Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News

      War of words erupts over home affairs database fee hike

      24 June 2025

      Don’t expect Starlink in South Africa anytime soon

      24 June 2025

      Finally! Tribunal unpacks why it blocked Vodacom’s Vumatel deal

      24 June 2025

      Samsung to unveil new folding phones at July event

      24 June 2025

      Capital Appreciation banks on payments to offset software slump

      24 June 2025
    • World

      Mira Murati’s Thinking Machines hits $10-billion valuation

      24 June 2025

      Watch | Starship rocket explodes in setback to Musk’s Mars mission

      19 June 2025

      Trump Mobile dials into politics, profit and patriarchy

      17 June 2025

      Samsung plots health data hub to link users and doctors in real time

      17 June 2025

      Beijing’s chip champions blacklisted by Taiwan

      16 June 2025
    • In-depth

      Meta bets $72-billion on AI – and investors love it

      17 June 2025

      MultiChoice may unbundle SuperSport from DStv

      12 June 2025

      Grok promised bias-free chat. Then came the edits

      2 June 2025

      Digital fortress: We go inside JB5, Teraco’s giant new AI-ready data centre

      30 May 2025

      Sam Altman and Jony Ive’s big bet to out-Apple Apple

      22 May 2025
    • TCS

      TechCentral Nexus S0E3: Behind Takealot’s revenue surge

      23 June 2025

      TCS | South Africa’s Sociable wants to make social media social again

      23 June 2025

      TCS+ | AfriGIS’s Helen Hulett on how tech can help resolve South Africa’s water crisis

      18 June 2025

      TechCentral Nexus S0E2: South Africa’s digital battlefield

      16 June 2025

      TechCentral Nexus S0E1: Starlink, BEE and a new leader at Vodacom

      8 June 2025
    • Opinion

      South Africa pioneered drone laws a decade ago – now it must catch up

      17 June 2025

      AI and the future of ICT distribution

      16 June 2025

      Singapore soared – why can’t we? Lessons South Africa refuses to learn

      13 June 2025

      South Africa risks being left behind as stablecoins reshape global finance

      6 June 2025

      Beyond the box: why IT distribution depends on real partnerships

      2 June 2025
    • Company Hubs
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • AvertITD
      • Braintree
      • CallMiner
      • CambriLearn
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • Incredible Business
      • iONLINE
      • Iris Network Systems
      • LSD Open
      • NEC XON
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Tenable
      • Vertiv
      • Videri Digital
      • Wipro
      • Workday
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Public sector
      • Retail and e-commerce
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Company News » As digital transformation grows, so does your attack surface

    As digital transformation grows, so does your attack surface

    By Obscure and Puleng and RiskIQ10 September 2020
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    Companies that are turning more of their operations digital might be winning the innovation race, but they’re opening themselves up to increased cybercrime.

    Every activity that goes onto the Internet and outside the corporate firewall increases the ‘attack surface’ and opens another doorway for scammers and criminals to sneak through. That’s no reason to delay the inevitable digital transformation, but it does mean that enthusiasm shouldn’t run ahead of cybersecurity measures.

    IT experts from a variety of industries exchanged ideas and advice about cybersecurity at a recent webinar roundtable hosted by TechCentral and sponsored by Obscure, Puleng and RiskIQ.

    Zaid Parak

    A downside of trying to be quick to market is that innovations often outpace security, warned Zaid Parak, the chief information security officer of Discovery. Development managers may give the go-ahead for a new tool or app and worry about the processes later. “We’ve allowed a lot of freedom within the company, and nobody reads policies and standards. It’s not a question of negligence, but more enthusiasm and the need for speed in doing business,” he said.

    Warren Hero

    The attack surface extends to humans, too, and the volume of those attempted crimes is “going nuts”, said Warren Hero, the CIO and chief development officer at Webber Wentzel. “Impersonation of Twitter accounts and of social networking is rife. We have to stop thinking about IT security and think about cybersecurity. We have to think about the cyber safety of our staff and our partners.”

    Budgets must be extended to cover these areas, because somebody hijacking a Twitter account and impersonating a partner could have a material impact. “It’s not just access points, it’s actually impersonation points that we’re talking about,” Hero said.

    Imraan Kharwa

    Imraan Kharwa, head of information security at Tourvest, asked the panel whether they are seeing a surge in social engineering attacks with their employees working remotely, and if so, how they are addressing that.

    Shoaib Nathie

    An impersonation attack had directly affected Shoaib Nathie, the CIO at CIB. “Somebody tried to change my banking details with HR for my salary, claiming to be me. We’ve had a big increase in Internet impersonation attacks,” he said.

    “Phishing is a big, big concern for us as well,” agreed Jacques Loubser, group CIO at PPS. “We conduct tests all the time and have some initiatives in which we educate our staff and members on how to identify phishing scams.”

    Jacques Loubser

    Loubser reminded the roundtable that devices used by the employees could be compromised too, particularly with many administrative and development staff now working from home. “We are overly obsessed with the ‘data zone’ and securing our data, so we ensure devices are encrypted. In terms of our tech surface, we try to embed security as a whole. It’s about our stacks — some of them run out of the country. We also have subsidiaries which integrate as well, meaning our APIs will be exposed to external vendors, too,” he explained.

    Parak told the participants that when he became the CISO of Discovery, the first thing he did was fully examine the IT environment to understand what he was dealing with. “I found a plethora of niche point solutions and services that were extremely expensive, but really complex, which made integrations impossible as nothing would talk to each other,” he said. He also assessed Discovery’s footprint on the Internet, checked for any scam or phishing sites, and found a lot of shadow IT that didn’t follow the internal diligence processes.

    Riaan Hamman

    He found that security problems had previously been dealt with by applying plasters to the cuts, and that the technologies they had were not always used to their full capability. They were doing a good job of keeping the malicious guys at bay, but it was not sustainable, he said. He decided to plan and execute a strategy that improved the overall security position, reduced complexity, made better use of what they had, and consolidated everything more effectively. “My principle was not buying anything new, but rather seeing what we have, and expanding the solutions to cover a lot of the services we had.”

    Riaan Hamman, chief technology officer at Puleng, agreed with Parak, that it was important to understand your internet footprint, although trying to manage that data manually was a battle you’re never going to win. “This constant analysis needs to become a daily process to manage and maintain that digital footprint and look for practical ways to improve your footprint on the Internet,” he said.

    Ritasha Kalidas

    There seemed to be several differences between Discovery’s environment and that of a manufacturing organisation, noted Ritasha Kalidas, the director of IT security, risk and governance at Tiger Brands. “I think for us as manufacturing, the mindset is very different,” she said. The core focus in manufacturing was getting products out, ensuring high quality, and making sure they reached the customers’ shelves.

    “If there’s an attack, it’s not just about hitting the network, it’s about getting into the factory and potentially tampering with sensors and environmental devices. The impact of a cyberattack in manufacturing is not just limited to data loss. It could also cause injury or threat to life should there be tampering with the machinery in Scada environments.”

    Fabian Libeau

    Kalidas said when she talked to her executives about security, they always thought about confidentiality, integrity and availability. “But our biggest threat is availability,” she said. “In the manufacturing environment, the minute you take data and systems away from people you’ve got a major concern. Should something as simple as a printer go down in our environment, the impact is substantial. If a truck driver comes to the warehouse and is unable to get his invoice he can’t leave with the goods, and we might end up with a line of trucks going for kilometres.”

    Digital transformation was affecting every industry, but the threat landscape obviously varied, said Fabian Libeau, the VP for Europe, Middle East and Africa with RiskIQ. “The bottom line is that the problem is the same, although the impact may be different depending on the industry.”

    Anthony Olivier

    But one thing that increased the risk for every sector was the Covid lockdown and the enforced move to working from home. Many employees were connecting to corporate networks through their own unsecured laptops because companies hadn’t been able to deliver enough secure laptops quickly enough to keep everybody safe.

    For Imperial Logistics, the big problem was creating the capability to implement information security, said its group CISO, Anthony Olivier. “We have dozens of companies in about 40 different countries, all at different levels of maturity — some with massive IT departments and some so small that the guys have to sort themselves out with laptops.”

    Priya Thakoor

    One example was the dozens of different websites run by those companies, which have all been built by different suppliers. “About two weeks ago, we started looking at how our cookies are being managed in Imperial. And it’s really complex because we are dealing with a company that had a friend create the website or similar, so attaining compliance is a huge part of my problem. There’s a saying that security is not privacy, but you can’t have privacy without security. In the same way, compliance is not security, but you can’t have security without compliance.”

    Another problem with securing a company’s external presence was that the digital space is an intersection between the customer, the business and the technology, said Priya Thakoor, managing executive of digital channels at Vodacom. Keeping channels like the MyVodacom app and the corporate website secure while also reducing “friction” for the customer meant working closely with many stakeholders and security teams. “The question is, how do we bake in a lot more of the quality design and experiential elements into our security thinking?” she asked.

    Janine West

    Customers who register for MyVodacom app, for example, must create passwords with a certain number of digits, a symbol and a number, and people don’t remember them. “We need to find the balance between how can we make it easy for customers to use what we offer as a digital format, but not have a bad experience in terms of usability. There’s a big opportunity to really bring these two constructs of security and design together, which is a big focus for us.”

    Nastassja Finnegan

    Helping customers to keep themselves secure was difficult, agreed Janine West, head of data privacy at Investec. To avoid fraud through impersonation, customers were advised to only open mails that came from people they trusted, and Investec told them they would never send links in its e-mails. “However, you have to be practical,” she said. “For example, you might need them to register with the South African Fraud Prevention Services, and send them a link to go to the website, which becomes a difficult balance of saying that you’ll never send them links except in certain circumstances. It has a lot to do with behaviour and very much a sense of ‘people feeling’, because there’s a lot of mistrust at the moment and all these breaches and scams are adding to it.”

    A challenge for Nastassja Finnegan, the cybersecurity officer at FNB, is melding innovative thinking with security thinking from the start. Banks were all in a race to be the fastest, the coolest, and to offer the nicest products. “Do we do this in the most secure, efficient and effective way? Absolutely not,” she said. “Our go-to-market strategy is to get it done quickly and build it ourselves, which makes my job a lot harder. So what we’re trying to do differently is to change the culture to turn us into a risk-based organisation, which incorporates training to get the organisation to think about things differently.” That would be more effective than trying to impose various policies, processes and technologies, she believes.

    • This promoted content was paid for by the party concerned


    Anthony Olivier Fabian Libeau Imraan Kharwa Jacques Loubser Janine West Nastassja Finnegan Obscure Priya Thakoor Puleng Riaan Hamman RiskIQ Ritasha Kalidas Shoaib Nathie Zaid Parak
    Subscribe to TechCentral Subscribe to TechCentral
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleXerox Certificate Remediation Utility: Fault code 016-426 revisited
    Next Article South Africa ‘at high risk of becoming a failed state’

    Related Posts

    IT Leadership Series | Infobip DPO Imraan Kharwa

    5 April 2023

    Chip crisis crimps Alviva Holdings’ revenue growth

    27 September 2021

    Microsoft is buying cybersecurity company RiskIQ: sources

    12 July 2021
    Company News

    Communication costs exploding? Telviva has a fix for UK-SA teams

    24 June 2025

    Section 18A deductions and BEE points – a strategic choice for business compliance in 2025

    24 June 2025

    Huawei Watch Fit 4 Series: beauty, brains and a battery that won’t quit

    24 June 2025
    Opinion

    South Africa pioneered drone laws a decade ago – now it must catch up

    17 June 2025

    AI and the future of ICT distribution

    16 June 2025

    Singapore soared – why can’t we? Lessons South Africa refuses to learn

    13 June 2025

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2025 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.