South Africa’s retail organisations, particularly on-line stores, could expect a significant ramp-up in cybercrime ahead of the holiday season. This is the warning from Deon Smal, CEO of Cyber Insight, a Cape-based cyber security assessment firm.

“While data breaches increased alarmingly during the height of the Covid-19 pandemic, organisations - particularly those in the ecommerce sector - can expect a ‘tsunami’ of new attacks as the festive season approaches,” he cautions. “This is as a result of intensified on-line shopping activity which creates more opportunities for cyberattacks.” Smal notes that many companies that supported work-from-home employees during the pandemic – and possibly continue to accommodate a hybrid workforce - have had to take short-cuts in terms of security to rapidly protect sensitive data which is accessed on-line.

“These ‘quick-fixes’ are now leaving these organisations vulnerable to increasingly sophisticated cyber threats. They should be addressed as a matter of urgency,” he says. According to Smal, the most common threat facing SA companies is a ransomware attack, in which criminals encrypt files and then demand a ransom to restore access.

He says that globally, ransomware is viewed as the most malicious of the numerous malware models that were experienced this year. “Smal encourages organisations, of all sizes, to accurately and comprehensively assess their cyber security positions. This will expose possible vulnerabilities which could result in breaches of security within the corporate infrastructure. This includes basic facilities, structures and services on which businesses rely.

“They should also consider penetration testing to prove the existence and determine the extent of their weaknesses before committing to a definitive security solution to ensure that it offers an appropriate level of protection against the most evolved threats and determined cyber-criminals,” he adds.

Cyber Security is non-negotiable! Cyber-attacks can affect businesses and individuals in a professional, or personal capacity, with disastrous consequences. While October is National Cyber Security Awareness Month, the seriousness of cyber-crime should always take precedence; particularly in companies where a ‘work-from-anywhere’ culture is the order of the day.

Did you know?

Malware – It has been estimated, that South African businesses suffer 577 malware attacks every hour via online communications. Malware is malicious software such as a virus, worm, spyware, ransomware etc., which are designed to steal information and disrupt or damage a network.
Phishing & Social Engineering – A Mimecast report found that social engineering tactics through phishing increased by 64% in 2020. Phishing is fraudulent emails aimed at getting the receiver to click on a link or download malware. Social engineering refers to the communication tactics a hacker uses to interact with a cyber victim (via telephone, email or social media) and persuades the person into sharing sensitive information, clicking on a link or downloading a file.
Ransomware – The same Mimecast report found that 6 out of every 10 companies experienced a ransomware attack last year. Ransomware is malware that gains access to sensitive information, encrypts it and then sets a ransom amount for the release of said information.
South Africa is a hacker hotspot – Hackers focus a lot of their attention on South Africa, taking advantage of internet users who have a lack of online security awareness. We experience the third highest number of attacks in the world, losing R2.2-billion every year.
The Protection of Personal Information Act (POPIA) holds you accountable – Companies have a responsibility towards their online customers and are required to follow certain protocols to ensure the protection of their personal information. When a company is successfully hacked the business not only suffers financial losses and a tarnished reputation but will also be liable to legal action.

The biggest treat

Securing a company’s network is only part of the solution. Due to cyber-attacks becoming more highly organised and sophisticated, and working-from-home (WFH) on the increase, employees have become a company’s weakest and biggest cyber security risk. According to the 2021 Data Breach Investigations Report (DBIR) 85% of data breaches involve a human element such as phishing, stolen credentials or human error.

Lastpass, an encrypted password manager recently released research done on the password habits of 3750 professionals across seven countries. The Psychology of Passwords research results found that:

65% of respondents use the same or a variation of their password for most accounts;
only 8% think it’s not a good idea to use a password that’s personal to them; and
20% share pictures of their pets with their names on social media even though they use their pet names as passwords.

Even more alarming is that since working remotely, 47% did not change their online security habits whatsoever.

All it takes is one employee’s bad judgement to bring an entire organisation’s defence to its knees. Employees’ online behaviour is therefore a notable threat to businesses, and ongoing cyber security awareness is a must.

Domains.co.za takes cyber security seriously

“It is essential to appoint a cyber security officer that will help set-up and drive your company’s cyber security strategy,” says Laura Kruger, head of client operations at Domains.co.za

“We believe that the best way to combat this threat is to implement on-going training sessions and using practical, real-world examples. An employee who knows what to look out for will be more prepared when suspicious activity occurs. The best and most sophisticated software and scanners are useless if a company neglects to educate its employees. You are only as strong as your weakest link,” she adds.

Next week we will share practical tips for businesses and employees to better prepare against this growing concern.

Follow us on Facebook, Instagram and LinkedIn to receive helpful cyber security tips during our 10 Days of Cyber Security Awareness social media campaign.

Domains.co.za is a domain name and website hosting company based in Johannesburg. We offer various value-added solutions to help our customers succeed online. Our domain validated and organisation validated SSL certificates can help your business secure its website and our ESET Anti-Virus solutions provide device protection.

Learn more about our products and services, here.

Keeping abreast of technology changes affecting the banking landscape is tough. From AI and machine learning to mobile, fintechs, digital, data, cloud and many more, new developments are happening all the time.One option in making things a little bit easier to understand is to attend TCI’s upcoming BankTech Southern Africa 2020 Conference.

The BankTech 2020 conference is the only event in SA which will address the pitfalls of legacy systems and empower attendees with the right set of insights to negotiate dealing with and improving legacy systems without impacting on operations.

This event is taking place on 26 & 27 February 2020 at the Indaba Hotel, Fourways, Johannesburg will feature close to 30 top speakers, eight sessions and a panel discussion. Attending this event will provide the ideal platform to attendees to get the latest news regarding technology developments – both locally and international.

Here are a few topics to be addresses at this event:

• Digital implementation within finance
• Why technology adoption is mandatory
• Disruption of fintechs in the financial industry
• Using behavioural economics to increase the uptake of digital banking platforms
• Fostering business growth through open banking
• How artificial intelligence will benefit financial services
• Exploiting traditional information technology frameworks in governing new technologies
• Addressing regulatory challenges through technology
• Automating fraud detection and prevention
• Embracing cloud in emerging financial services
• Deployment of traditional payment solutions in the cloud
• Big data, analytics and technology
• Data governance implications of moving to the cloud

With more than 100 banking conferences held, Trade Conferences International has for the past 10 years become the leading banking conference organiser in South Africa. With signature events such as Mobile Banking, Payments Southern Africa, Transaction Banking, AML & Financial Crime and Big Data and Analytics in Banking, TCI became a trusted conference organiser for the financial industry.

Normal registration fee: R9 500 + VAT = R10 925 p.p 

10% group registrations (3 or more): R8 550 + VAT = R9 832.50

15% group registration (5 or more): R8 075 + VAT = R9 286.25

To register as a delegate e-mail Project Manager Bandile Ngobese on This email address is being protected from spambots. You need JavaScript enabled to view it. or This email address is being protected from spambots. You need JavaScript enabled to view it. .
Sponsorship and exhibition opportunities e-mail: Ryno van Ellewee on This email address is being protected from spambots. You need JavaScript enabled to view it. / This email address is being protected from spambots. You need JavaScript enabled to view it. or call 011 803-1553/0009.

With the current crisis of cyber-attacks and data breaches or leaks, we are faced with low rates of cyber security vigilance and high cybercrimes. Every enterprise is challenged to constantly back up their cyber security system to protect their database and information systems to avoid these data leaks and cyberattacks.

Menny Barzilay, Head of IT Audit of Bank Hapoalim described Cyber Security as “the sum of efforts invested in addressing cyber risk, much of which was, until recently, considered so improbable that it hardly required our attention,” in an article on ISACA’s Knowledge Centre. When we further define cyber risks, which is the loss or harm of information due to a cyberattack or data breach, we then see the need of efficiently protected information systems.

Data or Personal information is an extremely valuable commodity because when in the wrong hands, it is used for financial benefits by cyber criminals who participate or gain information from data breaches. The cyber criminals take the data and sell it and in return make a lot of money out of the whole data breach.

In a radio interview Mr Sizwe Snail ka Mtuze, Director of Snail Attorneys and Lex-Informatica, said “Your ID number is so Important because it identifies you, your birth date, your race, your citizenship and whole lot of other things which could be used for an unlawful purpose”, when asked why information like a person’s ID number is so important to these cyber criminals. Anyone or any organisation with confidential information in their possession is a target. How would an organisation know whether they are ready? Whether they have the enough information security? the reality is that these cyber criminals are getting smarter and more advanced in the techniques they use.

According to an article on Fin24.com, “Without a fully functional Information Regulator, these breaches will continue to occur without sanctions provided for in the Protection of Personal Information Act (POPIA)”, said Advocate Pansy Tlakula, Chairperson of the information Regulator of South Africa . Which is why organisations and individuals need to be in the business of effectively educating themselves on cyber security vigilance, cybercrime trends, data breaches and cyber law.

What are we doing as organisations to protect ourselves? What measures are we taking? What legal implications are there regarding such incidents? The assumption that cyber vigilance is the primary function of only IT, Legal, Compliance, Risk or Information Management in organisations is where the loophole in our information security is found.

Lex-Informatica SA Cyber Law and ICT workshop is focused on equipping people with necessary skills and education to guard against threats in their workplaces, homes and IoT devices.
Date: 13th and 14th September 2018
Venue: Durban Country Club
Theme: "The advancements of Information and Communication Technology Law - Cyber Law: Techniques, Risks, Legal implications and Emerging trends"
Book your seat here to be enlightened on the reality, cost and possible threats of cyberattacks to your business, personal data and other interconnected devices.

For more info please contact Ms Paballo Mokake on:
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Telephone: 0127702312

Protecting and handling confidential data has come into the limelight with the electronic boom. With multiple copies of the documents being available in electronic format, it becomes difficult to monitor their usage. Companies that misuse or inadvertently leak confidential data face multi-fold consequences ranging from lost reputation to expensive lawsuits and fines worth millions of rands.Information security training prevents security breaches that may be caused inadvertently by employees. Organisations need to consolidate and strengthen their information security strategies by establishing well laid out practices and investing in security awareness programs.Humans are often considered as the weakest connection in the information security chain.

This accusation may be circumstantially right, but it also neglects the fact that humans, if properly motivated and educated, can play an important role in reinforcing the security ecosystem.Security-conscious employees can pick up the slack, where the technology and processes fail, acting as a last resort in the security defence mechanism.According to the Information Regulator Chairperson “South Africa has experienced a disturbingly high number of material data breaches in the past few months. In addition to Liberty Holdings, there have been material data breaches at Master Deeds, Facebook and ViewFine,” Tlakula said. So training your employees on information security is very important. Such trainingReduces organisation’s risk profile: Good information security training gains confidence, trust and loyalty. It reduces the risk of devaluating the organisation’s brand.

Reduces direct and indirect costs: Strict information security training, helps cut down the expenses associated with data loss, data recovery etc., thereby reduces direct and indirect costs.Reduces technology leakage risks: There is always a possibility of making careless mistakes. Thus, in order to protect our technology from being hacked, training is necessary.

The task of safeguarding personal and business data forms the cornerstone of any company’s business. So, it should be ensured that all employees follow privacy policies in a proper manner. The companies must ensure this happens through an effective training approach.Infex Web Solutions have designed an online course in information security awareness training, touching important aspects of information security. The course explains how to identify, handle, and dispose data based on its sensitivity. The course is coupled with scenarios advising employees what they should do on facing certain situations. Effective training on the awareness of information security, could actually make you and your company more secured from the risks of information breaches. 

To find out more about the Information Security Awareness Training visit https://www.infexweb.co.za/ or email This email address is being protected from spambots. You need JavaScript enabled to view it.: 011 036 6570

“Embracing change in an era of ‘business unusual’” #ITLA18

The 9th Annual IT Leaders Africa Summit was recently hosted at the brand new, green star-rated CTICC East Wing in Cape Town on 9 & 10 May 2018. Over the past decade of existence, the event has quickly established itself as the premier gathering of CIO’s and business IT professionals on the continent. Attendees from across Africa congregated in Africa’s tech hub to share best practices, and discuss the strategic roadmap to managing the evolving challenges, opportunities and risks associated with the IT departments’ ever-increasing scope of technology implementation and its related oversight.

Brett St Clair, CEO of Siatik and renown international speaker – delivered a powerful warning to the audience; “disruption is happening incredibly quickly; especially in the IT space – there are so many technologies that are hitting IT, wave after wave – and each technology generates another wave of technology, which can be very scary as the rest of the world feels like it is doubling efficiency and leap-frogging ahead whilst we continue to lag behind in Africa – constantly having to catch up.”

A common thread shared by the audience and speakers alike was that digital transformation is turning the industry on its head, and the CIO of the future needs to be well ahead of the curve to be able to deal and effectively counter the effects of prospective disruption to organisations. Transformation was also discussed on a higher level and resulted in a robust and thought-provoking debate regarding the duty of leading IT professionals to not only upskill existing staff as opposed to looking outside for talent; attendees also challenged the IT industry as a whole to work towards the development, mentoring and nurturing of millennials and more importantly women in the IT field.

Nithen Naidoo, Managing Director of Snode, who participated in the newly introduced sponsor hot seat panel discussion, encouraged the IT industry to invest in the development of future IT practitioners as this will set organisations on a sustainable path to success, “Millennials are looking for purpose – they want what they do to mean something; they want to add to something greater than themselves - and if you give them that, your organisation will be able to attract the right kind of talent…desire and [corporate] cultural fit is really important”.

This was a sentiment shared by Jamie Whittaker, Deputy CIO at Discovery, who encouraged organisations that want to succeed where others have failed, to take an ‘out-of-the-box’ approach, “In order for organisations to be successful, they need to understand that they should embrace change – It’s not business as usual but rather business as unusual”. Whittaker further elaborated that “IT is not about technology; it’s not about apps, databases or mainframes, nor the cloud – what it’s about, is People – they are the most valuable resource – they should be mentored and nourished, when you find these individuals; they should be treated correctly from the very first interaction with your organisation. Make sure that we invest in developing our people, so that they can leave at any stage, but treat them well so that they choose to stay.” The overarching message was that, change may be scary, but it should be embraced and seen as an opportunity as opposed to a threat.

The array of IT experts present at the event discussed other critical themes which are affecting the IT profession, including improving organisational cyber resilience in a world of evolving and increasingly sophisticated cyber attacks through continuous collaboration between big companies and SME’s in order to create a sense of community around the issue of cyber security. Naidoo cautioned organisations to stop viewing cyber security protection as a grudge purchase “cyber security wins battles in boardrooms, it’s a competitive advantage”.

Harnessing the true potential of data was also on the top of everyone’s minds with Collin Mamdoo, Principal IoT Specialist at Vodacom calling for “data democratisation”, with many others echoing this sentiment and encouraging both anonymous and visible sharing of data between companies. Overall, everyone acknowledged that data analytics is a key part to business success; the question rather centers on how you put that data together; which is contextual to your environment, industry, company and maturity according to Peter du Plooy, CIO of Engen, futurist and former Visionary CIO of the Year Award recipient.“Organisations that are winning; are organisations that are doing immense amounts of data analytics – they’re understanding their broader ecosystem…their customers, understanding their business inefficiencies and they are improving all of these things”.

This was a sentiment shared by Greg Groenmeyer, Head of IT Strategy & Architecture at Sanlam, “it is important for IT to be aligned to the business agenda and the overall business strategy; IT departments must always evaluate whether anything that is introduced has a business narrative – activities must be centred around mitigating the risks or improving the bottom line”

The IT Leaders Africa Summit has been providing IT executives with practical knowledge from industry experts and thought leaders since its inception 9 years ago.  With the assistance of an advisory panel of experience C-level IT executives, the summit covered the most current trends translating business strategies into IT functions, as well as many controversial and interesting debates on the future of IT in business.

“It has been exciting to witness the growth of the event as the IT industry matures. Kinetic is committed to strengthening the IT industry across the African continent through our involvement as a key information provider and business facilitator. We are encouraged by the number of companies who have already expressed interest in anticipation of the next edition later in 2018 which will be co-hosted alongside the Afrisecure Cyber Security Summit in Johannesburg” says Terry Southam, Managing Director, of Kinetic – the conference organisers.

In closing, Whittaker cautioned attendees that “Companies need to be looking for a business strategy for the digital age; if there are companies that consider business and IT to be two separate elements; they’re ripe for disruption”. 

Follow @ITLeaders on Twitter and join the conversation using the #ITLA18 hashtag

For more information about IT Leaders Africa, visit: www.itleaders.co.za

About IT Leaders Africa
The IT Leaders Africa Summit has been providing IT executives with practical knowledge from industry experts and thought leaders since its inception 8 years ago. With the assistance of an advisory panel of experienced C-level IT executives, the summit encompasses the most current trends concerning translating business strategies into IT functions, as well as cyber security, governance, and disruptive technology. We have recruited the top IT executives in Africa to present on the issues concerning IT leaders in today’s rapidly evolving market to ensure that you are ahead of the curve. 

About Kinetic
Kinetic is an international conference and exhibition company established as a key strategic information provider to the IT and Telecoms sector, our mission is to equip senior management executives with knowledge, market intelligence and viable commercial opportunities.