WELCOME TO THE PRIVATE COMPANY WEBINAR SERIES 2021 - PLEASE NOTE, THIS WEBINAR IS BEING RECORDED - PWC ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Welcome to the Private Company webinar series 2021 Please note, this webinar is being recorded.
Investing in becoming cyber secure 25 June 2021
Recap of recent cyber events
According to Mimecast, 79% of companies experienced a business disruption, financial loss or
other setback in 2020 due to a lack of cyber preparedness.
● April 13 2021: Africrypt, which reportedly counts several high profile South Africans and celebrities among its
investors, was hacked and a staggering $3.6 billion (roughly R54 billion) was swiped out of multiple wallets
controlled by directors of the company in a matter of hours.
● May 2021: Virgin Active SA disclosed an advanced cyber attack, forcing it to shut down systems.
● March 2021: PPS disclosed an attack that affected service delivery.
● March 2021: Oldsmar (Florida, US) water treatment plant was in the international news due to a poisoning
attempt through a cyber attack.
● February 2021: Rain disclosed and remediated a breach that allowed attackers access to customer invoices.
● November 2020: Absa Group suffered an information leak to third parties affecting 209 000 customers.
● October 2020: Capitec disclosed a vishing attack targeting older banking customers.
● August 2020: Momentum Metropolitan Holdings disclosed a network breach affecting administrative and
financial data.
● August 2020: Experian disclosed a data breach that affected 24 million individuals and 793 000 local
businesses.
● June 2020: Life Healthcare suffered a ransomware attack, forcing it to shut down systems.
● May 2020: Telkom suffered an attack that caused it to shut down several systems.
● March 2020: Omnia Holdings disclosed a cyber attack on its IT infrastructure.
● February 2020: Nedbank disclosed a data breach, through a third-party marketing company (Computer
Facilities), that potentially affected 1.7 million clients.
PwC
PwC 3
Cyber legislation in South Africa - A brief overview
The Cybercrimes and Cybersecurity Bill (B6-2017 - ‘The Old Bill’) was split into two separate Bills,
with the Cybersecurity Bill back under review. The Cybercrimes Bill now signed and known as the
Cyber Crimes Act (2020).
The Cybercrimes Act aims to criminalise The Cybersecurity Bill will aim to
unwanted conduct related to the abuse establish a cyber security incident
and exploitation of computer systems, management program – which also means
networks and network-based that;
infrastructures with the following key
issues to note: 1. all organisations will need to
implement suitable mechanisms for
1. Businesses that do not report a automated security event correlation
cyber crime incident within a 72-hour and alerting (at an Industry-wide
limit will be liable for: level); and
a. costs incurred during the
1. the private sector must, within six
investigations to determine; months, establish a computer
impact, root cause, perpetrator security incident response team
and all associated forensic (CSIRT) to act as a central or ‘nodal
work; and point’.
b. possible conviction and fines.
2. If your employee commits a cyber
crime using your infrastructure or
equipment you are (as a business)
required to assist law enforcement
with the investigations.
PwC
PwC 4Top 15 cyber threats
1 2 3 4 5
Web application attacks
Malware Web-based attacks Phishing Spam
6 7 8 9 10
DDoS Identity theft Data breach Insider threat Botnets
11
Physical manipulation,
12 13 14 15
damage, theft and loss
Information leakage Ransomware Cyber Espionage Cryptojacking
PwCPwC
Cyber security best practice- Highlights
06 Routine Regular 01 07
security cyber Cyber security
education, security policies and
training and assessment procedures
testing s
05 Cyber 02 11 Cyber 08
Vulnerability Cyber
security best Password security best Continuity,
management insurance
management disaster
and patching practices practices recovery and
(updates)
backup
Cyber
Multi-Factor Third party
Encryption incident
Authentication management response
(MFA)
04 03 10 09
PwC
PwC 7How PwC can help
Develop business-focused strategies that support growth by making security and
Strategy and privacy an enterprise-wide priority. This translates into assisting you to formulate your
transformation cyber strategy, link it to the business strategy and help you operationalise and report to
the Board.
Incident and threat Confidently prepare, identify, respond, investigate and remediate threats.
management
Architect, design, implement and enhance the use of technology to support with cyber
Implementation, threat defence. This relates to us assisting you in understanding and managing security
integration and as you embark on new technologies or change business models. This includes
build ensuring that you are optimising the benefits realisation from these technologies.
Managed/
subscription Managing your company's effectiveness at detecting and tackling cyber threats.
services
Understand data lifecycles to protect data, meet the privacy expectations of the
Privacy consumers, and applicable privacy regulations.
PwC
PwC │8Contact us
Bernard Chadenga - Cyber Specialist
+27 (0) 21 529 2022
bernard.chadenga@pwc.com
https://www.pwc.co.za/en/services/assur
ance/cybersecurity-and-privacy.html
The information contained in this publication is provided for general information purposes only, and does not constitute the provision of legal or professional advice in any way. Before making any decision or taking any action, a professional adviser
should be consulted. No responsibility for loss to any person acting or refraining from action as a result of any material in this publication can be accepted by the author, copyright owner or publisher. This publication has been prepared for general
guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is
given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers Inc, its subsidiary and associated companies and entities and their respective directors, employees
agents and subcontractors do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based
on it.
It is not possible for PwC to assess with any certainty the implications of COVID-19 on the local and global economy, both generally in terms of how long the current crisis may last and more specifically in terms of its impact on specific organisations.
From the supply side of the economy, businesses are likely to face significant operational challenges due to authorities implementing measures to contain and/or prevent the spread of COVID-19. From the demand side, purchasing activity of goods
and services may be significantly impacted. To the extent that PwC has attempted to form a view of the economic situation and the potential impact of COVID-19 thereon, the potential variation between the current view and actual results are likely to
be materially greater than it might historically have been. The current view is based on assumptions that are subject to revisions at any time due to the high level of uncertainty over key influencing factors.
© 2021 PricewaterhouseCoopers (‘PwC’), a South African firm, PwC is part of the PricewaterhouseCoopers International Limited (‘PwCIL’) network that consists of separate and independent legal entities that do not act as agents of PwCIL or any
other member firm, nor is PwCIL or the separate firms responsible or liable for the acts or omissions of each other in any way. No portion of this document may be reproduced by any process without the written permission of PwC.Thank you pwc.com “The information contained in this publication by PwC is provided for discussion purposes only and is intended to provide the reader or his/her entity with general information of interest. The information is supplied on an “as is” basis and has not been compiled to meet the reader’s or his/her entity’s individual requirements. It is the reader’s responsibility to satisfy him or her that the content meets the individual or his/ her entity’s requirements. The information should not be regarded as professional or legal advice or the official opinion of PwC. No action should be taken on the strength of the information without obtaining professional advice. Although PwC take all reasonable steps to ensure the quality and accuracy of the information, accuracy is not guaranteed. PwC, shall not be liable for any damage, loss or liability of any nature incurred directly or indirectly by whomever and resulting from any cause in connection with the information contained herein.” © 2021 PwC Inc. [Registration number 1998/012055/21] (“PwC”). All rights reserved. PwC refers to the South African member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.co.za for further details.
You can also read
