Connect with us

Technology

SA banks and cybersecurity guidelines

Published

on

BY: SHARON SNELL
In a collaborative effort to improve cybersecurity in the financial sector, the G7 finance ministers and central bank governors have endorsed the G7 Fundamental Elements of Cybersecurity for the Financial Sector.
The guidelines are non-binding and represent best practice in cybersecurity. They are applicable to both public and private financial sector entities and have been designed to accommodate the size of each entity and the nature of the cyber risks and it faces.

Banks in South Africa

There are no specific laws or guidelines for cybersecurity governance of banks in South Africa. The newly released King IV Corporate Governance Report provides limited guidance for managing cybersecurity risks. The Cybercrime and Cybersecurity Bill, which is expected to be introduced in parliament later this year, also does not provide governance guidelines. In the absence of specific guidelines, the country’s banking sector should consider aligning with the G7 guidelines.

Cost of cyber-attacks

The frequency and severity of cyber-attacks have grown, costing consumers $158bn in 2015, according to Cybersecurity Ventures research. They predict that global cybersecurity costs will grow to $6trn annually by 2021 and these will include:

  • Damages and destruction of data
  • Fraud, embezzlement, theft of money, intellectual property and personal and financial data
  • Business interruption and costs associated with loss in productivity, restoring and deleting hacked data systems and post-attack disruptions

So serious is the threat that the US president Barack Obama declared a national state of emergency to deal with cybercrime, which is to national borders and can originate anywhere in the world.

The spectacular cyber-heist on the Bangladesh Bank in 2016 resulted in theft of $81m, and was the largest hack on a bank to date. The forensic investigation revealed that malware was installed within the bank’s system some time prior to the hack. The malware gathered information on all the bank’s operational procedures, allowing the theft.

Eight key elements in the new guidelines

  1. Cybersecurity strategy and framework
    Financial sector entities must establish and maintain a cybersecurity strategy and framework tailored to specific cyber risks, in line with international, national, and industry standards and guidelines.Such a strategy should specify how to identify, manage, and reduce cyber risks effectively in an integrated and comprehensive manner. These should be tailored to the nature, size, complexity, risk profile, and culture of the business.
  2. Governance
    The roles and responsibilities of personnel implementing, managing, and overseeing the framework should be clearly defined to ensure accountability; and provide adequate resources, appropriate authority, and access to the governing authority.Boards or oversight bodies of both private entities and government should establish the tolerance of their organisation to cyber-attack, and oversee the design, implementation, and effectiveness of related cybersecurity programmes.
  3. Risk and control assessment
    Ideally, as part of an enterprise-risk management programme, entities should evaluate the inherent cyber risk presented by the people, processes, technology, and underlying data that support each identified function, activity, product, and service. In addition to evaluating its own cyber risks, the risk the organisation presents to others and the financial sector as a whole should also be considered. Government entities should also investigate their points of weakness and put the necessary protective measures in place.
  4. Monitoring
    Systematic monitoring processes need to be established to rapidly detect cyber incidents and these should be tested regularly through audits and exercises. Depending on the nature of an entity and its cyber-risk profile and control environment, the guidelines advise that the testing process be carried out by independent auditors.
  5. Response
    As part of their risk and control assessments, entities should implement incident response policies. Among other things, these controls should clearly address decision-making responsibilities, define escalation procedures, and establish processes for communicating with internal and external stakeholders. Exercising protocols within and among entities and public authorities contributes to more effective responses. Therefore cyberattacks should be publically reported to create an awareness of the nature of the threat within the industry, even though many enterprises fear that doing so could create distrust among their clients.
  6. Recovery
    Resume operations responsibly, while allowing for continued remediation, including by (a)eliminating harmful remnants of the incident; (b) restoring systems and data to normal and confirming normal state; (c) identifying and mitigating all vulnerabilities that were exploited; (d) remediating vulnerabilities to prevent similar incidents; and (e) communicating appropriately internally and externally.Once operational stability and integrity are assured, prompt and effective recovery of operations should be based on prioritising critical economic and other functions and in accordance with objectives set by the relevant public authorities.
  7. Information sharing
    Sharing reliable, actionable cybersecurity information with internal and external stakeholders and beyond on threats, vulnerabilities, incidents, and responses will enhance defences, limit damage, increase situational awareness, and broaden learning. Threat indicators or details on how vulnerabilities were exploited, allows entities to remain up-to-date in their defences and learn about emerging methods used by attackers. It deepens the collective understanding of how attackers may exploit sector-wide vulnerabilities that could potentially disrupt critical economic functions and endanger financial stability. Given its importance, entities and public authorities should identify and address impediments to information sharing.
  8. Continuous learning
    Cyber threats and vulnerabilities evolve rapidly, as do best practices and technical standards to address them. The composition of the financial sector also changes over time, as new types of entities, products, and services emerge, and third-party service providers are increasingly relied upon. Entity-specific, as well as sector-wide, cybersecurity strategies and frameworks need periodic review and update to adapt to changes in the threat and control environment, enhance user awareness, and to effectively deploy resources.Other sectors, such as energy and telecommunications, present external dependencies; therefore, entities and public authorities should consider developments in these sectors as part of any review process.

Source: bizcommunity.com

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Logistics

Digitalization in logistics – A user’s experience

Published

on

Geraldine Mamburu, Founder & MD PDQ Logistics (Source: Geraldine Mamburu)

In some cultures, children are sometimes named after events that would have taken place close to or during their birth.  Jokes around naming children Quarantine Buthelezi, Social-distance Moyo, or Pandemic Ndlovu, were circulating in 2020 and made for a good laugh, however, one couple in India took this a little too seriously and named their twin boy and girl, Corona and Covid.

Looking back, I do not recall ever coming across a proposal to name children after any of the variations around the word digital, after all, every second Point of View that was being released was around digitalization and digital transformation. It got me thinking, and realised that a lot of these terminologies are thrown about in the corporate space, but what does this actually mean to the end-user? How does the user interact, make use of, and appreciate digitalization?

Being in the logistics space has found me interacting with a lot more digital platforms over and above e-commerce, social media, and the all-so-dreaded-virtual-meeting platforms. My favourite most convenient app (which is currently the best thing ever since sliced bread in my books) has got to be Truck Fuel Net (TFN). TFN offers a cloud-based, real-time software management solution that helps me manage all my on-road refuelling and driver spend needs. Given that the bulk of operational costs in road freight is fuel, one must have their finger on the pulse and be on the constant lookout for the best price, over and above monitoring driver efficiency. The TFN Management system helps me decide, where, when, and how much the driver can refuel.

Sidebar – I’ve been driving a Ford Kuga 1.6 AWD for a few years (NB: No fire starter jokes allowed) and for such a small engine, that car can chow fuel – I’m talking 11 – 12km/100! I never used to fill up because it was painful watching all that money go down the drain. When I filled up the truck for the first-time round, let’s just say I needed to sit down because I felt a little dizzy.

Every day, we transport goods worth millions of Rands. It goes without saying that the safety and security of the driver, the goods we carry, as well as the trucks themselves, is of paramount importance. TFN’s solutions enable us to run a cashless operation. In the road freight sector, cargo, equipment, and increasingly drivers, are all targets for criminals and if we can take one incentive out of the equation, the better off we are.

Whilst on cashless operations, I would like to give SANRAL a standing ovation. Now, now, before your eyes roll all the way to the back of your head, let me just say that we might have qualms as “Gautengers” about how they went about the e-toll saga, but their app is such a lifesaver! With an e-tag fitted on the vehicle, I can manage my account quickly and securely. The app works in real-time, allowing me to be kept informed of my spend on vehicles. And lo and behold when I do forget to top up (because …you know …admin), I immediately get a notification the moment my funds are depleted, allowing me to top up immediately whilst the truck is still on route, contributing to a seamless operation. Well done SANRAL. Sometimes the government does get it right …sometimes.

The South African logistics sector contributes about 12% towards the GDP, according to Stellenbosch University and the World Bank. Of that percentage, approximately ¾ is attributed to road freight alone. With such modestly generous figures, it’s encouraging to see various organisations come up with digitally inspired solutions to cater to this industry.

This brings me to my most used platforms, Car Track and Tracker. I can only assume that before the advancement in technology, one must have had to have a great deal of faith, composure, and trust. Not to say that we no longer require these skills, but the ability to log onto these apps and be able to get real-time updates on the exact location of a customer’s goods in transit certainly prevents a blood vessel or two from popping (in the event that you cannot reach the driver.) As for Google Maps, it goes without saying, that this is the backbone of my interaction with these tracking platforms.

There are a bunch of other digital platforms such as Linebooker that I am still to explore as the business continues to grow. However, it’s been interesting to know that before we start thinking self-driven trucks (think of that one scene from Terminator, were the machine is operating the truck…but I digress) and other seemingly complex technological advancements aimed at this industry, there are still digital channels that make the day to day operations in logistics that much easier.

What other digital platforms are you using or have you heard off that have made a world of a difference in the logistics space?

Article by: Geraldine Mamburu, Founder & MD PDQ Logistics

Download BAO E-MAGAZINE

Continue Reading

Technology

Three African-American Female Engineers Who Changed Our World

Published

on

Image source: Pexels

The fields of science, technology, engineering, and mathematics (STEM) produce innovation that drives us forward as a species. Despite the fact that women and people of color have often been at the forefront of new discoveries, their representation within the STEM fields is historically low.

As culture progresses in understanding toward the value of a diverse workforce, those seeking out the future leaders of STEM are reaching out to underrepresented populations – specifically, women and people of color. One such outreach is ‘Introduce a Girl to Engineering Day’, a global campaign established by the National Society of Professional Engineers.

The event, which takes place this February 25, is run by teachers, volunteers, and STEM professionals, and includes engaging engineering-based learning activities that encourage young women to develop problem solving skills and indulge their interest in science and engineering.

The road to their future success was paved by the intrepid women who came before them, including these three remarkable African-American female engineers:

  • Kimberly Bryant: Seeking to create an inclusive technology learning space for young women of color, Ms. Bryant created the not-for-profit coding camp Black Girls Code. As of late 2019, the organization has 15 chapters, and Ms. Bryant has been recognized as a White House Champion of Change for Tech Inclusion as well as one of 2013’s 25 Most Influential African Americans in Technology.
  • Dr. Patricia Bath: An early pioneer of laser surgery for cataract treatment, Dr. Bath was the first female member of the Jules Stein Eye Institute, the first female African-American surgeon at UCLA Medical Center, and the first female leader of a postgraduate ophthalmology training program.
  • Alice Parker: A housewife from New Jersey, Mrs. Parker developed and filed a patent for a gas-powered central heating system inspired by cold coastal winters. Her filing came before both the Women’s Liberation Movement and the Civil Rights Movement, a remarkable achievement for an African-American woman during her time.

More stories of African-American female engineers and  female leadership in engineering can be seen here:

To discover more about Introduce a Girl to Engineering Day, visit NSPE online.

Download BAO E-MAGAZINE

Continue Reading

Press Release

North Ladder Secures $5 Million Series A Financing Round To Accelerate Global Expansion

Published

on

North Ladder Team (Source: Siddharth Sudhakar)

North Ladder (previously called BuyBack Bazaar), a UAE based secured trading platform for pre-owned luxury assets and electronics, today announced a $5 million Series A funding round led by regional venture capital firm BECO Capital. The new investment will help the company scale up its technology platform, enhance customer experience and pursue further geographic expansion.

The homegrown start-up also revealed that it will begin operating under the new brand name North Ladder effective immediately, representing the company’s strategy of charting new markets and supporting individuals across the globe in their endeavour to elevate their financial situation. The disruptive and innovative technology platform is the first of its kind, providing access to verified buyers of second-hand goods and instant cash. North Ladder currently enables users to sell electronics such as phones, laptops, tablets, and smart watches, as well as luxury assets including watches and cars, with a unique option of buying it back within a few months.

The Series A financing builds on an exceptional year for North Ladder which saw rapid growth of its clients, network of buyers and corporate partnerships. To date, the platform has witnessed over 15,000 transactions in the UAE, with over 85 different nationalities served while earning an impressive 4.9/5 customer satisfaction rating. In 2021, the start-up is looking to establish its presence in the Kingdom of Saudi Arabia and the United States, with a focus on scaling the platform significantly in the next 18 to 24 months.

“North Ladder has demonstrated tremendous success with its unique model of helping customers access immediate funds against their assets. The provision of a seamless and trusted digital platform for the sale of pre-owned goods has immense socially transformative potential at a global scale. We are excited about partnering with them to take their services to the next level,” said Dany Farha, CEO & Managing Partner, BECO Capital.

The company recently appointed Sandeep Shetty, former Managing Director of the core ride hailing business at Careem, as Cofounder and Chief Executive Officer of North Ladder. Prior to Careem he also led the digital transformation program at Emirates NBD and has held leadership positions at McKinsey & Company and GE Capital across India, the United States and the Middle East. Sandeep joins the leadership team of co-founders Pishu Ganglani and Ricky Husaini who together bring years of prior global start-up, financial services, technology and operations experience.

“Our exciting partnership with the region’s leading investor BECO Capital gives us the opportunity to scale operations in the UAE and expand to other strategic markets, with the mission of meaningfully impacting people across all strata of society,” said Sandeep Shetty of North Ladder. “Our global auction brings professional buyers from around the world to compete and provide local customers with the best prices and no hidden surprises.”

Since its launch in 2018, North Ladder has been recognized as one of the “Top 5 innovative start-ups in the MENA region” by PayPal backed accelerator, Village Capital and awarded as an Innovator by Entrepreneur Middle East.

 

Download BAO E-MAGAZINE

 

Continue Reading

Ads

Most Viewed