55 million rand, while the smallest cost component was notification at 560 000 rand on average. In South Africa the average cost of a data breach is 1 548 rand per record, with a total organisational cost of 28.6 million rand.”
“It is evident that the financial implications of a breach in cyber security could have a devastating impact on the bottom line, and CFOs need to pro-actively manage this risk. For this reason, the role of the CFO in terms of cyber security is one of the key topics that will be addressed by KPMG, who are also a Gold Sponsor, at the upcoming World CFO Congress,” comments Van Wyk.
Although cyber security breaches cannot always be prevented, Desfontaines explains that there are measures that can be taken to minimise the likelihood of a breach:
- Stop incursion by targeted attacks: The top four means of hacker incursion into a company’s network are through exploiting system vulnerabilities, default password violations, SQL injections and targeted malware attacks. To prevent incursions, it is necessary to shut down each of these avenues into the organisation’s information assets.
- Identify threats by correlating real-time alerts with global intelligence: To help identify and respond to the threat of a targeted attack, security information and event management systems can flag suspicious network activity for investigation. The value of such real-time alerts is much greater when the information they provide can be correlated in real-time with current research and analysis of the worldwide threat environment.
- Proactively protect information: In today’s connected world, it is no longer enough to defend the perimeter. One must accurately identify and proactively protect your most sensitive information wherever it is stored, sent, or used. By enforcing unified data protection policies across servers, networks and endpoints throughout the enterprise, you can progressively reduce the risk of a data breach.
- Automate security through IT compliance controls: To prevent a data breach caused by a hacker or a malicious insider and protect sensitive information, organisations must start by developing and enforcing IT policies across their networks and data protection systems.
- Integrate prevention and response strategies into security operations: In order to prevent data breaches, it is essential to have a breach prevention and response plan that is integrated into the day-to-day operations of the security team, which will enable them to continuously improve their strategy and progressively reduce risk, based on a constantly expanding knowledge of threats and vulnerabilities.
To put these measures in place, financial investments in improved cyber security by business will need to be made. “Cyber security is a global threat that needs to be prioritised by all CFOs, who are ultimately responsible for safeguarding the cash and resources of the business. As a community we need to declare war on cyber threats as it can ruin global trade. We cannot allow criminals to prevent the free flow of goods and services, and a safe environment is needed to build the world economy. That is why the local division of the CFO Council will present to the World CFO Congress a plan of action for a uniform approach to fighting cybercrime,” comments Van Wyk
"More than 300 international CFOs, Finance Managers and Controllers, from public and private organisations, will meet and discuss this important topic facing not only South Africa, but the global financial landscape,” says Armand Angeli, President IAFEI, EMEA. Interested delegates can register for the Congress by visiting www.iafeiworldcongress.com.