Cyber crime in South Africa - top of the agenda for CFOs
When it comes to cyber security, South African businesses are ill-equipped to deal with emerging cyber security threats, according to Nathan Desfontaines, Cyber Security Manager at KPMG.
According to Nicolaas van Wyk, SA Institute for Business Accountants' (SAIBA) CEO and International Association of Finance Executives Institutes (IAFEI) Board member, the recent scam involving Standard Bank and the loss of 300 million rand has sent shocked the CFO community. Cybercrime has therefore moved up the agenda of the global CFO Council meeting being held in November in Cape Town.
“Cyber criminals have increased their attacks on SA companies, but company strategies have lagged behind in terms of preparing for emerging threats. The rate of change with regards to cyber-related risk is accelerating rapidly, increasing the security gaps organisations must contend with, and leaving them more exposed than ever before,” states Desfontaines.
“The matter of securing systems and databases is a technical issue, but CFOs should still be knowledgeable of where potential attacks can come from. Cyber attacks could cost a company hundreds of thousands and even millions of rands, directly impacting the bottom-line,” continues Desfontaines, who will be speaking at the upcoming World CFO Congress taking place in Cape Town during November 2016.
According to the South African Banking Risk Information Centre (SABRIC), South Africans lose in excess of 2.2 billion rand annually to internet fraud and phishing attacks. On a business level, Desfontaines elaborates on the cost associated with a security breach: “A study conducted by IBM and the Ponemon Institute released in July this year indicates that the total average organisational cost of a data breach for the 19 companies represented in the research is 28.6 million rand. The largest cost component identified was lost business at an average of 10.55 million rand, while the smallest cost component was notification at 560 000 rand on average. In South Africa the average cost of a data breach is 1 548 rand per record, with a total organisational cost of 28.6 million rand.”
“It is evident that the financial implications of a breach in cyber security could have a devastating impact on the bottom line, and CFOs need to pro-actively manage this risk. For this reason, the role of the CFO in terms of cyber security is one of the key topics that will be addressed by KPMG, who are also a Gold Sponsor, at the upcoming World CFO Congress,” comments Van Wyk.
Although cyber security breaches cannot always be prevented, Desfontaines explains that there are measures that can be taken to minimise the likelihood of a breach:
- Stop incursion by targeted attacks: The top four means of hacker incursion into a company’s network are through exploiting system vulnerabilities, default password violations, SQL injections and targeted malware attacks. To prevent incursions, it is necessary to shut down each of these avenues into the organisation’s information assets.
- Identify threats by correlating real-time alerts with global intelligence: To help identify and respond to the threat of a targeted attack, security information and event management systems can flag suspicious network activity for investigation. The value of such real-time alerts is much greater when the information they provide can be correlated in real-time with current research and analysis of the worldwide threat environment.
- Proactively protect information: In today’s connected world, it is no longer enough to defend the perimeter. One must accurately identify and proactively protect your most sensitive information wherever it is stored, sent, or used. By enforcing unified data protection policies across servers, networks and endpoints throughout the enterprise, you can progressively reduce the risk of a data breach.
- Automate security through IT compliance controls: To prevent a data breach caused by a hacker or a malicious insider and protect sensitive information, organisations must start by developing and enforcing IT policies across their networks and data protection systems.
- Integrate prevention and response strategies into security operations: In order to prevent data breaches, it is essential to have a breach prevention and response plan that is integrated into the day-to-day operations of the security team, which will enable them to continuously improve their strategy and progressively reduce risk, based on a constantly expanding knowledge of threats and vulnerabilities.
To put these measures in place, financial investments in improved cyber security by business will need to be made. “Cyber security is a global threat that needs to be prioritised by all CFOs, who are ultimately responsible for safeguarding the cash and resources of the business. As a community we need to declare war on cyber threats as it can ruin global trade. We cannot allow criminals to prevent the free flow of goods and services, and a safe environment is needed to build the world economy. That is why the local division of the CFO Council will present to the World CFO Congress a plan of action for a uniform approach to fighting cybercrime,” comments Van Wyk
"More than 300 international CFOs, Finance Managers and Controllers, from public and private organisations, will meet and discuss this important topic facing not only South Africa, but the global financial landscape,” says Armand Angeli, President IAFEI, EMEA. Interested delegates can register for the Congress by visiting www.iafeiworldcongress.com.
GfK and VMware: Innovating together on hybrid cloud
GfK has been the global leader in data and analytics for more than 85 years, supplying its clients with optimised decision inputs.
In its capacity as a strategic and technical partner, VMware has been walking GfK along its digital transformation path for over a decade.
“We are a demanding and singularly dynamic customer, which is why a close partnership with VMware is integral to the success of everyone involved,” said Joerg Hesselink, Global Head of Infrastructure, GfK IT Services.
Four years ago, the Nuremberg-based researcher expanded its on-premises infrastructure by introducing VMware vRealize Automation. In doing so, it laid a solid foundation, resulting in a self-service hybrid-cloud environment.
By expanding on the basis of VMware Cloud on AWS and VMware Cloud Foundation with vRealize Cloud Management, GfK has given itself a secure infrastructure and reliable operations by efficiently operating processes, policies, people and tools in both private and public cloud environments.
One important step for GfK involved migrating from multiple cloud providers to just a single one. The team chose VMware.
“VMware is the market leader for on-premises virtualisation and hybrid-cloud solutions, so it was only logical to tackle the next project for the future together,” says Hesselink.
Migration to the VMware-based environment was integrated into existing hardware simply and smoothly in April 2020. Going forward, GfK’s new hybrid cloud model will establish a harmonised core system complete with VMware Cloud on AWS, VMware Cloud Foundation with vRealize Cloud Management and a volume rising from an initial 500 VMs to a total of 4,000 VMs.
“We are modernising, protecting and scaling our applications with the world’s leading hybrid cloud solution: VMware Cloud on AWS, following VMware on Google Cloud Platform,” adds Hesselink.
The hybrid cloud-based infrastructure also empowers GfK to respond to new and future projects with astonishing agility: Resources can now be shifted quickly and easily from the private to the public cloud – without modifying the nature of interaction with the environment.
The gfknewron project is a good example – the company’s latest AI-powered product is based exclusively on public cloud technology. The consistency guaranteed by VMware Cloud on AWS eases the burden on both regular staff and the IT team. Better still, since the teams are already familiar with the VMware environment, the learning curve for upskilling is short.
One very important factor for the GfK was that VMware Cloud on AWS constituted an investment in future-proof technology that will stay relevant.
“The new cloud-based infrastructure comprising VMware Cloud on AWS and VMware Cloud Foundation forges a successful link between on-premises and cloud-based solutions,” says Hesselink. “That in turn enables GfK to efficiently develop its own modern applications and solutions.
“In market research, everything is data-driven. So, we need the best technological basis to efficiently process large volumes of data and consistently distill them into logical insights that genuinely benefit the client.
“We transform data and information into actionable knowledge that serves as a sustainable driver of business growth. VMware Cloud on AWS is an investment in a platform that helps us be well prepared for whatever the future may hold.”