WELCOME TO THE PRIVATE COMPANY WEBINAR SERIES 2021 - PLEASE NOTE, THIS WEBINAR IS BEING RECORDED - PWC ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Recap of recent cyber events According to Mimecast, 79% of companies experienced a business disruption, financial loss or other setback in 2020 due to a lack of cyber preparedness. ● April 13 2021: Africrypt, which reportedly counts several high profile South Africans and celebrities among its investors, was hacked and a staggering $3.6 billion (roughly R54 billion) was swiped out of multiple wallets controlled by directors of the company in a matter of hours. ● May 2021: Virgin Active SA disclosed an advanced cyber attack, forcing it to shut down systems. ● March 2021: PPS disclosed an attack that affected service delivery. ● March 2021: Oldsmar (Florida, US) water treatment plant was in the international news due to a poisoning attempt through a cyber attack. ● February 2021: Rain disclosed and remediated a breach that allowed attackers access to customer invoices. ● November 2020: Absa Group suffered an information leak to third parties affecting 209 000 customers. ● October 2020: Capitec disclosed a vishing attack targeting older banking customers. ● August 2020: Momentum Metropolitan Holdings disclosed a network breach affecting administrative and financial data. ● August 2020: Experian disclosed a data breach that affected 24 million individuals and 793 000 local businesses. ● June 2020: Life Healthcare suffered a ransomware attack, forcing it to shut down systems. ● May 2020: Telkom suffered an attack that caused it to shut down several systems. ● March 2020: Omnia Holdings disclosed a cyber attack on its IT infrastructure. ● February 2020: Nedbank disclosed a data breach, through a third-party marketing company (Computer Facilities), that potentially affected 1.7 million clients. PwC PwC 3
Cyber legislation in South Africa - A brief overview The Cybercrimes and Cybersecurity Bill (B6-2017 - ‘The Old Bill’) was split into two separate Bills, with the Cybersecurity Bill back under review. The Cybercrimes Bill now signed and known as the Cyber Crimes Act (2020). The Cybercrimes Act aims to criminalise The Cybersecurity Bill will aim to unwanted conduct related to the abuse establish a cyber security incident and exploitation of computer systems, management program – which also means networks and network-based that; infrastructures with the following key issues to note: 1. all organisations will need to implement suitable mechanisms for 1. Businesses that do not report a automated security event correlation cyber crime incident within a 72-hour and alerting (at an Industry-wide limit will be liable for: level); and a. costs incurred during the 1. the private sector must, within six investigations to determine; months, establish a computer impact, root cause, perpetrator security incident response team and all associated forensic (CSIRT) to act as a central or ‘nodal work; and point’. b. possible conviction and fines. 2. If your employee commits a cyber crime using your infrastructure or equipment you are (as a business) required to assist law enforcement with the investigations. PwC PwC 4
Top 15 cyber threats 1 2 3 4 5 Web application attacks Malware Web-based attacks Phishing Spam 6 7 8 9 10 DDoS Identity theft Data breach Insider threat Botnets 11 Physical manipulation, 12 13 14 15 damage, theft and loss Information leakage Ransomware Cyber Espionage Cryptojacking PwC
PwC
Cyber security best practice- Highlights 06 Routine Regular 01 07 security cyber Cyber security education, security policies and training and assessment procedures testing s 05 Cyber 02 11 Cyber 08 Vulnerability Cyber security best Password security best Continuity, management insurance management disaster and patching practices practices recovery and (updates) backup Cyber Multi-Factor Third party Encryption incident Authentication management response (MFA) 04 03 10 09 PwC PwC 7
How PwC can help Develop business-focused strategies that support growth by making security and Strategy and privacy an enterprise-wide priority. This translates into assisting you to formulate your transformation cyber strategy, link it to the business strategy and help you operationalise and report to the Board. Incident and threat Confidently prepare, identify, respond, investigate and remediate threats. management Architect, design, implement and enhance the use of technology to support with cyber Implementation, threat defence. This relates to us assisting you in understanding and managing security integration and as you embark on new technologies or change business models. This includes build ensuring that you are optimising the benefits realisation from these technologies. Managed/ subscription Managing your company's effectiveness at detecting and tackling cyber threats. services Understand data lifecycles to protect data, meet the privacy expectations of the Privacy consumers, and applicable privacy regulations. PwC PwC │8
Contact us Bernard Chadenga - Cyber Specialist +27 (0) 21 529 2022 bernard.chadenga@pwc.com https://www.pwc.co.za/en/services/assur ance/cybersecurity-and-privacy.html The information contained in this publication is provided for general information purposes only, and does not constitute the provision of legal or professional advice in any way. Before making any decision or taking any action, a professional adviser should be consulted. No responsibility for loss to any person acting or refraining from action as a result of any material in this publication can be accepted by the author, copyright owner or publisher. This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers Inc, its subsidiary and associated companies and entities and their respective directors, employees agents and subcontractors do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. It is not possible for PwC to assess with any certainty the implications of COVID-19 on the local and global economy, both generally in terms of how long the current crisis may last and more specifically in terms of its impact on specific organisations. From the supply side of the economy, businesses are likely to face significant operational challenges due to authorities implementing measures to contain and/or prevent the spread of COVID-19. From the demand side, purchasing activity of goods and services may be significantly impacted. To the extent that PwC has attempted to form a view of the economic situation and the potential impact of COVID-19 thereon, the potential variation between the current view and actual results are likely to be materially greater than it might historically have been. The current view is based on assumptions that are subject to revisions at any time due to the high level of uncertainty over key influencing factors. © 2021 PricewaterhouseCoopers (‘PwC’), a South African firm, PwC is part of the PricewaterhouseCoopers International Limited (‘PwCIL’) network that consists of separate and independent legal entities that do not act as agents of PwCIL or any other member firm, nor is PwCIL or the separate firms responsible or liable for the acts or omissions of each other in any way. No portion of this document may be reproduced by any process without the written permission of PwC.
Thank you pwc.com “The information contained in this publication by PwC is provided for discussion purposes only and is intended to provide the reader or his/her entity with general information of interest. The information is supplied on an “as is” basis and has not been compiled to meet the reader’s or his/her entity’s individual requirements. It is the reader’s responsibility to satisfy him or her that the content meets the individual or his/ her entity’s requirements. The information should not be regarded as professional or legal advice or the official opinion of PwC. No action should be taken on the strength of the information without obtaining professional advice. Although PwC take all reasonable steps to ensure the quality and accuracy of the information, accuracy is not guaranteed. PwC, shall not be liable for any damage, loss or liability of any nature incurred directly or indirectly by whomever and resulting from any cause in connection with the information contained herein.” © 2021 PwC Inc. [Registration number 1998/012055/21] (“PwC”). All rights reserved. PwC refers to the South African member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.co.za for further details.
You can also read