We are pleased to announce that we have joined the Microsoft Intelligent Security Association (MISA), a global ecosystem of independent software vendors and managed security service providers that have integrated their solutions to help customers better defend against a world of evolving cybersecurity threats.
MISA was launched in 2018 with 26 members. Today, just over 160 industry leaders from across the international cybersecurity spectrum work together to share threat intelligence, extend solution capabilities, and increase customer protection.
MISA membership is by invitation only. Organisations must be nominated by Microsoft, and must demonstrate integrations that support the goal of improving enterprise security. We were selected to join the association as a managed security service provider, for our NettProtect vulnerability scanning solution and turnkey add-ons to our Cyber SoC packages, as well as our Microsoft Defender for Endpoint managed service, which is geared to reinforce network security through next-generation detection, investigation, and threat-hunting.
“We are very proud to be part of the Microsoft Intelligent Security Association,” says Managing Director Ryan Roseveare. “Our MISA membership not only deepens our longstanding relationship with Microsoft, but also opens the door for our specialists to collaborate with some of the top security professionals in the world. We are excited to share our expertise with our new peers. And we look forward to delivering even more value to our customers, through innovative security offerings that meet their business needs.”
The BUI Cyber Security Operations Center (Cyber SoC) integrates with Microsoft Azure Sentinel, a cloud-native, AI-based security information and event management solution, to make threat detection and response smarter and faster. The state-of-the-art facility is the first of its kind in Africa, and harnesses Microsoft security resources to monitor enterprise networks, servers, endpoints, databases, and applications.
“The success of our Cyber SoC lies in the combination of cutting-edge technology and industry-leading skills,” declares Roseveare. “We have created a compelling solution by reducing the cost and complexity of managed security services, and by giving our customers value-driven add-ons, like our Cyber SoC Panic Button for emergency assistance,” he notes.
“The Microsoft Intelligent Security Association has grown into a vibrant ecosystem comprised of the most reliable and trusted security software vendors across the globe. Our members, like BUI, share Microsoft’s commitment to collaboration within the cybersecurity community to improve our customers’ ability to predict, detect, and respond to security threats faster,” says Rani Lofstrom, Senior Product Marketing Manager, Microsoft Security.
BUI’s MISA membership follows several company milestones in 2020. Since the beginning of the year, we have achieved Microsoft Azure Expert Managed Service Provider status and attained advanced specializations in Adoption and Change Management and Windows Virtual Desktop. We have also been named Microsoft Country Partner of the Year, Microsoft Modern Workplace Partner of the Year, Microsoft Azure Infrastructure Partner of the Year, and Microsoft Security Partner of the Year.
“We are determined to help our customers strengthen their cyber defences in the face of increasingly sophisticated threats,” says Roseveare. “As part of MISA, we are now even better positioned to empower organisations to protect their assets – from identity to infrastructure, and from the edge to the cloud,” he concludes.
We can help you create the best possible defences against cybercrime.
Check out our security offers in the MISA partner catalogue to learn more.
BUI is proud to announce its commitment to Cybersecurity Awareness Month, held annually in October, by signing up as a Champion organisation and joining a growing global effort to promote awareness of online safety and privacy.
This year, Champion organisations include technology companies Cisco, Kaspersky, McAfee, and Palo Alto Networks, as well as industry heavyweights like General Motors.
The Cybersecurity Awareness Month Champion programme is a collaborative effort among businesses, government agencies, tertiary education institutions, associations, and non-profit organisations and individuals committed to the 2020 Cybersecurity Awareness Month theme of “Do Your Part – #BeCyberSmart”. The programme aims to empower individuals and organisations to own their role in protecting their part of cyberspace.
The overarching message of this year’s theme – “If You Connect It, Protect It” – dives into the importance of keeping connected devices safe and secure from outside influence.
More than ever before, connected devices have been woven into society as an integral part of how people communicate and access services essential to their well-being. Data collected from these devices can detail highly specific information about a person or business which can be exploited by threat actors for their personal gain. Cybersecurity Awareness Month aims to shed light on these security vulnerabilities, while offering guidance around simple security measures to limit the risks for commonly used devices like smartphones, tablets, and laptops.
This year, Cybersecurity Awareness Month will feature four main focus areas:
If everybody does their part – by implementing stronger security practices, raising community awareness, educating vulnerable audiences, and training employees – then our interconnected world will be safer and more resilient for everyone.
Cybersecurity Awareness Month continues to build momentum and impact with the ultimate goal of providing everyone with the information they need to stay safer and more secure online. The initiative, which is led by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA) of the United States Department of Homeland Security, is in its 17th year.
Visit staysafeonline.org for more information about Cybersecurity Awareness Month 2020, and follow BUI on Facebook, LinkedIn, and Twitter for daily cybersecurity resources! Throughout October, we will be sharing tips to help you and your teams be safer and more secure online.
Join our own Wayne Nel and Cyber Risk Aware CEO Stephen Burke for an exclusive live webinar on Thursday 15 October 2020.
Creating Your Human Firewall will show you how to transform your employees into cyber defenders. Reserve your seat!
BUI CISSP Neil du Plessis and First Digital KZN Managing Executive Gabriel Malherbe discuss why a security strategy is critical for any enterprise with web-facing assets.
In 2019, South Africa had the third-highest number of cybercrime victims in the world. Attacks from the darkest corners of the web cost our economy more than R2.2bn. From government portals to municipal networks and databases, the public sector was a regular target. In the private sector too, cyberattackers zeroed in on e-commerce platforms, internet service providers, and financial institutions.
There’s a similar trend in 2020. Since the beginning of the year, hackers have taken aim at local enterprises including chemical supplier Omnia, hospital group Life Healthcare, and vehicle-recovery firm Tracker. Internationally, headline-making incidents involving car manufacturer Honda, GPS technology company Garmin, and energy group Enel have also highlighted the consequences of digital villainy, and put corporate cybersecurity practices in focus across the globe.
“When it comes to defending against cyberattacks, modern enterprises must consider the growing complexity of their operational environments and the web-enabled commercial landscape at large,” explains Neil du Plessis, our CISSP and cloud security architect. Connectivity can be a powerful business driver, but it can also be a double-edged sword: the greater the number of integrated platforms, systems, and applications, the broader the attack surface. “You no longer have the luxury of drawing a perimeter around your organisation,” states Du Plessis.
Gabriel Malherbe, the KZN managing executive at our sister company First Digital, agrees. “In a hyperconnected world, your cybersecurity measures cannot stop at the front gate. Those days are long gone. Today, a business environment is not just a physical space: it extends beyond walls and fences, across devices, across networks, and across borders. The challenge now – especially for those moving ahead with digital transformation – is holistic protection,” says Malherbe.
South Africa is one of the fastest-growing countries globally for IT expenditure, and local enterprises are spending significant funds on software and services delivered via the internet. They’re also moving core systems online. “Modernisation is a big motivator,” says Malherbe. “There’s a growing interest in disruptive technologies, and how they can be leveraged to help people accomplish more. The ‘more’ factor may change from company to company, but I think the stimulus is the same in many cases, and that’s the desire to prepare for an increasingly digital future,” he explains.
Being online can open the door for businesses to become more agile, more productive, more efficient, more responsive, and more cost-effective – but there are risks to consider in pursuit of such rewards, cautions Du Plessis. “Whether an online presence is part of your overall business development strategy, or a planned transition to serve your customers where they are, or even a productivity requirement to enable remote work right now, cybersecurity should be a primary concern. Unfortunately, this is not always the case, and some of the biggest security incidents in recent history are now cautionary tales about the perils of poor cyber hygiene,” he says.
Du Plessis highlights the 2018 ViewFines data leak as an example. “The PII records of almost a million South African motorists were leaked publicly, and sensitive personal information – including full names, ID numbers, and plaintext passwords – was compromised. The root cause was a web server vulnerability that could have been addressed beforehand through mitigation techniques like vulnerability scanning, penetration testing, server hardening, and patch management,” he explains.
Malicious actors continue to employ a wide range of scams to try to gain access to valuable data and corporate assets. Phishing, smishing, and vishing are common methods of attack, but malware is becoming a popular choice as cyber villains look beyond everyday IT infrastructure to more complex OT ecosystems in sectors as diverse as retail and industrial manufacturing.
“The EKANS ransomware used against Honda earlier this year is a case in point,” Du Plessis says, referencing the sophisticated malware that targeted the auto-maker’s industrial control systems and affected production lines in Europe, Japan, and the United States. “It’s absolutely critical for modern enterprises to establish cybersecurity practices that include all web-enabled processes, not only traditional IT,” he advises.
Security should be built in from the ground up and across the board, concurs Malherbe. “There’s a duality to the internet that you need to remember: it connects you to the world and it connects the world to you. Every web-facing resource, from your homepage to your e-commerce store, is exposed to a degree of risk. When you understand that, then you can take action to protect your assets while you reap the rewards of doing business on the web,” he says.
“Cost, convenience, and customisation potential are all factors pushing local businesses to explore some kind of online presence,” continues Malherbe, adding that First Digital has seen a dramatic increase in the number of clients asking for e-commerce solutions in recent months. The trend, he argues, can be attributed to the prevailing market conditions as well as the changing behaviour of tech-savvy consumers.
“Even before the movement restrictions imposed during the COVID-19 lockdown, brick-and-mortar stores and shopping malls had started to feel the ripple effect of our stagnant economy: dwindling foot traffic, conservative spending, and tougher competition for every available rand. On top of that, there’s growing consumer demand for personalised, intuitive retail experiences. More and more, we’re seeing brands turn to e-commerce to drive sales and boost shopper engagement,” he says.
Business-to-consumer enterprises aren’t the only ones taking advantage of web-enabled technology. In the business-to-business space, bespoke trading platforms and vendor portals are being deployed to enable broader collaboration, integration, and co-operation. Greater functionality, however, demands greater security measures, reiterates Du Plessis. “Several high-profile cyberattacks have been linked to human error, or the misconfiguration of IT resources, or inadequate security controls. In B2C and B2B companies, cybersecurity strategy needs to be prioritised to help safeguard data, applications, infrastructure, and users,” he says.
BUI and First Digital have partnered on several projects to deliver secure solutions to local organisations. “I think customers understand the value of such engagements, especially given our complementary disciplines,” says Malherbe, citing a recent piece of work for Korbicom that drew on both teams’ expertise. “First Digital was brought in to provide Azure support, and BUI came on board later to perform penetration testing. The result was an intensive review of Korbicom’s web application, from architecture through to security,” explains Malherbe.
Korbicom’s application architect, Shaun Rust, was pleased with the results. “As a niche software development company, Korbicom creates custom solutions for clients in the legal sector, the insurance industry, and the financial services industry. Understandably, security and compliance are particular concerns. Our consultations with First Digital and BUI revolved around the functionality and security of a newly developed application, and their advice and assistance was very much appreciated.”
South African companies have to be prepared for sustained and increasingly sophisticated cyberattacks designed to compromise web-facing assets. “If you collect customer data through your website, or payment details through your e-commerce store, then you’re a potential target because sensitive information like that is valuable to somebody, somewhere,” cautions Du Plessis. “It doesn’t matter how big or small you are: data is a commodity. And I think we’ve all seen enough headlines to know that it is being bought and sold worldwide. The protection of your online business environment has never been more important than it is today,” he says.
Malherbe feels the same way. “If you don’t put adequate defences in place, then your enterprise is exposed, vulnerable, and at risk. You cannot afford to be in that position when the threat landscape changes by the minute. You have to make cybersecurity a priority – from day one, and every day after that,” he concludes.
A version of this article was published by First Digital, a fellow First Technology Group company specialising in application development, business process management, enterprise content management, integration, and managed services. Connect with First Digital on LinkedIn, Facebook, Twitter, and YouTube, or visit www.firsttech.digital to learn more.
Our state-of-the-art cybersecurity facility is backed by world-class Microsoft security technology, including Azure Sentinel – Microsoft’s cloud-native security information and event management software.
The BUI Cyber Security Operations Centre is the first of its kind in Africa. It is staffed 24 hours a day, seven days a week, by certified security specialists who can help you to safeguard your critical business assets.
We’re going to implement the DMARC email security standard for our existing customers, free of charge, as part of our ongoing efforts to help create a safer internet.
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication system designed to protect an email domain from cyberattackers who may try to compromise the owner, brand, or business through domain spoofing, phishing, or cyber fraud.
Created by PayPal together with Google, Microsoft, Yahoo! and other industry leaders, the DMARC protocol leverages two existing email authentication techniques – SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) – while adding a reporting function that provides visibility into the domain owner’s email ecosystem.
As a domain owner, you want to have peace of mind about the emails that are being sent under your banner. Not only for your reputation, but for the reputation of your business, too. You want to know that your staff, customers, partners, and suppliers are receiving legitimate emails from real representatives of your organisation, not scammers impersonating you or your people. DMARC assures all those who receive your emails that the messages are authentic and trustworthy – and that they originated from your true domain.
There were an estimated 3.9 billion active email users last year – and that number is expected to reach 4.2 billion by 2022. Email is a big part of our personal and professional lives – but it’s also an information-rich environment that attracts malicious actors. For cybercriminals, the ability to mimic a business through email is extremely valuable, and could open the door for data theft, identity theft, and account fraud.
More than a million organisations – including Amazon, Apple, Cisco, Dell, Facebook, LinkedIn, and Twitter – are already using DMARC to help secure their email. DMARC is considered best practice by industry leaders around the globe. We’ve decided to deploy DMARC for our customers because we want to make sure that they have comprehensive email protection, in compliance with the latest standards.
We’ve enlisted local technology startup Sendmarc to help us do this as seamlessly as possible. The South African company, co-founded by entrepreneurs Keith Thompson, Sam Hutchinson, and Sacha Matulovich, specialises in DMARC implementation and monitoring.
The Sendmarc software gathers, interprets, and analyses DMARC data reports to provide actionable insights for domain owners. It takes a complex collection of technical data and makes it clear, visual, and easy to understand so that domain owners can see exactly what’s happening in their email environments – and then take steps to address any issues detected.
Phishing plays a role in over 90 percent of all cyberattacks – and that’s why it’s critical for domain owners to be proactive about email security. Brands and businesses can’t afford to ignore the fact that cyberattackers are constantly searching for new ways to steal money, personal information, credit card data, and login credentials. Email will remain a target, but the DMARC protocol can help strengthen cyber resilience at the domain level.
Customers will receive correspondence from BUI, outlining the steps for DMARC deployment and providing additional resources to help them understand the benefits of this email security measure.
The DMARC protocol will then be added to the customer’s DNS, and approximately 4-6 weeks later, the customer will receive a report outlining any issues detected.