Menu
BUI is proud to announce its commitment to Cybersecurity Awareness Month, held annually in October, by signing up as a Champion organisation and joining a growing global effort to promote awareness of online safety and privacy.
This year, Champion organisations include technology companies Cisco, Kaspersky, McAfee, and Palo Alto Networks, as well as industry heavyweights like General Motors.
The Cybersecurity Awareness Month Champion programme is a collaborative effort among businesses, government agencies, tertiary education institutions, associations, and non-profit organisations and individuals committed to the 2020 Cybersecurity Awareness Month theme of “Do Your Part – #BeCyberSmart”. The programme aims to empower individuals and organisations to own their role in protecting their part of cyberspace.
The overarching message of this year’s theme – “If You Connect It, Protect It” – dives into the importance of keeping connected devices safe and secure from outside influence.
More than ever before, connected devices have been woven into society as an integral part of how people communicate and access services essential to their well-being. Data collected from these devices can detail highly specific information about a person or business which can be exploited by threat actors for their personal gain. Cybersecurity Awareness Month aims to shed light on these security vulnerabilities, while offering guidance around simple security measures to limit the risks for commonly used devices like smartphones, tablets, and laptops.
This year, Cybersecurity Awareness Month will feature four main focus areas:
If everybody does their part – by implementing stronger security practices, raising community awareness, educating vulnerable audiences, and training employees – then our interconnected world will be safer and more resilient for everyone.
Cybersecurity Awareness Month continues to build momentum and impact with the ultimate goal of providing everyone with the information they need to stay safer and more secure online. The initiative, which is led by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA) of the United States Department of Homeland Security, is in its 17th year.
Visit staysafeonline.org for more information about Cybersecurity Awareness Month 2020, and follow BUI on Facebook, LinkedIn, and Twitter for daily cybersecurity resources! Throughout October, we will be sharing tips to help you and your teams be safer and more secure online.
Join our own Wayne Nel and Cyber Risk Aware CEO Stephen Burke for an exclusive live webinar on Thursday 15 October 2020.
Creating Your Human Firewall will show you how to transform your employees into cyber defenders. Reserve your seat!
BUI CISSP Neil du Plessis and First Digital KZN Managing Executive Gabriel Malherbe discuss why a security strategy is critical for any enterprise with web-facing assets.
In 2019, South Africa had the third-highest number of cybercrime victims in the world. Attacks from the darkest corners of the web cost our economy more than R2.2bn. From government portals to municipal networks and databases, the public sector was a regular target. In the private sector too, cyberattackers zeroed in on e-commerce platforms, internet service providers, and financial institutions.
There’s a similar trend in 2020. Since the beginning of the year, hackers have taken aim at local enterprises including chemical supplier Omnia, hospital group Life Healthcare, and vehicle-recovery firm Tracker. Internationally, headline-making incidents involving car manufacturer Honda, GPS technology company Garmin, and energy group Enel have also highlighted the consequences of digital villainy, and put corporate cybersecurity practices in focus across the globe.
In 2019, South Africa had the third-highest number of cybercrime victims in the world, according to researchers.
“When it comes to defending against cyberattacks, modern enterprises must consider the growing complexity of their operational environments and the web-enabled commercial landscape at large,” explains Neil du Plessis, our CISSP and cloud security architect. Connectivity can be a powerful business driver, but it can also be a double-edged sword: the greater the number of integrated platforms, systems, and applications, the broader the attack surface. “You no longer have the luxury of drawing a perimeter around your organisation,” states Du Plessis.
Gabriel Malherbe, the KZN managing executive at our sister company First Digital, agrees. “In a hyperconnected world, your cybersecurity measures cannot stop at the front gate. Those days are long gone. Today, a business environment is not just a physical space: it extends beyond walls and fences, across devices, across networks, and across borders. The challenge now – especially for those moving ahead with digital transformation – is holistic protection,” says Malherbe.
South Africa is one of the fastest-growing countries globally for IT expenditure, and local enterprises are spending significant funds on software and services delivered via the internet. They’re also moving core systems online. “Modernisation is a big motivator,” says Malherbe. “There’s a growing interest in disruptive technologies, and how they can be leveraged to help people accomplish more. The ‘more’ factor may change from company to company, but I think the stimulus is the same in many cases, and that’s the desire to prepare for an increasingly digital future,” he explains.
Being online can open the door for businesses to become more agile, more productive, more efficient, more responsive, and more cost-effective – but there are risks to consider in pursuit of such rewards, cautions Du Plessis. “Whether an online presence is part of your overall business development strategy, or a planned transition to serve your customers where they are, or even a productivity requirement to enable remote work right now, cybersecurity should be a primary concern. Unfortunately, this is not always the case, and some of the biggest security incidents in recent history are now cautionary tales about the perils of poor cyber hygiene,” he says.
Du Plessis highlights the 2018 ViewFines data leak as an example. “The PII records of almost a million South African motorists were leaked publicly, and sensitive personal information – including full names, ID numbers, and plaintext passwords – was compromised. The root cause was a web server vulnerability that could have been addressed beforehand through mitigation techniques like vulnerability scanning, penetration testing, server hardening, and patch management,” he explains.
Malicious actors continue to employ a wide range of scams to try to gain access to valuable data and corporate assets. Phishing, smishing, and vishing are common methods of attack, but malware is becoming a popular choice as cyber villains look beyond everyday IT infrastructure to more complex OT ecosystems in sectors as diverse as retail and industrial manufacturing.
“The EKANS ransomware used against Honda earlier this year is a case in point,” Du Plessis says, referencing the sophisticated malware that targeted the auto-maker’s industrial control systems and affected production lines in Europe, Japan, and the United States. “It’s absolutely critical for modern enterprises to establish cybersecurity practices that include all web-enabled processes, not only traditional IT,” he advises.
Security should be built in from the ground up and across the board, concurs Malherbe. “There’s a duality to the internet that you need to remember: it connects you to the world and it connects the world to you. Every web-facing resource, from your homepage to your e-commerce store, is exposed to a degree of risk. When you understand that, then you can take action to protect your assets while you reap the rewards of doing business on the web,” he says.
“Cost, convenience, and customisation potential are all factors pushing local businesses to explore some kind of online presence,” continues Malherbe, adding that First Digital has seen a dramatic increase in the number of clients asking for e-commerce solutions in recent months. The trend, he argues, can be attributed to the prevailing market conditions as well as the changing behaviour of tech-savvy consumers.
“Even before the movement restrictions imposed during the COVID-19 lockdown, brick-and-mortar stores and shopping malls had started to feel the ripple effect of our stagnant economy: dwindling foot traffic, conservative spending, and tougher competition for every available rand. On top of that, there’s growing consumer demand for personalised, intuitive retail experiences. More and more, we’re seeing brands turn to e-commerce to drive sales and boost shopper engagement,” he says.
Modern enterprises need to establish cybersecurity practices that include all web-enabled processes, not only traditional IT, advises BUI CISSP Neil du Plessis.
Business-to-consumer enterprises aren’t the only ones taking advantage of web-enabled technology. In the business-to-business space, bespoke trading platforms and vendor portals are being deployed to enable broader collaboration, integration, and co-operation. Greater functionality, however, demands greater security measures, reiterates Du Plessis. “Several high-profile cyberattacks have been linked to human error, or the misconfiguration of IT resources, or inadequate security controls. In B2C and B2B companies, cybersecurity strategy needs to be prioritised to help safeguard data, applications, infrastructure, and users,” he says.
BUI and First Digital have partnered on several projects to deliver secure solutions to local organisations. “I think customers understand the value of such engagements, especially given our complementary disciplines,” says Malherbe, citing a recent piece of work for Korbicom that drew on both teams’ expertise. “First Digital was brought in to provide Azure support, and BUI came on board later to perform penetration testing. The result was an intensive review of Korbicom’s web application, from architecture through to security,” explains Malherbe.
Korbicom’s application architect, Shaun Rust, was pleased with the results. “As a niche software development company, Korbicom creates custom solutions for clients in the legal sector, the insurance industry, and the financial services industry. Understandably, security and compliance are particular concerns. Our consultations with First Digital and BUI revolved around the functionality and security of a newly developed application, and their advice and assistance was very much appreciated.”
South African companies have to be prepared for sustained and increasingly sophisticated cyberattacks designed to compromise web-facing assets. “If you collect customer data through your website, or payment details through your e-commerce store, then you’re a potential target because sensitive information like that is valuable to somebody, somewhere,” cautions Du Plessis. “It doesn’t matter how big or small you are: data is a commodity. And I think we’ve all seen enough headlines to know that it is being bought and sold worldwide. The protection of your online business environment has never been more important than it is today,” he says.
Malherbe feels the same way. “If you don’t put adequate defences in place, then your enterprise is exposed, vulnerable, and at risk. You cannot afford to be in that position when the threat landscape changes by the minute. You have to make cybersecurity a priority – from day one, and every day after that,” he concludes.
A version of this article was published by First Digital, a fellow First Technology Group company specialising in application development, business process management, enterprise content management, integration, and managed services. Connect with First Digital on LinkedIn, Facebook, Twitter, and YouTube, or visit www.firsttech.digital to learn more.
Our state-of-the-art cybersecurity facility is backed by world-class Microsoft security technology, including Azure Sentinel – Microsoft’s cloud-native security information and event management software.
The BUI Cyber Security Operations Centre is the first of its kind in Africa. It is staffed 24 hours a day, seven days a week, by certified security specialists who can help you to safeguard your critical business assets.
It’s official! BUI has been named a Microsoft Azure Expert Managed Services Provider (MSP). We’re extremely proud to be the first South African company to achieve this distinction, which is currently held by only a select group of Microsoft Partners worldwide.
The Microsoft Azure Expert MSP programme recognises Microsoft Partners with the proven expertise and capability to deliver the highest quality of managed end-to-end Microsoft Azure cloud services, from initial planning and design through to implementation, operation, and optimisation.
“This is a fantastic achievement for BUI and a win for our customers,” says Managing Director Ryan Roseveare. “This is an acknowledgement of our skills and competencies around Microsoft Azure and benefits our company and our customers. It shows that we are in the top tier of globally recognised Microsoft Partners, and that we are highly successful when it comes to managing modern cloud environments. As more and more South African businesses explore cloud-based solutions, the need for Azure specialists grows. We’re proud to rank among the best, and to support local companies.”
Roseveare’s sentiments are shared by Technical Director Willem Malan: “Now, more than ever, I think customers are looking for the best partners to support them through digital transformation. We have attained Microsoft Azure Expert MSP status and that is certainly a validation of our abilities, but more importantly, it’s an assurance for our customers. It shows that we’re equipped to provide truly world-class service, and to deliver Azure cloud services at scale for enterprises across the board.”
To participate in the Azure Expert MSP programme, Microsoft Partners must meet stringent requirements defined by Microsoft and independently evaluated by third-party auditors.
“The process is rigorous,” explains Malan. “Our teams have been assessed on everything from technical aptitude to customer deliveries, and we’re delighted with the positive feedback received. We’re fortunate to have so many talented, passionate people who are committed to delivering business value for our customers,” he says.
“We congratulate BUI on their Azure Expert MSP recognition and look forward to working alongside them, to help more customers make the move to the cloud as a critical enabler of digital transformation. It is a digital transformation journey that for many has accelerated exponentially, as the need for remote working has increased. Our partners are a cornerstone of the Microsoft ecosystem, now more than ever, as we navigate towards a post COVID-19 business landscape that creates hybrid workplaces that are secure, cost efficient and streamlined,” says Lillian Barnard, Managing Director of Microsoft South Africa.
“We’re honoured to have earned this prestigious accreditation, and we look forward to helping more customers benefit from the security and scalability of Microsoft Azure,” concludes Roseveare.
Managing cybersecurity for an increased remote workforce requires careful consideration of the people and protocols throughout your business.
South Africa’s nationwide COVID-19 lockdown has made remote work a business necessity. And while you may have supported a handful of work-from-home employees before the pandemic, a rapid transition to a fully remote workforce is likely to test your capabilities. There isn’t a one-size-fits-all solution when you pivot from a traditional, physical hub to a virtual workspace, but there is one critical concern that should guide your actions: cybersecurity.
Effective cybersecurity requires both visibility and control. When your day-to-day business operations are centralised, it’s simpler for IT personnel to safeguard data and resources. They’re able to monitor networks, supervise hardware and software usage, and help govern employee behaviour to insulate your company from cyberthreats. They’re gatekeepers and guardians with defined perimeters, 360-degree views, and the power to manage endpoints and end users alike.
But what happens when your employees have to work remotely from their homes? What happens when they use household wi-fi, personal devices, and public applications to keep in touch with colleagues and complete job-related tasks? And what happens to your corporate security posture when it’s suddenly linked to domestic ecosystems that you cannot see and do not own?
The digital landscape has been changed by COVID-19. The threat landscape has been changed as well. One of the biggest challenges for cybersecurity teams right now is the protection of remote workers (and workloads) in a fluid environment where the risks have been greatly amplified by the current social and economic circumstances. While businesses are grappling with the coronavirus fallout on all fronts, cyberattackers are looking for novel ways to exploit systemic vulnerabilities and individual fears. Security measures that factor in technological and human considerations are more important than ever before. You need to look at your protocols and your people as you adjust your defensive strategy for the continuing lockdown, and the future beyond it. Our remote-work checklist will help you to close the gaps and strengthen cyber hygiene…
Few organisations were equipped to transform their employees into remote workers at the pace required for sustained productivity after South Africa’s lockdown announcement in March. Travel limitations and retail restrictions also made it difficult to purchase new corporate hardware for personnel to use at home. As a result, there are several remote-work scenarios in play: staff using company-owned devices; staff using their own devices; staff using borrowed devices from friends and relatives; or a combination of these.
A comprehensive policy that outlines the terms and conditions of remote access to corporate resources, as well as the roles and responsibilities of everyone involved, can reduce the risk of costly disputes in the event of a security incident. Your business may also have additional legal obligations regarding the handling of personally identifiable information and intellectual property in such circumstances, and you may need to consult an expert for guidance on the applicable local and international laws.
Make sure that your employees understand the importance of system updates, program updates, and software patches as part of a healthy cybersecurity routine – and be prepared to offer additional support to those who do not usually perform these tasks on their own.
You can also put device maintenance and protection under your corporate umbrella with a cloud-based endpoint management platform like Microsoft Intune, which gives you the ability to manage and secure company-owned and employee-owned Android, iOS, Windows, and macOS devices.
Check that all devices used by remote workers have adequate firewalls and up-to-date antivirus software installed. This is particularly important for the smartphones, tablets, and laptops that employees use personally and professionally.
Windows 10 has Windows Defender Antivirus built in, and if your IT teams are monitoring endpoints with Intune or a similar solution, then you may have additional functionality to improve the cyber safety nets around remote devices.
Your employees’ home office environments may be shared by their spouses, partners, children, roommates, or even tenants. And their home networks may support web-enabled appliances like smart TVs, or IoT automation systems like lighting control, or wearable technology like fitness trackers, in addition to their own portable devices. Every connected item is a potential gateway for cyberattackers.
You can buffer corporate resources against this wider threat landscape by enforcing the use of Virtual Private Networks (VPNs) and remote desktop applications. Make sure that remote workers do all they can to safeguard their home wi-fi routers as well, in terms of physical security (making it tamper-proof) and cybersecurity (changing its default password out of the box).
Implementing multi-factor authentication will help you to maintain control over core system access and protect sensitive business data. The extra steps that remote users have to take to verify their identities are essential security checkpoints for your organisation – and additional obstacles for malicious actors.
Phishing attacks are increasing as cybervillains move to exploit the public demand for coronavirus-related news and information. And you may already know that around 80% of data breaches are linked to compromised, weak, or reused passwords. Enabling MFA can help you to secure every employee login, no matter where the employee is located.
You have to account for the fact that technical aptitude differs from person to person, and that remote work in itself may be daunting for employees who are more comfortable in a communal office where the IT department is a few metres away. Make sure remote staff know who to contact for everyday troubleshooting and emergency intervention, so that they don’t have to look for workarounds and quick fixes that could compromise their cybersecurity, and by extension, your company’s as well.
SEE HOW WE DO IT | Step inside the BUI Cyber Security Operations Centre
The COVID-19 pandemic may have pushed you to explore remote productivity earlier than you’d planned – but if you make cybersecurity the guiding principle for your remote workers today, then they’ll be better prepared to face the digital environment of the future.
We’ve embraced the idea of the modern workplace, and we’ve helped many of our customers to do the same. Neil du Plessis, our cloud solutions security architect, will discuss rapid deployment for remote work in our webinar on 27 May 2020.
He’ll be covering key areas including secure connectivity, secure collaboration, and business productivity options for small and medium-sized enterprises, with a special focus on Microsoft Teams.
Ryan Roseveare remembers walking through a Sandton shopping mall with a cellphone in his hand and hearing hushed chatter from the people behind him. “Look, that guy’s got one of those new cellphone thingies,” someone had whispered in amazement. It was the dawn of the new millennium. The world was still getting used to novelty items like mobile phones. Facebook, Twitter, and LinkedIn were on the distant horizon. And digital technology was evolving at an unprecedented speed.
In the year 2000, Roseveare and his good friend, Willem Malan, were working at an IT firm that was struggling to adapt after a takeover. “We saw a very dynamic business deteriorate into a complete mess. It became very clear very quickly that the focus was on the stakeholders instead of the people.”
As the corporate carnage continued, Roseveare and Malan weighed their options. “We knew we didn’t want to do mundane IT. And we knew we wanted to put people first. We soon realised that starting our own business was the best thing to do,” he says. And so, BUI was born.
They started small and focused on their strengths, gradually building up a customer base in Johannesburg before taking on projects from around the country. It was a year before they could afford to move the business out of Roseveare’s house and into a corporate space. But the lessons learned in those first 12 months proved invaluable, and Roseveare believes their success comes down to five key factors…
Johannesburg had been BUI’s main hub since inception, but satellite staff had been supporting customers elsewhere, too. With increasing demand in the Mother City, and a desire to broaden the company’s range of solutions, Roseveare approached Living Tech, a leader in managed services. “We were looking to establish a hub in Cape Town, and we were also looking to expand our capabilities,” he explains.
The acquisition of Living Tech ticked both boxes: BUI gained a metropolitan office in the Cape and a new business arm to leverage in service of a growing customer base. Roseveare was determined to make the integration as smooth as possible for Living Tech employees. “For two years, we didn’t change anything. We didn’t even change the coffee!” It was a thoughtful approach that created an opportunity for new faces to become familiar ones, and for teams to learn each other’s rhythms and routines. And it worked. “We have a very close-knit community,” he says.
BUI’s expansion and continued success didn’t go unnoticed. “We had multiple corporates courting us, trying to purchase us, and we turned down a lot of offers,” confesses Roseveare, adding that he and Malan had similar concerns about BUI losing its unique identity. It was a proposal from First Technology Group CEO Arnold Sharp that finally made them reconsider.
“When Arnold came to us, he understood who we were, what we were doing, and how we worked – and he didn’t want to change us. He wanted us to retain our independence, but benefit from belonging to a bigger family,” remembers Roseveare. BUI joined the First Technology Group in 2015. “It was a positive move. It’s given us more strength, more credibility, more reach, and an ally who appreciates our philosophy.”
Being part of the First Technology Group also enabled greater collaboration within the local IT industry. BUI has had a strategic relationship with Ascent Technology since 2017. It’s an accord that Roseveare attributes as much to their shared mission as to their shared status as First Technology relatives. “I think we’re kindred spirits, as far as businesses go. And our agenda is the same: to transform our customers’ IT, modernise them, and make them secure. It makes sense for us to work together to deliver more value to the people we serve.”
Delivering value to customers is one of BUI’s fundamental principles, and technology vendors and partners have always been chosen with this core tenet in mind. “If you’re going to pin your flag to someone else’s mast, then you better choose wisely,” advises Roseveare. “We’ve been selective. We’ve chosen good partners, and good platforms, and we’ve got it right the first time.”
Going all-in with Microsoft was a key decision, and a natural one. “It was a Microsoft world when we started BUI. That worked in our favour, because we knew the market and we had the expertise. But we also saw how technology was changing society. We knew we’d have the chance to innovate alongside one of the most innovative companies in the world,” says Roseveare.
BUI also has longstanding relationships with Cisco and Palo Alto Networks. “For us, end-to-end consulting means having advanced capabilities,” explains Roseveare. “It means knowing which complementary products and services would best suit a customer’s needs. And it means mastering the skills required to develop seamless, integrated solutions.”
Aptitude is important, says Roseveare, but attitude is paramount. “We’ve got an eclectic bunch of individuals here, and our offices are open, interactive places. We talk, we share, and we encourage friendly rivalry. But there’s a golden thread in our business: everyone has the same drive, and the same passion to be the best.”
The company culture is something that Roseveare set out to establish from Day 1. Working from the spare room of his Parkhurst home, he had the dual responsibilities of new parent and new business owner. Malan, likewise, was balancing his home life with the demands of entrepreneurship and a commute of more than 100km every day. “He used to spend half his salary on petrol and the other half on food,” chuckles Roseveare. “It took a lot of energy, but we did it. We planned, we prepared, and we executed.”
Their personal experiences informed their team-building techniques over the years. “We’ve built a people-focused business with a specific culture around agility, flexibility, excellence, and positive outcomes – for BUI and for our customers,” explains Roseveare. The results speak for themselves: dozens of elite technical specialists; a trophy cabinet full of industry accolades; and an enviable list of clients in diverse sectors. “We’re just warming up,” he quips.
BUI will continue to focus on managed cloud services, cyber security and networking, especially in the local market, where skills shortages remain a challenge for even the largest enterprises. Roseveare is also committed to expanding the company’s footprint internationally.
“We’re putting a lot of focus into growing our customer base in sub-Saharan Africa,” he says, adding that cloud-centric solutions make sense in developing countries where infrastructure and capacity constraints may be obstacles to productivity.
He has similar plans for the BUI base in the United States, but he’s being purposefully methodical about scaling up in a foreign environment. “We’re ambitious about our growth. We do want to become a truly global business. But first, we need to make sure that what we’re doing here can be replicated successfully overseas.”
After 20 years at the helm, Roseveare has every confidence in BUI – and his team. “The people in this company… They’re the ones waking up at dawn to solve problems for customers. They’re putting everything they have, and more, into making BUI a success. Without them, nothing would happen. It’s that simple.”
