Banks in South Africa
There are no specific laws or guidelines for cybersecurity governance of banks in South Africa. The newly released King IV Corporate Governance Report provides limited guidance for managing cybersecurity risks. The Cybercrime and Cybersecurity Bill, which is expected to be introduced in parliament later this year, also does not provide governance guidelines. In the absence of specific guidelines, the country’s banking sector should consider aligning with the G7 guidelines.
Cost of cyber-attacks
The frequency and severity of cyber-attacks have grown, costing consumers $158bn in 2015, according to Cybersecurity Ventures research. They predict that global cybersecurity costs will grow to $6trn annually by 2021 and these will include:
- Damages and destruction of data
- Fraud, embezzlement, theft of money, intellectual property and personal and financial data
- Business interruption and costs associated with loss in productivity, restoring and deleting hacked data systems and post-attack disruptions
So serious is the threat that the US president Barack Obama declared a national state of emergency to deal with cybercrime, which is to national borders and can originate anywhere in the world.
The spectacular cyber-heist on the Bangladesh Bank in 2016 resulted in theft of $81m, and was the largest hack on a bank to date. The forensic investigation revealed that malware was installed within the bank’s system some time prior to the hack. The malware gathered information on all the bank’s operational procedures, allowing the theft.
Eight key elements in the new guidelines
- Cybersecurity strategy and framework
Financial sector entities must establish and maintain a cybersecurity strategy and framework tailored to specific cyber risks, in line with international, national, and industry standards and guidelines.Such a strategy should specify how to identify, manage, and reduce cyber risks effectively in an integrated and comprehensive manner. These should be tailored to the nature, size, complexity, risk profile, and culture of the business.
The roles and responsibilities of personnel implementing, managing, and overseeing the framework should be clearly defined to ensure accountability; and provide adequate resources, appropriate authority, and access to the governing authority.Boards or oversight bodies of both private entities and government should establish the tolerance of their organisation to cyber-attack, and oversee the design, implementation, and effectiveness of related cybersecurity programmes.
- Risk and control assessment
Ideally, as part of an enterprise-risk management programme, entities should evaluate the inherent cyber risk presented by the people, processes, technology, and underlying data that support each identified function, activity, product, and service. In addition to evaluating its own cyber risks, the risk the organisation presents to others and the financial sector as a whole should also be considered. Government entities should also investigate their points of weakness and put the necessary protective measures in place.
Systematic monitoring processes need to be established to rapidly detect cyber incidents and these should be tested regularly through audits and exercises. Depending on the nature of an entity and its cyber-risk profile and control environment, the guidelines advise that the testing process be carried out by independent auditors.
As part of their risk and control assessments, entities should implement incident response policies. Among other things, these controls should clearly address decision-making responsibilities, define escalation procedures, and establish processes for communicating with internal and external stakeholders. Exercising protocols within and among entities and public authorities contributes to more effective responses. Therefore cyberattacks should be publically reported to create an awareness of the nature of the threat within the industry, even though many enterprises fear that doing so could create distrust among their clients.
Resume operations responsibly, while allowing for continued remediation, including by (a)eliminating harmful remnants of the incident; (b) restoring systems and data to normal and confirming normal state; (c) identifying and mitigating all vulnerabilities that were exploited; (d) remediating vulnerabilities to prevent similar incidents; and (e) communicating appropriately internally and externally.Once operational stability and integrity are assured, prompt and effective recovery of operations should be based on prioritising critical economic and other functions and in accordance with objectives set by the relevant public authorities.
- Information sharing
Sharing reliable, actionable cybersecurity information with internal and external stakeholders and beyond on threats, vulnerabilities, incidents, and responses will enhance defences, limit damage, increase situational awareness, and broaden learning. Threat indicators or details on how vulnerabilities were exploited, allows entities to remain up-to-date in their defences and learn about emerging methods used by attackers. It deepens the collective understanding of how attackers may exploit sector-wide vulnerabilities that could potentially disrupt critical economic functions and endanger financial stability. Given its importance, entities and public authorities should identify and address impediments to information sharing.
- Continuous learning
Cyber threats and vulnerabilities evolve rapidly, as do best practices and technical standards to address them. The composition of the financial sector also changes over time, as new types of entities, products, and services emerge, and third-party service providers are increasingly relied upon. Entity-specific, as well as sector-wide, cybersecurity strategies and frameworks need periodic review and update to adapt to changes in the threat and control environment, enhance user awareness, and to effectively deploy resources.Other sectors, such as energy and telecommunications, present external dependencies; therefore, entities and public authorities should consider developments in these sectors as part of any review process.
AI Media Group launches The Deal Room – Africa’s first AI-focused, free investment matchmaking service
The AI Media Group has launched The Deal Room, Africa’s first artificial intelligence (AI) focused, free investment matchmaking service which aims to connect African AI focused startups to interested investors and venture capitalists (VCs).
AI Media Group is the publisher of AI and Data Science quarterly magazine Synapse, the AI TV YouTube channel, as well as the curator and organiser of AI Expo Africa — Africa’s largest B2B / B2G trade-focused AI, Robotic Process Automation and Data Science conference — which has been a great success over the last three years.
The annual expo has seen AI Media Group amass a database of over 1000 companies, most of which are Africa-based tech startups, scale-ups or small and medium sized businesses. The company has regularly been asked by some of these firms to make introductions to investors and also observed the challenges faced by startups, such as access, transparency, intermediaries and fees.
Although AI Media Group has been able to connect some of these companies with investors in the past, the number of requests have been on the rise and the firm now wants to improve on this service in terms of scale, process formalisation and automation through the launch of The Deal Room.
The Deal Room will be hosted on the AI Expo Africa domain — www.aiexpoafrica.com — which is a popular platform for Africa’s Fourth Industrial Revolution (4IR) community with over 3 million hits a year allied to a vibrant LinkedIn Group with more than 4 000 members. The Deal Room’s primary aim will be to direct 4IR, AI and smart tech companies seeking funding to investors, VCs and organisations who are interested in backing firms in this rapidly growing sector.
The Deal Room has attracted six launch investment partners, namely; Cirrus AI, Cape AI Ventures, Knife Capital, E4E Africa, Britegaze & Intelligent Impact, with more set to join in the coming months.
Nick Bradshaw, CEO AI Media Group and co-founder of AI Expo Africa explained, “The main idea behind The Deal Room platform is to facilitate rapid matchmaking between an investor and 4IR / AI focused startups and scale-ups that align with the firm’s stage of growth. It’s often a minefield to find the right investor so we curated a group of like minded investors that are interested in this space or who have a track record of similar investments to date. This is a long awaited value add service for our community with no strings attached, no “middleman” and total transparency.”
The Deal Room’s launch investors cover a broad spectrum of the investment lifecycle and include; Cirrus AI CEO Gregg Barrett; Cape AI Ventures co-founder Pieter Boon; Knife Capital co-managing partner Andrea Bohmert; E4E Africa Ventures principal Bakang Komanyane; Britegaze CEO Reshaad Sha, and Intelligent Impact founder Aunnie Patton Power.
Sha stated, “BriteGaze Fund One’s primary purpose is to assist AI businesses to accelerate their growth in South Africa and across the African continent through the provision of growth funding and advisory services to expand into new verticals as well as new geographies.”
Boon stated, “We expect that the Deal Room could be a catalyst for startups in Africa!”
Power stated, “There is such a need for greater transparency for startups that are raising capital. We are excited to have this tool available to the market!”
Bohmert stated, “Investing in companies who solve real world problems applying deep AI capabilities is what we are looking for. We are very excited about The Deal Room and its ability to match startups with investors, embracing a partnership journey that is equally more about substance and less about the hype”.
Komanyane stated, “The Deal Room will help us identify new 4IR-focused companies that align with our investment goals in this sector, its a great innovation for the Africa tech scene and one we are proud to be associated with”
Download BAO E-MAGAZINE
Barrett stated, “The Deal Room by AI Media Group will assist in the development of Africa’s AI ecosystem and is therefore an initiative that we are enthused to support and participate in.”
Bradshaw concluded, “The Deal Room’s biggest selling point is there is no complicated paperwork, costs or loss of equity for companies looking to use the platform. They simply answer a set of confidential questions on the nature of their investment needs, details about their company, products or services and the AI Media Group then passes them on to the most appropriate investor(s). Just like internet dating, our goal is to make a perfect match and speed up the process of investment capital flowing into the African 4IR tech sector. We can’t wait to see the results!”
Startups and scale-ups looking to submit their requests for funding can do so via The Deal Room online submission process HERE
How Non-Techies Are Breaking Into Tech Jobs
Image credit: Tasnim Shamma/WABE
Technology startups are at the forefront of innovation. However, while there are plenty of opportunities to influence technological growth, many people lack the necessary training to succeed. This means people need to attend training programs designed to help acquire the skills needed to break into careers in tech. Many college graduates were prepared for jobs that no longer exist or will soon become antiquated.
A 2017 report by McKinsey found that around 50% of current work activities are “technically automatable”. With this in mind, the reason is clear why so many regular people are starting to consider jobs in technology.
Whatever statistic you want to use, one thing is for certain: millions of workers are vulnerable to automation, and many future jobs are in the technology industry.
As automation continues to take hold and disrupt new markets, there are a number of available programs to support people who want to transition into the tech industry. This article will discuss the three main paths being used to support workers in their transition: coding bootcamps, upskilling, and reskilling.
Coding Bootcamps as a Training Method
Coding bootcamps are short-term, intense training programs focusing on employment. Whereas college is focused on teaching a wide range of theoretical knowledge which builds the foundation for a career in Computer Science, coding bootcamps have one specific focus: to help people find jobs in tech.
A recent report on the bootcamp market found that 33,959 people graduated from coding bootcamp in 2019 alone, a 4.38% increase from the previous year.
Coding bootcamps, which have been around for about a decade, have grown in popularity because they promise to help people pursue specific careers in technology.
Bootcamps often position their courses in fields such as Data Sciencea and Web Development, both of which are expected to realize strong growth in the coming decades. Also, bootcamps bundle services such as career support and hiring partnerships together with offerings. These services assist people in their transition from a training program to a job.
Learning New Skills Through Upskilling
Often, a worker will be in a stable field but needs additional training to keep up with technological changes. For instance, a retailer may need to be trained in a few Sales tracking tools, or an Engineer may need to learn a new programming language. This type of training, called upskilling, is an important part of workforce training.
Upskilling refers to when people learn about new technologies to help them stay viable. While a particular job may not be directly affected by automation, new technologies have emerged, allowing employees to be more productive and efficient.
Many companies looking to largely incorporate technology in their business have in-house upskilling initiatives. The Guardian Life Insurance Company, for instance, is training its workforce in new technology like sensors used to improve underwriting and risk management procedures.
Upskilling allows people who work in more traditional roles – like Marketing, Business Development, Sales, and Payroll – gain exposure to new tech ideas, and may act as a springboard to further training opportunities. For instance, a marketer may be trained in how to use SQL to analyze campaign data. Also, after finishing an upskilling program, an employee may decide to commit to pursuing a career in tech, capitalizing on the skills acquired during training.
Reskilling Existing Workers
There is another training option in addition to coding bootcamps and upskilling which has become popular among technical training programs in recent years: reskilling programs. Reskilling programs are initiatives where a business invests in its workers and help build the skills employees need to remain viable.
In contrast to bootcamps, reskilling programs are designed for workers whose job is at risk of automation. An employer will create a training program in a field of growth within their business–the Cloud, for example–and offer some workers the opportunity to retrain in a new field. AT&T, for example, is investing $1 billion in workforce retraining. The telecom giant did so after learning only half of their employees had the skills needed to be protected from automation.
Reskilling programs have grown in popularity because they allow businesses to simply retrain existing employees instead of hiring a new workforce. Often, companies will work with external training providers such as Udacity to design a reskilling program and offer to retrain any employee whose job is likely to soon become obsolete.
Reskilling programs offer dedicated workers an opportunity to stay with a company while being trained for a job in tech. This is an especially worthy proposition for workers who do not want to invest months training beyond work hours. With a reskilling program, a worker can stay with an employer – and earn a paycheck – while being trained in the new skills they need.
Each training method mentioned above has the potential to support people who are breaking into tech from non-technical backgrounds. Upskilling, coding bootcamps, and reskilling options are only three of the many workforce training options being explored. Apprenticeships and education-as-a-benefit, among other programs, are being seen as additional ways for workers to gain new technical skills.
Automation presents a threat to millions of workers, but jobs in techare likely to keep growing and provide job security. But before workers can get a job in tech, they need to find the training, and that’s where coding bootcamps, upskilling, and reskilling have become crucial in the workforce development puzzle.
Blockchain breakthroughs in Africa signal enterprise adoption readiness
Technological breakthroughs such as blockchains and distributed ledger technologies are digital infrastructures that enable innovation. Businesses across the globe are already benefiting from blockchain-based technologies which are predicted to create over $3 trillion in business value by 2030 according to Gartner. Despite the huge potential, CIOs overestimate the capabilities and short-term benefits of blockchain technology to help them meet business objectives which creates unrealistic expectations when it comes to assessing offerings from blockchain platform vendors and service providers.
Companies such as IBM were early adopters of blockchain. “We have used it now to solve issues with the management of our supplier ecosystem and, most recently, we are working to use the technology to improve the way in which we onboard and manage the suppliers we work with (known as the Trust Your Supplier),” said Anthony Butler, IBM’s leader and CTO for blockchain services in Africa and Middle East.
Aligning blockchain projects to fit the overall business strategy of an organisation is key for companies looking to pursue blockchain-based implementations. “We are led by the market and we will build whatever capabilities we need in order to address market demand. We see a lot of companies now wanting to implement blockchain networks at scale so helping them with this, as well as the associated business challenges, is a core part of our strategy. “We are seeing customers who look to us, the general contractor, for convening blockchain networks across different countries, industries, and technologies,” said Butler.
There are also increasing opportunities to create even more value by applying AI and IoT to blockchain networks. This is also an area of focus for companies like IBM. For example, integrating sensors with a blockchain network to gather real time and immutable data on the temperature and conditions under which a product has been transported through a cold chain; or using AI to make predictions based on the data that is sourced via the blockchain network. “There are many emerging cases now and our research organisation is focused on what comes next so we are looking at the implication of quantum or how technologies such as crypto-anchors can be used to further strengthen supply chains with blockchain for example,” Butler explained.
The role of Cloud in implementations of blockchain solutions for African enterprises
African based companies are making blockchain technological implementations. “We completed the Cranberry Cognitive Operational Management Engine which provides the most relevant real-time business service and operational data to the relevant individuals and business units across all service levels of client organisations through interactive dashboards,” said Stin Mulunda, CIO at Cranberry AB. The company has delivered a future-proof business management system which will run optimally 24/7 by leveraging all aspects and elements of data and the environment to ensure an accurate understanding of current realities and how to enhance the future. “We are now able to provide businesses with:
- A single version of the truth through the implementation of smart contracts and the Business Node Consensus Ledger (BNCL);
- Real-time and predictive SLA compliance with bottleneck and business node identification;
- Customer, human resource, provider and operational trend analysis.
The scalability and reduction of total cost of ownership as energy consumption, system upgrades, hardware and software updates as well as infrastructure expert remuneration costs are axed from business expenses upon migration to cloud. The other benefit associated with cloud-based infrastructure is the myriad of software solutions which are compatible with an environment with the option to deploy remotely.
“Agility and service optimisation have become an essential trait for survival for businesses in every sphere of the economy, this has led to the mass adoption of enabling technologies such as artificial intelligence, blockchain and IoT which are all fundamentally cloud-based (distributed infrastructure),” said Mulunda. Cloud platforms such Microsoft Azure, Google Cloud and AWS offer businesses the ability to leverage world-class infrastructure, artificial intelligence capabilities as well as blockchain and IoT solutions.
Cloud, automation, AI, machine learning, blockchain and advanced analytics are just some of the innovations being speedily implemented worldwide to combat business disruption. “The Cranberry Operational Engines’s machine learning and natural language processing algorithms provide organisational correlative analytics on all events, transactions and interactions across all business units and their underlying internal and external resources,” said Mulunda. “The business interaction module harnesses node data to calculate the business proficiency of all business units, individual human resources, and client interactions to provide business leaders a full view of the organization’s performance against set objectives, SLAs and targets at any given time.
This brings the unprecedented possibility to observe and predict current and future organisational efficiency, achievements, profitability, client sentiment, and customer experience by creating a seamless flow of information across internal and external business environments as is the case with a client such as Afrocentric, thereby future-proofing of every aspect of an organisation’s operations.”
“We’re currently in the final phase of the development of our neural analytic dashboards which will harness the Engine’s machine learning capabilities to provide executives with accurate real-time organizational correlative analytics,” Mulunda explained. These dashboards are programmed to analyse the most important/relevant metrics and KPIs to provide summarized intelligence on all events (i.e new customer vs returning customers, human resource punctuality vs revenue vs expenditure per province, store type, etc).
Written by: Heath Muchena, founder of Proudly Associated. Heath works with international companies looking to launch products and services in African markets. He is also the brains behind Block Patrol – a technology adoption and business development startup that pushes the value of advanced tech upstream. He is also the author of 15 books ranging from tech, political economy, business and finance.