Cyber April 2024 Edition

WWW.BUSINESSMEDIAMAGS.CO.ZA

TELEMATICS

Connectivity that enables smarter fleets

MANAGING PAYMENT

SECURITY

Keeping pace with changes

TELEPHONY SECURITY

Is your work telephone secure?

ARTIFICIAL INTELLIGENCE

From supercomputer to smartphone

YOUR NEXT DELIVERY MIGHT BE ELECTRIC SEARCHING GETS SMARTER

Strategies to fend off

CYBERTHREATS

Redefining how we live, work, and play

Today’s rapid technological innovation is transforming how we live and work. In this issue of Cyber, we explore the latest advancements shaping the digital world. We dive into the democratisation of artifi cial intelligence impacting consumers through powerful creative tools and on-device features, and how the no-code revolution is empowering citizen developers to create custom software without complex coding. Additionally, we look at how the environmental imperative is driving sustainability innovation across industries. We also examine the next frontiers reshaping the web, from virtual realms to decentralised architectures. As technologies advance, they present opportunities to solve global challenges but also complex ethical dilemmas. At Cyber, we’re committed to providing insights into the technologies shaping our world and embracing the opportunity to build a better future.

Brendon Petersen, Editor

Contents

6 STRATEGY

Seeking the best strategies to fend off cyberattacks is fast becoming critical.

7 GLOBAL NETWORKS

Moving your business to the cloud makes sense.

8 CONSUMER TECHNOLOGY

In the realm of technology, few developments have captured the public imagination quite like artificial intelligence.

14 BANKING SECURITY

As artificial intelligence revolutionises finance, so too does it cybercrime.

20 SUSTAINABILITY

While the drive for sustainability was initially a top-down approach, a shift has occurred.

26 ARTIFICIAL INTELLIGENCE

Combining CTEM and AI is a powerful strategy for limiting cybersecurity risk.

27 CLOUD COMPUTING

30 LARGE LANGUAGE MODELS

AI isn’t here to take your job; it’s here to change your entire online reality – one prompt at a time.

34 CODING

How the no-code revolution is helping to deliver simplified yet advanced solutions for businesses.

38 CYBERSECURITY

Zero trust is becoming a strategic imperative for South African SMEs.

39 TELEPHONY

Is your telephone system safe? How you could inadvertently be giving hackers the keys to the kingdom.

40 ELECTRIC VEHICLES

You shouldn’t be surprise to see electric delivery vehicles in your neighbourhood in the next few years.

42 TELEMATICS

Embracing the future of mobility is crucial for fleet managers to thrive in this new technologically driven era.

43 PAYMENTS

Keeping pace with rapidly evolving tender types that bring with them massive cost and complexity considerations, plus added security and compliance risk. 20

As innovation continues to press forward, it is essential that businesses keep pace with technological advances.

Developing an effective cybersecurity strategy

Seeking the best strategies to fend off cyberattacks is fast becoming critical, writes JAN BOUWER , chief solutions officer at BCX

Arecent report by cybersecurity

fi rm Check Point reveals that over the past six months, on average, a typical South African organisation was targeted by cybercriminals

1 001 times. The shocking statistic demands that local organisations adopt a proactive approach to cybersecurity to mitigate these intensifying risks effectively.

The Council for Scientifi c and Industrial Research states that South Africa is the most targeted nation in Africa for these cyberattacks and places eighth globally. This calls for South African organisations, in both the private and public sectors, to rethink their security postures and make more investments in cybersecurity.

Security starts with strategy

Developing a comprehensive cybersecurity strategy is crucial for organisations to protect their information, systems and assets from cyberthreats. This involves a systematic and proactive approach to managing cybersecurity risks and ensuring the confidentiality, integrity and availability of critical information.

A well-crafted cybersecurity strategy is essential for organisations to effectively address the dynamic and evolving nature of cyberthreats. It provides a roadmap for implementing and maintaining security measures, managing risks, and responding to incidents in a timely and efficient manner.

While adopting such a strategy is crucial for safeguarding an organisation’s assets and

data, there are several challenges that may arise during the implementation process. These can vary depending on the size of the organisation, its industry and the complexity of its IT infrastructure.

As an example, many organisations, especially smaller ones, may face resource constraints, including budget limitations and a shortage of skilled cyber security personnel. This can hinder the implementation of robust security measures.

An evolving threat landscape

Cyberthreats are continually evolving, and attackers often develop new techniques to exploit vulnerabilities. Thus, staying ahead of these threats requires continuous monitoring, assessment, updating and adaptation of security measures, along with collaboration across different departments within the organisation.

Organisations can benefit from instituting regular awareness programs for employees regarding cybersecurity best practices. Training sessions and simulated phishing exercises can significantly reduce the risk of successful attacks stemming from human error or negligence.

Consideration must also be given to the various regulatory frameworks governing cybersecurity, both locally and internationally. Compliance not only ensures legal adherence

but also often provides valuable guidelines and best practices for bolstering cyberdefences.

Additionally, seeking external expertise and staying informed about the latest cybersecurity trends and technologies can contribute to a more resilient cybersecurity posture.

How technology can help

Amid these escalating cyberthreats, emerging technologies such as artificial intelligence (AI) are being used to mitigate risks. AI plays a crucial role in enhancing cybersecurity by providing advanced capabilities for threat detection, prevention and response.

Recent research shows that AI-powered risk analysis can produce incident summaries for high-fidelity alerts and automate incident responses, accelerating alert investigations and triage by an average of 55 per cent.

The report adds that AI models can help balance security with user experience by analysing the risk of each login attempt and verifying users through behavioural data, simplifying access for verified users and reducing the cost of fraud by up to 90 per cent. Moreover, AI systems help prevent phishing, malware and other malicious activities, ensuring a high security posture.

Nonetheless, implementing AI in cybersecurity requires ongoing training and adaptation of models to keep pace with evolving threats. It’s often most effective when integrated into a comprehensive cybersecurity strategy that combines AI-driven solutions with human expertise.

Training sessions and simulated phishing exercises can significantly reduce the risk of successful attacks stemming from human error or negligence.

Moving your business to the cloud

The cloud has never been more accessible or affordable for businesses of any size, writes BRETT RUSSELL , head of product and business development and chief information security officer at MetroFibre

While moving to the cloud is an obvious next step when scaling your business IT ecosystem, there are important considerations around the implications of on-premise versus cloud security, as well as the connectivity needed to make the migration successful.

Security considerations

Cloud security refers to the various solutions and features that data centres offer to providers/end-users and includes the likes of access management, data recovery, backup options, legal compliance and risk management. Essentially, all of the company’s applications are hosted off site and you need an internet connection to access them remotely. This approach offers centralised visibility, 24/7/365 monitoring and regular

DID YOU KNOW?

MetroFibre Networx owns and manages South Africa’s first globally compliant Carrier Ethernet 3.0 open-access fibre network, which improves access, scalability and reliability for clients, and connects more than 60 cloud, application, voice and internet service providers with their customers.

vulnerability assessments, with a proactive and iterative approach to security monitoring. On the downside, a server downtime can shut down your operations.

One of the most crucial factors in implementing cloud solutions is the quality of the internet connection, backed by a business service-level agreement that includes failovers and diverse paths.

GLOBAL MEF COMPLIANCE MAKES A BIG DIFFERENCE

The Carrier Ethernet 3.0 (CE 3.0) programme is a Metro Ethernet Forum (MEF) framework through which service providers and equipment vendors in any geography can demonstrate their compliance with globally recognised MEF Carrier Ethernet service specifications.

On-premise security comprises security measures and the on-premise software run on a company’s hardware infrastructure locally. It does impose higher operational costs as you own the physical equipment, and must monitor and manage the environment on a 24/7 basis. On-premise solutions also require teams to initiate security assessments and testing manually – far from ideal.

The decision between on-premise and cloud security depends entirely on your business needs, budget and the control you want over your data. Some businesses may want to secure mission-critical data but avoid the capital outlay and ongoing costs of owning physical infrastructure and maintenance, and thus prefer cloud security solutions. Other types of data and sensitive information may be subject to industry regulations, in which case hosting data in the cloud, along with international data laws, may prove problematic, making on-premise security the preferred solution.

The importance of a quality fibre connection

One of the most crucial factors in implementing cloud solutions is the quality of the internet connection, backed by a business service-level agreement that includes failovers and diverse paths. Because of its high capacity, reliability, security and relatively low cost, fibre internet connectivity provides the connection over which cloud connectivity takes place. Transferring data between users and the cloud is a bandwidth-hungry animal, requiring a connection like fibre that can carry trillions of bits per second, with symmetrical upload and download speeds and uncontended lines, able to move the vast amount of traffic over the internet to and from your cloud host with the minimum of latency.

From supercomputer to smartphone

In the realm of technology, few developments have captured the public imagination quite like artificial intelligence, writes

Once the domain of tech giants and enterprises with deep pockets, artificial intelligence (AI) is rapidly becoming ubiquitous in consumer electronics. Like the rise of digital photography before it, AI’s migration from niche to normalised is being driven by the confluence of cutting-edge hardware, advanced algorithms and open-source frameworks.

At the forefront of this AI revolution are companies like Samsung and MediaTek, which have been instrumental in bringing advanced AI capabilities to consumer electronics.

Driven by innovation

“AI has advanced rapidly due to the convergence of a range of factors,” explains Rami Osman, director of corporate sales, MEA, at MediaTek Inc. “One major contributor is the dramatic advances in chipset technologies, particularly with the integration of dedicated AI processing units (APUs) that are designed to handle AI tasks efficiently, enabling faster and more complex computations.” Chipset innovation has been critical, allowing for the development of energy-efficient yet powerful

processors that can run AI workloads on mobile devices with reasonable battery life.

The advent of specialised AI hardware has been a game-changer, allowing companies like MediaTek to develop energy-efficient chipsets capable of running complex AI models on consumer devices. MediaTek’s next-generation APU architecture, featured in the Dimensity 9300 chipset, incorporates a hardware generative AI engine, enabling faster and safer edge AI computing.

“Our chip takes less than a second to generate a Stable Diffusion image and can run 7 billion-parameter AI models at 20 tokens per second,” says Osman. “It can also run 13 billion parameter models and up to a maximum 33 billion parameters with reduced tokens per second. It offers a future-proof platform as generative AI matures and models become larger and more complex.”

More than just chips

Hardware is just one piece of the puzzle, however. Software algorithms and open-source frameworks like TensorFlow Lite and PyTorch Mobile have also played a crucial role in democratising AI and enabling its proliferation across consumer devices.

Justin Hume, vice president for mobile eXperiences at Samsung South Africa, says: “Typically, it’d been working behind the scenes in various forms with photography and the like. I’m going to give credit to the likes of ChatGPT, Bard when it was called that (prior to Gemini) and the like, which resulted in an inflection point where suddenly AI burst into the consumer space, in a very visible way, thanks to large language models and that type of thing.”

This convergence of cutting-edge hardware and software has enabled a new wave of AI-powered features in consumer devices, from real-time translation and personalised recommendations to smarter digital assistants and generative AI capabilities like image generation, text summarisation and more. “Suddenly, we could do something with AI that was quite practical,” says Hume. Capabilities that were once confined to the enterprise are now making their way into the hands of consumers worldwide.

Yet, as AI capabilities grow, so too do concerns about energy efficiency and battery life. Both Samsung and MediaTek are acutely aware of this challenge, with Osman highlighting MediaTek’s efforts to optimise for power efficiency: “Our next generation APU 790 AI processor in the MediaTek Dimensity 9300 is designed to improve generative AI performance and energy efficiency significantly. It doubles the integer and floatingpoint operations performance, while reducing power consumption by 45 per cent compared to our previous generation.”

Spreading its wings

AI’s impact on consumer electronics stretches far beyond just smartphones and chipsets. “Samsung takes those and brings them into singular devices that can be utilised either by and of themselves or in collaboration

“Our goal is to drive continuous innovation at the high end of the market, then rapidly make the latest advances available to mid-range and entry-level markets.” – Rami Osman

with multiple others,” says Hume, “so that synchronicity across devices can further break down barriers.” AI capabilities are rapidly integrating into products across Samsung’s portfolio, from smart TVs and home appliances to automotive solutions, wearables and more.

Osman says MediaTek is working in the automotive space: “We have added generative AI and large language models to our automotive chips to provide an alternative interface to automotive touchscreens. Our solution offers a safer alternative to using physical touch screens while driving, as well as faster responses and better privacy compared to cloud-only voice assistants.”

As these powerful AI capabilities trickle down to more affordable devices across different product segments, both Samsung and MediaTek are working to democratise AI and make it accessible to a wider range of consumers. “Our goal is to drive continuous innovation at the high end of the market, then rapidly make the latest advances available to mid-range and entry-level markets,” says Osman. MediaTek specifically

designs its hardware and software with compatibility in mind, providing “unified SDKs and APIs that enable developers to write code once and deploy it across different hardware platforms,” adds Osman.

Safety and support

But with great power comes great responsibility. As AI capabilities permeate consumer tech products, critical concerns around safety, security and ethics have come to the forefront. Hume acknowledges this: “I think it’s a developing field – companies need these forums, councils and third-party governance structures that give oversight to ensure we are proceeding on an ethical basis.”

Both Samsung and MediaTek are taking steps to introduce safeguards and guardrails. Samsung, for example, is implementing measures such as watermarking AI-generated images to distinguish them from reality. The company is also giving users granular control over what data is shared versus kept on-device. “We give you flexibility,” says Hume. “If it is going to allow you

“Companies need these forums, councils and third-party governance structures that give oversight to ensure we are proceeding on an ethical basis.” – Justin Hume

certain capabilities, you also don’t want it to be completely open and without any restraints.”

Racing forward

Osman says MediaTek is investing in robust developer tools and AI software infrastructure: “MediaTek NeuroPilot is a set of software tools and APIs for developing efficient AI applications on our platforms, supporting common frameworks like TensorFlow and PyTorch.” This type of comprehensive tooling allows MediaTek’s hardware partners to iterate quickly and push updates to AI capabilities without being overly constrained by mobile bandwidth or on-device storage.

As AI’s migration from enterprise to consumer races forward, trailblazers like Samsung and MediaTek are clearing the path. While pushing the boundaries of what’s possible with on-device AI, these companies are also grappling with the complex safety and ethical challenges that come with unleashing such powerful technological capabilities into the hands of consumers worldwide. The beneficiaries will be consumers themselves, as AI becomes an ever more integrated and indispensable part of daily life, transforming how we interact with devices and the world around us.

Bolstering cybersecurity imperative for financial institutions

As artificial intelligence revolutionises finance, so too does it cybercrime. BRENDON PETERSEN investigates how banks can stay head

The digital age has ushered in a golden era for financial services, with innovation and convenience driving a surge in online transactions. However, this interconnected landscape also presents a formidable challenge: cybercrime. As cybercriminals become more sophisticated, financial institutions find themselves on the front lines of a relentless battle to safeguard customer data, critical infrastructure and the very fabric of the global financial system.

The stakes have never been higher, as evidenced by the staggering findings of the X-Force Threat Intelligence Index 2024 released by IBM. The report paints a grim picture of an “identity crisis” plaguing enterprises worldwide, with cybercriminals exploiting user identities to compromise systems. In the Middle East and Africa region, a staggering 52 per cent of cyberattacks were initiated through valid local accounts, while 48 per cent exploited valid cloud accounts. This alarming

trend underscores the urgency for financial institutions to fortify their identity and access management protocols.

The financial implications of such breaches are severe, with the Cost of a Data Breach Report 2023 by IBM revealing that incidents caused by stolen or compromised credentials require an average of 11 months to detect and recover from – the longest response life cycle of any infection vector. This prolonged recovery period not only incurs substantial financial losses but also erodes consumer trust, a cornerstone of the banking industry.

Intelligent threats, proactive responses

As the threat landscape evolves, financial institutions must brace themselves for the

RISE OF AI-POWERED ATTACKS

The potential applications of AI in cyberattacks are vast and deeply concerning. Attackers could leverage AI for:

• Social engineering: AI-powered bots can mimic human interaction patterns, crafting personalised emails and messages that manipulate victims into revealing sensitive information or clicking on malicious links.

• Vulnerability identification: AI algorithms can scan vast amounts of data to identify weaknesses in software and network configurations at an unprecedented speed. This allows attackers to target vulnerabilities more efficiently and exploit them with greater precision.

• Automated malware generation: AI can be used to automate the creation of new malware strains, making it difficult for traditional antivirus software to detect and prevent them. AI-powered malware could also be designed to adapt and evolve, making it even more challenging to contain.

integration of artificial intelligence (AI) into cybercriminal tactics. The X-Force report highlights over 800 000 posts on AI and ChatGPT across dark web forums in 2023, signalling criminals’ keen interest in leveraging these technologies to optimise their attacks. This looming challenge necessitates a proactive stance, where financial institutions embrace AI-powered solutions not merely as a choice but as a necessity to fortify their defences against the impending wave of AI-augmented cyberthreats.

Recognising the gravity of the situation, industry leaders are sounding the alarm and offering actionable recommendations. IBM’s X-Force report urges organisations to reduce their blast radius by implementing solutions that mitigate the potential impact of a security incident. This includes implementing a least privileged framework, network segmentation, and an identity fabric that extends modern

Regular drills and cross-organisational collaboration, including stakeholders outside the IT domain, can significantly reduce response times and enhance communication during a cyberincident.

security and detection capabilities to legacy applications and systems.

Furthermore, it is crucial to stress-test environments and have comprehensive incident response plans tailored to specific organisational needs. Regular drills and cross-organisational collaboration, including stakeholders outside the IT domain, can significantly reduce response times and enhance communication during a cyberincident.

As financial institutions navigate the treacherous cybersecurity landscape, they must also prioritise the secure adoption of AI. IBM’s comprehensive Framework for Securing Generative AI provides a blueprint for organisations to prioritise defences based on the highest risk and potential impact. Securing the underlying training data, models and their inferencing, as well as the broader infrastructure surrounding AI models, is paramount to mitigating the risks posed by these sophisticated and powerful technologies.

Digital resilience

The importance of cybersecurity extends beyond individual institutions and has far-reaching implications for the global financial ecosystem. As Jason Cao, Huawei’s CEO of digital finance business unit, emphasised recently at Mobile World Congress Barcelona 2024, resilience is the foundation for everything in the digital world. To boost intelligence and accelerate the development of intelligent financial services, resilience must be redefined and consolidated.

INDUSTRY SOLUTIONS AND COLLABORATION

Several companies are developing solutions to address the challenges of cybersecurity and secure AI adoption in finance.

• IBM: Their X-Force report offers valuable insights into emerging threats and recommends strategies like “blast radius reduction” through least privilege frameworks, network segmentation, and identity fabrics.

• Red Hat: The OpenShift AI platform provides a foundation for collaboration between data scientists and developers, enabling the secure and scalable deployment of AI across an organisation.

COLLABORATION IS CRUCIAL IN THE FIGHT AGAINST CYBERCRIME

Information-sharing platforms allow financial institutions to share knowledge about new threats and attack vectors, while public-private partnerships bring together governments, cybersecurity firms and financial institutions to develop and deploy effective security solutions.

Cao highlighted the need for zero downtime, zero-touch operations, zero-trust security, and zero-wait customer experiences. Achieving these goals requires a multipronged approach, encompassing multi-active architectures, distributed databases, autonomous networks and real-time data intelligence solutions. Huawei’s solutions, such as the next-generation distributed database GaussDB, Autonomous Driving Network 1.0 and multilayer ransomware protection, aim to address these critical resilience challenges.

The convergence of cybersecurity and resilience is essential in the financial sector, where the consequences of a breach can reverberate across global markets and undermine consumer confidence. As Richard Harmon, vice president and global head of financial services at Red Hat, notes: “The financial services industry has been an extensive consumer of advanced analytics for decades. We are now seeing the first inroads into AI-powered solutions that will lead to significant improvements in customer service, operational efficiency and resilience.”

Harmon underscores the importance of consistency and standardisation in frameworks and platforms, advocating for a holistic, centralised experience when training, maintaining, fine-tuning and deploying AI models in production. Such an approach not only protects against failure points but also standardises testing and validation, ensuring compliance with regulatory requirements and facilitating the scalability of AI solutions.

The next step

Looking forward at artificial intelligence in banking, generative AI will be a potent tool for customer servicing and reducing back-office operation burdens, says Steven Huels, general manager of AI business unit at Red Hat. While the immediate impact will be on the bottom line, this wave of AI will also undoubtedly shift the

“We are now seeing the first inroads into AI-powered solutions that will lead to significant improvements in customer service, operational efficiency and resilience.” – Richard Harmon

competitive landscape and be critical to value creation for banks.

However, scaling AI adoption across banking operations poses significant challenges related to product development, data management, compliance, operations, and talent acquisition and training. Trustworthiness will be the cornerstone of successful AI integration, requiring rigorous monitoring for model bias and drift, regular audits and transparency to maintain regulatory compliance.

In this era of financial transformation, success will hinge on forging strong partnerships and embracing adaptable security solutions. Red Hat’s OpenShift AI platform, for example, provides a modern foundation for bringing data scientists and developers together, enabling the scalable deployment of artificial intelligence across organisational silos.

As cyberthreats constantly morph, financial institutions need to be hyper-vigilant and take a proactive approach to fortifying their cybersecurity defences. Embracing cutting-edge technologies, fostering cross-organisational collaboration and adhering to robust security frameworks are no longer optional – they are imperatives for preserving the integrity and resilience of the global financial system. By making cybersecurity and resilience a top priority, financial institutions can build an impenetrable fortress around their data, solidify customer trust and unlock a future brimming with innovation, growth and unshakeable stability.

THE HUMAN ELEMENT IN CYBERSECURITY

While AI plays an increasingly important role in cybersecurity, human expertise remains essential, as does fostering a culture of cybersecurity within organisations. Ongoing training and education programs are crucial to equip employees with the skills to identify and respond to cyberthreats. Training should cover topics such as social engineering tactics, phishing scams and secure coding practices.

SAFE DIGITAL BANKING

A comprehensive guide to the convenience and security features of digital banking with NEDBANK

In the digital age, the banking landscape has undergone a profound transformation, driven by technological advancements and changing consumer needs. The convenience of digital banking, with its 24/7 access to financial services from anywhere in the world, has become an integral part of our daily lives. However, this convenience comes with its own set of challenges, particularly in the realm of cybersecurity. As digital banking continues to evolve, so too do the tactics of fraudsters and cybercriminals, making it imperative for consumers to stay vigilant and informed about the best practices for safeguarding their financial information.

THE EVOLUTION OF DIGITAL BANKING

The transition to digital banking was accelerated significantly by the COVID-19 pandemic, which

saw a surge in online financial transactions as people were confined to their homes. This period of rapid digital adoption highlighted the importance of digital banking platforms in providing critical financial services during unprecedented times. Banks, including Nedbank, responded by enhancing their digital offerings, introducing innovative features to improve user experience while prioritising security.

GREATER SECURITY

Taking a selfie can do more than capture a moment – it can now secure your banking, too.

AT NEDBANK, WE’VE INTRODUCED SELFIE BIOMETRIC VERIFICATION AS A HIGH-TECH SHIELD TO PROTECT YOUR ACCOUNTS.

At Nedbank, we’ve introduced selfie biometric verification as a high-tech shield to protect your accounts. It’s simple: your unique facial features become the key to your banking app. For high-stakes actions, such as updating contact details or boosting transaction limits, a selfie is all it takes. This isn’t just about convenience; it’s about layering security, making it tougher for fraudsters to mimic you.

As biometric verification evolves, your banking app will increasingly rely on your self-portraits to authorise important transactions. It’s a gradual shift that means less time in branches and more time where you want to be.

We’re also tackling the issue of scam artists who charm or scare people into handing over their banking details. Our solution? A move to QR code logins for Online Banking. This cuts out

passwords, reducing the threat of spyware and the burden of memorising and storing complex passwords. With this QR code system, your Money app becomes a gateway granting safe and simple access to your finances.

And when transactions need an extra seal of approval, our in-app Approve-It messages stand guard. Whether you’re making payments, updating your beneficiary list or managing your app settings, you’ll receive a notification. A tap is all it takes to give the green light or slam the brakes on a transaction. Plus, this safeguard follows you around the globe; no need for a South African SIM card as the Money app has you covered wherever you may be.

Keeping a close eye on the devices linked to your banking is essential for safeguarding your finances. An old phone with your banking app is a potential goldmine for fraudsters. It’s crucial to regularly check and manage the devices associated with your Nedbank profile. If a device is lost or has been stolen, act fast - inform the bank, deactivate the Money app, and disconnect any digital wallet tokens on the device.

Stay vigilant against SIM swap scams, too. If you get an unexpected SMS about a SIM swap, it’s red alert time - block the SIM and phone with your mobile provider and notify your bank without delay.

To manage your devices, visit our website and click Log in and select Nedbank ID. Once logged in, navigate through Security settings to take charge of your device management, Approve-It settings and Money app devices.

When it comes to moving money, caution is your best friend. Triple-check details, especially when setting up new payees or making one-time transfers. Our app’s pre-approved beneficiaries feature is a safeguard against mistakes. Plus, you can verify the authenticity of a payment from a Nedbank account within the last 90 days through the Verify Payment option in your online banking.

Enter PayShap, a secure and cashless way to handle transactions. Simply create a ShapID linked to your account and share it – no need to disclose your banking details. But remember that payments to a ShapID are instant and final. Always confirm the recipient’s details, which will be partially visible for your assurance. There’s a current daily limit of R5 000 and R3 000 per transaction with PayShap, but expect those caps to rise in the future.

Navigating the digital shopping space requires more than just a keen eye for deals; it demands robust security for your transactions.

That’s where 3D Secure comes into play for online card payments. It’s an additional check-in

OUR CYBER-CRISIS MANAGEMENT IS ROBUST, WITH PLAYBOOKS READY FOR ANY SCENARIO, ENSURING CLEAR COMMUNICATION WITH REGULATORS, CLIENTS AND OUR WORKFORCE.

step where you, the cardholder, give the green light through your banking app or by entering a one-time password (OTP). Think of it as a digital doorman for your transactions.

Nedbank ups the ante on security with virtual cards. You can have up to five simultaneously, each with a unique card number, CSC (the unique security code on your card), and expiry date. They’re tailor-made for your digital spending, be it on essentials, such as Mr D Food and Uber, or entertainment subscriptions, for example, Netflix. You can even create one for a single purchase and cancel it immediately afterwards, keeping your main account untouched if there’s ever a security breach.

BE ALERT, SAF E GUA R D YOU R INFO R MATION

However, secure digital banking is not just about technological safeguards. Fraudsters are getting crafty, using social engineering to masquerade as trustworthy officials. They play on emotions, pushing panic buttons to phish for your personal data. We’re on the lookout for these schemes, and we’ll share the latest scams and protective tips for online and app-based banking, keeping you one step ahead in the cybersecurity dance. Stay vigilant against vishing, where fraudsters pretending to be bank employees call you to fish for sensitive details. They spin tales of compromised accounts and push you to

“update” your login information – giving them a direct line to your finances. If you’re ever instructed over the phone to change your login details, hang up. It’s a scam.

Remember these cardinal rules to stay secure.

• Keep your secrets: your PINs and passwords are yours alone. No one from Nedbank will ever ask for them – not to reverse a debit order, not for anything.

• Trust your instincts: if a call doesn’t feel right, it probably isn’t. End it, especially if they ask for sensitive information.

• Alertness is key: scrutinise every banking notification. In-app approval for a transaction you don’t recognise? Decline it and alert us. SMS or OTP for something you didn’t initiate? Tell us straight away.

• Beware bait: Nedbank won’t direct you to move your funds for “safety” or alter your login details. Don’t take the bait.

Phishing and smishing traps are everywhere, luring you with emails and texts that mimic official communication only to lead you to a fake website where your personal information becomes their prize. They might bait you with offers that are too good to be true – be it investments with unrealistically high returns, slashed-price goods or no-check loans. If it asks for your personal and banking details, steer clear.

Maintaining the safety of your banking details is crucial. Here are some ways to protect your financial information.

• Link caution: before clicking on any links or attachments from unknown senders, hover over hyperlinks with your mouse to preview the URL. On mobile devices, a long press on the link will reveal the full URL without opening it. This can prevent you from visiting fraudulent websites.

• Input safety: when accessing a website via a link received in an email or SMS, resist the urge to enter your banking credentials or card details. This includes your PIN, card expiry date, and the CVC – the unique security code on your card. These sites could be phishing attempts aiming to capture your sensitive information.

• Smart shopping: exercise caution on websites offering items at extremely low prices, especially if the terms and conditions (T&Cs) conceal subscription traps or recurrent monthly charges. It’s always best to thoroughly read the T&Cs before making a purchase.

• App updates: regularly update your banking app to the latest version available. This ensures you have the latest security features and performance improvements.

• Device protection: install up-to-date antivirus software on all your devices to fend off malware and other threats. Additionally, keep your operating system current by installing updates and security patches as they are released.

• Avoid public terminals: refrain from conducting banking transactions on public computers, such as in libraries, internet cafes or hotels, and avoid using public wifi networks for banking, as they may not be secure and could expose your financial data to cybercriminals.

STAY VIGILANT AGAINST VISHING, WHERE FRAUDSTERS PRETENDING TO BE BANK STAFF CALL YOU TO FISH FOR SENSITIVE DETAILS.

Be alert to the latest con known as the selfie scam. In this ruse, swindlers, masquerading as retail store staff, dangle the bait of free vouchers. To supposedly activate the voucher, they request your ID number and ask you to take a selfie. Unsuspecting clients think that they’re signing up for a promotion, but the fraudster’s real game is to register the client’s banking app on their device. The scammers then coax the client into unlocking their phone, swiftly approve the app registration for themselves, and make off with access to the client’s bank account – the free voucher being nothing more than an empty promise.To shield yourself from such scams:

• Verify promotions: before engaging in any store promotion, double-check with the store directly to confirm the offer is legitimate.

• Personal data is private: never divulge personal information, such as your ID number, to anyone you don’t fully trust, and don’t let them photograph you for a so-called voucher.

• Guard your phone: your phone is as personal as it gets. Never hand it over to someone you don’t know.

• Inspect In-app messages: approach every In-App approval message with scrutiny. Make sure you know exactly what you’re confirming.

• Act on suspicion: If you think you might be a target of fraud, act immediately. For Nedbank clients, that means calling us on 0800 110 929 without delay.

Your mobile device can be a gateway for fraudsters if not secured properly. Here’s how to protect it.

• Device passwords: always use a strong password to protect your phone. An unprotected device is an open invitation to thieves.

• Rapid response: if your phone is lost or stolen, immediately report it to your mobile service provider and Nedbank. Ensure your banking app is deactivated and that you have removed all tokens for digital wallets.

• Precautionary measures: if you’re sending your phone for repairs, remove your banking app and only reinstall it when the device is back in your hands.

Maintaining vigilance over your fi nancial transactions is critical, yet it can be challenging amid the hustle of daily life. Remember these foundational principles to navigate your banking safely.

• Safeguard your credentials: your banking username, password and card PIN are the master keys to your financial realm. They must be unique and closely guarded. Avoid using similar login details for different accounts. Writing down or digitally storing these details

is akin to leaving your keys in the door – never do it. Opt for strong passwords at least 12 characters long, combining upper- and lowercase letters, numbers and special symbols, to fortify your defences.

• Empower through knowledge: staying informed is your fortress against fraud. Nedbank provides educational resources on its website and uses multiple channels, such as post-logon messages, push notifications and social media, to update you on the latest fraud schemes. We also offer fraud awareness training. Take a moment to absorb these insights; they’re your map to navigating the treacherous waters of fraud.

• Resist the rush: fraudsters create a sense of urgency to cloud your judgement. They may pose as bank officials or threaten account suspension to spur hasty actions. Remember, authentic bank communications will never rush you into disclosing your personal information. If pressured, take a breath, step back, and verify with your bank

NEDBANK’S ADDITIONAL SECURITY MEASURES

At Nedbank, vigilance in the face of potential fraud is part of our service to you. If we detect suspicious activity, we may call to verify transactions with you. Crucially, we will only ask you to confirm the activity. We will never request your confidential login details or PIN over the phone. If a call raises your suspicions, hang up, and call us directly on 0800 555 111 or 0800 110 929 to report fraud.

Remember, even caller IDs can be spoofed; trust only the numbers you know to be authentic. Our pledge to your digital safety is unwavering and secured through:

• Proactive IT security: we proactively strengthen our defences with advanced IT security measures designed to anticipate and neutralise cyberthreats, ensuring ongoing protection across our operations.

• Comprehensive safeguards: we blend strong technical controls with essential nontechnical strategies. This includes an exhaustive security awareness initiative for our team and targeted awareness campaigns for you, our client. With cutting-edge technology and digital forensics, we’re always scanning the horizon for suspicious activity, ready to act and inform you of how to stay secure.

• Collaborative defence: cybersecurity isn’t a solo mission. We work in lockstep with industry experts, constantly refining our response to cyber incidents. Our cyber-crisis management is robust, with playbooks ready for any scenario, ensuring clear communication with regulators, clients and our workforce.

• Empowering you: your protection is enhanced by our independent security ratings and vigorous internal campaigns that bolster our employees readiness. We also prioritise educating you on effective personal cybersafety practices, creating a triad of protection that encapsulates our relentless commitment to shielding you from cybercrime and fraud.

The business of sustainability

While the drive for sustainability was initially a top-down approach, a shift has occurred, writes TREVOR KANA

The concept of sustainability has been around for some time and can be traced to the early roots of environmentalism and conservation efforts. Over time, it gradually evolved, becoming a central issue in corporate responsibility and business decision-making.

There have been numerous key moments that have contributed to this shift. Indeed, it can be argued that previous civilisations and some current indigenous communities have practised some form of sustainability. However, one moment that stands head and shoulder above the rest in helping to shape our current understanding of sustainability is the United Nations (UN) Brundtland Report

The report codified sustainability, defining it as “meeting the needs of the present without compromising the ability of future generations to meet their own needs”. This contrasted with traditional business strategies prioritising profits over long-term environmental and social impact. The report can be described as the genesis for raising awareness about sustainability (the long-term goal) and the need for sustainable development (approaches we need to take to become sustainable). One might say the Brundtland Report walked so the UN’s Sustainable Development Goals could run.

As globalisation and connectivity increased exponentially at the start of the 21st century, mounting evidence of environmental

degradation, resource depletion and social inequalities further highlighted the need for all of us to adopt sustainable practices. Critically acclaimed documentaries, such as An Inconvenient Truth, about former United States Vice President Al Gore’s campaign to raise awareness about global warming, helped bring crises like climate change, biodiversity loss and socioeconomic disparities to the global mainstream consciousness.

Transformational sustainability

It has become unthinkable for any credible organisation (both public and private) not to consider sustainability when making future plans or decisions.

Critical stakeholders, such as governments, civil society organisations, investors and consumers, have begun pressuring companies to embrace sustainability as a core business imperative.

An IBM study, CEO decision-making in the Hein Badenhorst

age of AI, found that CEOs in Africa identified sustainability as their top challenge for the next three years as they look to innovate and increase tight profit margins. Then again, not every sustainable approach is the right one; businesses need a sustainable model that will not only help them succeed but also thrive. IBM calls this transformational sustainability – when sustainability becomes an integral part of an organisation’s business strategy.

For organisations to achieve transformational sustainability, Hein Badenhorst, software leader: data, AI, automation security and sustainability at IBM South Africa, emphasises that it is “critical that [organisations] be intentional about how they approach sustainability, as there is no quick fix. Achieving their sustainable goals will require intentionality and a shared corporate vision. Sustainability needs to be part of the day-to-day operations and not viewed only as a compliance task or reporting exercise. By embedding sustainability across their operations, enterprises are more likely to drive internal innovation, attract and retain skilled talent, and be better positioned to deliver both positive environmental impact and financial performance.”

Beyond the boardroom

The concern for sustainable practices is not limited to boardrooms. Consumers are making purchasing decisions based on sustainability concerns, particularly after the pandemic. McKinsey found that consumers in South Africa care “about health and sustainability, [favouring] companies that provide healthy options and commit themselves to sustainable practices”.

Research by InSites Consulting supports this view, finding that 92 per cent of South Africans feel sustainability is important to them and sustainable brands are perceived as more trustworthy. Therefore, for organisations to remain competitive, become resilient, enhance their reputation and access new markets or consumer segments, integrating sustainability into their business strategy is crucial.

How tech can help

In our increasingly digital-first economy, businesses should also be looking to partner with providers of new technologies, such as artificial intelligence (AI), to achieve their sustainability ambitions.

“Sustainability considerations should be integrated into partnership agreements, governance structures and performance metrics.” – Yashmita Bhana

According to the IBM CEO study, half of African CEOs expect their organisations to realise significant value from advanced forms of AI and analytics. Today’s business technology environments are complex, with data flowing flows across multiple applications, divisions and workflows. Technologies such as AI can help enterprises simplify, scale and accelerate their sustainability goals.

“This is why we launched watsonx, [IBM’s] enterprise-ready AI and data platform, which accelerates the development of trusted AI and provides the visibility and governance needed to ensure it’s used responsibly,” says Badenhorst. “With watsonx, we are able to help clients leverage AI and data to solve problems while mitigating risk, improving productivity, sustainability and growth, protecting privacy, and preparing for a range of AI regulations on the horizon.”

Having access to the right technology solution is the first step; partnering with the right provider who understands your business needs is a close second. Yashmita Bhana, global CEO of Nihka Technology Group, says organisations that need a technology provider must look for a partner that is aligned on shared sustainability values and objectives, which helps foster trust, transparency, and collaboration. “Sustainability considerations should be integrated into partnership agreements, governance structures and performance metrics. This ensures that

“By embedding sustainability across their operations, enterprises are more likely to drive internal innovation, attract and retain skilled talent, and be better positioned to deliver both positive environmental impact and financial performance.” – Hein Badenhorst

sustainability remains a priority throughout the partnership life cycle and drives positive outcomes for both parties and the broader community. [This also lays] the foundation for enduring relationships built on mutual respect and shared purpose.”

Inside and out

In conclusion, while the drive for sustainability was initially a top-down approach driven promoted by multilateral institutions, such as the UN and similar bodies, to help businesses become better corporate citizens, a shift has occurred. We are seeing an outside-in approach where an organisation’s key stakeholders, such as consumers, government and investors, are putting pressure on them to embrace sustainability. This has resulted in sustainability becoming part of the agenda in most boardrooms.

For CEOs to achieve this in the age of consumer capitalism and digital-first economies, they should be open to embracing the right sustainability partners and new technologies, such as AI. This will help businesses save costs, grow revenue, explore new opportunities and enjoy long-term brand loyalty, all while meeting the needs of current consumers without compromising future generations.

PROTECTING THE FUTURE THROUGH SOUTH AFRICAN INNOVATION

SNODE TECHNOLOGIES has built a world-class cybersecurity solution that places South Africa at the core of its ethos

Snode Technologies is a cybersecurity firm with a vision – one that places South Africa as a centre of innovation and groundbreaking technology that is not only world-class, but also the best.

The award-winning company has achieved recognition on the international stage and established a presence in multiple countries –all while keeping South Africa at the heart of its journey.

It’s this history of innovation and continuous evolution that makes Snode an accomplished cybersecurity partner with a core focus on protecting the future.

HOW SNODE TECHNOLOGIES BEGAN

While the Snode Technologies brand now has an international presence and has won multiple awards, the company has humble beginnings.

In 2009, Snode founder and CEO Nithen Naidoo decided to leverage his cybersecurity experience and start a cybersecurity consulting firm focused on penetration testing and ethical hacking.

“PEOPLE WOULD BUY OUR SOLUTIONS FROM CONSULTING FIRMS, BUT THEY DIDN’T WANT TO BUY IT DIRECTLY FROM US BECAUSE WE WERE A SMALL START-UP.” – NITHEN NAIDOO

Innovation was at the heart of Naidoo’s approach even in these early years. As penetration testing became more common, Naidoo and his team created a device that could perform network traffic analysis, providing a unique value proposition for clients.

“We knew that if we wanted to stay relevant, we needed to innovate,” he says.

The company was rebranded to Snode Technologies in 2016. With the advancement of machine learning and cloud computing, the company was able to create a product that could perform analysis in real-time, amplifying the platform’s capabilities.

SCALING CHALLENGES

Snode built momentum and a portfolio of major clients, including those in the banking and mining sectors. However, the company had to overcome some challenges as it scaled up its operations.

One of these was the scepticism about South African engineering and innovative skills. Snode offers a locally developed South African product.

“Nobody wanted to buy the product because nobody believed South Africa could produce a world-class product in that space,” Naidoo comments.

“It was ironic because people would buy our solutions from consulting fi rms, but they didn’t want to buy it directly from us because we were a small start-up.”

Naidoo points out that he once received the remark that no one gets fi red for recommending established brands. However, due to the uncertainty around lesser-known brands, potential customers were always focused on whether a company was on the Gartner quadrant.

AWARDS WON BY SNODE TECHNOLOGIES

• SA Black Industrialist Award for Innovation 2024. According to the Department of Trade, Industry and Competition (dtic), these SA Black Industrialist Awards aim to recognise black industrialists who contribute to driving economic growth, social transformation and inclusive entrepreneurship in the local economy. Snode won the award for the Innovation category.

• AfricArena’s Emerging Entrepreneur of 2021.

• Slingshot 2020 Global Top 100 Deep Tech Start-ups. Snode was listed as one of the Top 100 Deep Tech innovations globally in 2020 by Slingshot, a Singapore-based start-up pitching competition.

• SA Innovation Summit – 1st Place dtic Inventor’s Garage.

• MEST Africa Challenge 2019 – Winner. Snode was awarded a winning place in the 2019 MEST Africa Challenge, a pitch competition for Pan-African scale-ups.

So, while the product was good enough for Big Four consulting firms to use, some companies were hesitant to take the risk.

Despite these challenges, interest in the product has been growing as Snode continues to prove itself to clients.

Client word-of-mouth recommendations fuelled Snode’s organic growth and opened up new avenues for expansion. One client recently referred to Snode as “one of South Africa’s best-kept secrets”.

Another challenge was finding the right skilled applicants. South Africa faces a significant shortage of qualified cybersecurity professionals. Graduates and skilled workers emigrating to other countries to find better opportunities have left a gap in the market and a shortage of skills in sectors such as cybersecurity and programming.

This phenomenon, also known as South Africa’s “brain drain”, is something Snode wants to tackle.

Christi Maherry, co-CEO at Snode, notes that one of her passions is skills development and creating employment for the youth. She’s been a board member of Junior Achievement Africa for many years.

“We can create so many cyber jobs. In our country, our kids grow up being security aware, so imagine taking that mindset and aiming it at threat-hunting and defending organisations. South Africa could become a hub, and our youth could power global security operations centres without leaving our country,” she says.

Snode wants to become the company skilled South Africans stay in the country to work with. The firm works with various universities to inspire local entrepreneurship and job creation. Snode also supports Nextup, a nongovernmental organisation assisting young people to successfully bridge the transition from high school into post-school training and work.

Naidoo says: “If we can get the best and the brightest to stay at home, open up companies or work for ones such as our own, we can prevent the brain drain and even inspire some expatriates to come home.

“We don’t just generate thought leadership; we generate thought leaders, cyber warriors and entrepreneurs,” he adds.

SNOD E TODA Y AND BEYOND

Christi Maherry joined Snode as a co-CEO in November 2023, and her expertise and experience are central to Snode’s vision for the future.

“Christi is one of the few South Africans who has built a global cybersecurity brand from scratch and scaled it,” Naidoo says.

“WE CAN CREATE SO MANY CYBER JOBS. IN OUR COUNTRY, OUR KIDS GROW UP BEING SECURIT Y AWARE, SO IMAGINE TAKING THAT MINDSET AND AIMING IT AT THREAT-HUNTING AND DEFENDING ORGANISATIONS.” – CHRISTI MAHERY

She has over 20 years of experience in the security domain, including a 10-year career in intelligence services. Naidoo says Maherry was a guiding star throughout Snode’s growth because she could also see the future of cybersecurity.

Maherry relates that she decided to join the company because of Naidoo’s entrepreneurial passion, shared values and mission to save the world.

“We had the same commitment. We love what we do and we want to make a difference.

Nithen and I have a similar passion for creating skills, especially in the face of youth unemployment, and defending innocent people from cyber criminals,” she says.

want to make a difference. the to

Now, with Maherry at the company, the goal is to grow Snode even further. “The goal is to grow and help scale this company globally. I like a challenge,

and I really believe in Snode and where it can go. I want to see another South African technology company becoming a signifi cant player globally,” Maherry says.

Today Snode covers about eight million devices across six continents, but its aim is to continue innovating on the global stage and scale up operations.

PROTECTING THE FUTURE

Snode uses its fl agship platform, Snode Guardian, to perform real-time threat detection and recognise patterns to provide predictive analytics. As a result, innovation remains at the core of Snode’s mission.

“Digital security is everywhere. And that’s the power of the platform we’ve designed. While others were focused on just having an antivirus programme you could install on a computer, we saw the future. We knew that

everything would be a computer – your watch, your fridge, your phone. That data is like oil now,” Naidoo explains.

“What we designed was a platform that didn’t have to sit on your computer but can protect your internet of things wireless devices. It’s easy to install and sends its data into the cloud where it actively detects a threat and the artificial intelligence (AI) actually stops the threat from being realised.”

He says Snode’s entire approach to its business centres around the notion of protecting the future from a variety of threats.

“Our mission statement is actually ‘protect the future’. And one of the reasons we say protect the future is because we could see the future, and we realised that the digital revolution provided an opportunity for a true African renaissance where we could leapfrog everybody and reinstate trust in technology,” Naidoo says.

However, the future of South Africa is threatened by industrial espionage and other threats to our intellectual property.

“WE DON’T JUST GENERATE THOUGHT LEADERSHIP; WE GENERATE THOUGHT LEADERS, CYBER WARRIORS AND ENTREPRENEURS.” – NITHEN NAIDOO

“So, defend the future not only means defend the future state of technology and future states of geopolitical infl uence that could stop us from having this renaissance, but also the future workforce – where a young kid coming from a disadvantaged background is, for all we know, building the next generation of Tesla, so we protect their ideas,” he adds.

Naidoo hopes that he and Maherry can also become beacons of inspiration for South African children who take an interest in technology and security, much like the Rooivalk helicopter ignited Naidoo’s love of South African defence engineering during his childhood.

“That’s the point of Snode. We’re doing many great things, but that is why we exist,” he says. This mission plays a central role in Snode’s services. The cyber space continues to evolve – and with it, cyberthreats. Cybersecurity and business risks are increasingly intertwined, requiring companies to adopt a more holistic approach to threat management.

Snode’s Continuous Threat Exposure Management (CTEM) services are a strategic approach to cybersecurity that incorporates constant, real-time monitoring

and management of an organisation’s vulnerability to threats. The incorporation of AI and predictive analytics strengthens the proactiveness of these services, identifying and mitigating threats before they become realised.

It does this through Security Orchestration and Automated Response (SOAR) solutions, which can rapidly analyse incidents and reduce threat exposure. In an era of pervasive digital threats, sophisticated solutions are needed – something Snode has recognised for years.

WHY CHOOSE SNODE

There are multiple benefi ts to choosing Snode as a security partner, including the fi rm’s inventive approach to tackling cybersecurity challenges with its patented technology.

When it comes to the use of artifi cial intelligence in Snode systems, the AI is used to augment human capabilities rather than replace them.

“Snode, at a design level, helps customers understand and navigate the waters of AI, which are tricky. AI isn’t at that point yet where it’s replacing the human being, but it is rather augmenting their work,” Naidoo explains.

WHEN IT COMES TO THE USE OF ARTIFICIAL INTELLIGENCE IN SNODE SYSTEMS, THE AI IS USED TO AUGMENT HUMAN CAPABILITIES RATHER THAN REPLACE THEM.

“At Snode, we don’t believe in AI replacing the human being, but to augment the human being. We call it intelligence amplifi cation, where we allow the machines to do what they’re really good at while allowing the humans to do what they’re really good at. And to do what they’re good at, at scale.”

With the balkanisation of global tech, people are increasingly asking where technology is coming from. “We’re one of the very few companies outside of the cyber superpowers with similar capabilities. We’re also one of the very few companies that isn’t backed by an intelligence agency,” Naidoo notes.

“When you take all of this into consideration, we’re one of the very few technologies in the world that can protect you while maintaining a level of privacy. You do not have to give up your secrets to protect your environment.”

Snode also adapts to its clients’ needs, whether that requires working with existing in-house security teams or helping to build cybersecurity capabilities from scratch.

As cybersecurity threats continue to evolve, so do Snode and its solutions –making sure you can not only respond to risks, but also stop them in their tracks.

Harnessing next-gen technologies to evolve your CYBERTHREAT MANAGEMENT

Combining CTEM and AI is a powerful strategy for limiting cybersecurity risk, writes

In a world of rapid digitalisation, the line between cyber risks and business vulnerabilities is becoming increasingly blurred, necessitating a shift from traditional cybersecurity measures to a more holistic approach known as continuous threat exposure management (CTEM). This paradigm shift views CTEM not merely as a traditional cyber risk management effort where “likelihood” and “impact” are considered, but also as a dynamic strategy encompassing all aspects of business exposure. Such a strategy takes into account the impact digital transformation has on business objectives and the spectrum of threats that could impact operational integrity and strategic objectives.

Gartner stated in a 2023 article that no organisation can protect against every cybersecurity event so they should focus instead on prioritising exposures that threaten their business. This evolving cybersecurity landscape demands a robust CTEM programme that integrates the traditional information and cybersecurity triad (confidentiality, integrity and availability) with a broader perspective.

This approach recognises that threats and their associated risks can significantly expose businesses to vulnerabilities, extending beyond the cyberattack surface to encompass all related matters, assets, processes and teams. It aligns cyberdefence efforts with the business’s value strategy, ensuring comprehensive protection.

From reactive to proactive CTEM is also evolving, with artificial intelligence (AI) transforming it from a reactive risk

management tool to a proactive business exposure management strategy.

Businesses globally are rapidly adopting emerging technologies, such as large language models and AI, to analyse large amounts of traditionally unstructured data, enabling optimisation and automation of business practices. The role of these technologies in revolutionising CTEM programmes cannot be overstated. By analysing vast datasets, AI-powered CTEM programmes can assess existing security measures, evaluate asset management strategies and analyse deployed safeguards in a very short time. This comprehensive analysis empowers businesses to prioritise exposures, optimise resource deployments and address the most impactful risks and business exposures related to rapid digitalisation.

Streamlining threat management

Gartner recommends a five-step process (scoping, discovery, prioritisation, validation, mobilisation) that actively prioritises whatever most threatens your business. Adopting fit-for-purpose technologies that embed AI to automate the initial phases streamlines this process, reducing the burden on response resources and teams by prioritising threats and exposures.

This approach efficiently filters security alerts, ensuring that critical cases receive prompt attention while minimising the distractions of false positives. This shift not only enhances efficiency, but also enables organisations to anticipate threats and implement preventative measures, fostering a proactive rather than reactive approach to cybersecurity.

Moving beyond manual

The need to reposition to a proactive cybersecurity posture coupled with the ever-increasing complexity of modern cyberthreats demands a move beyond traditional, manual methods of threat management,

SOAR automates the collection and consolidation of threat intelligence, facilitating rapid incident analysis and prioritisation.

combining a data-driven threat management programme with security orchestration, automation and response (SOAR) solutions.

SOAR automates the collection and consolidation of threat intelligence, facilitating rapid incident analysis and prioritisation. This allows for orchestrated workflows and automated responses, significantly reducing the time from threat identification to exposure reduction.

The integration of AI, machine learning (ML) and SOAR within a robust CTEM framework offers a comprehensive solution for navigating the modern threat landscape. This collaborative approach not only automates tasks and streamlines procedures, but also enables predictive threat analysis. By empowering security teams to focus on strategic initiatives rather than routine tasks, it fosters a more resilient and adaptable cybersecurity posture – a critical advantage in today’s digital age

CTEM evolved

Organisations must break down siloed security practices and adopt a unified view. This helps them gain a comprehensive understanding of the exposure landscape and prioritise cyber risks effectively. This proactive, integrated approach is essential for navigating the ever-changing threat landscape and safeguarding success in the digital age.

Cyber strategies going forward

Technology and CTEM integration addresses the sophistication of modern cyberthreats and alleviates the burden on security teams. By automating routine tasks and streamlining response procedures, these emerging next-generation technologies empower security personnel to focus on strategic operations, optimising resilience and creating an adaptive cybersecurity posture essential for navigating the complexities of the modern threat landscape.

As businesses continue to evolve and adopt emerging technologies, the fusion of AI, ML, predictive analytics and SOAR within CTEM is emerging as a cornerstone of modern cybersecurity strategies, offering a comprehensive, data-driven, risk-based solution to manage the ever-changing array of business cyberthreat exposures.

Transformation in 2024: the right approach to cloud adoption

As innovation continues to press forward, it is essential that businesses keep pace with technological advances, writes

In a rapidly evolving digital landscape, businesses in South Africa face challenges in harnessing the true power of technology to meet client demands. As innovation continues to unfold, it is essential that businesses keep pace with technological advances. When it comes to moving to the cloud, for example, multicloud seems to be the strategy of the day – with more and more businesses utilising multiple cloud providers.

Picked with purpose

It’s no longer just about the journey to the (single) cloud. Forward-thinking businesses are hinging their cloud strategies on the ability to craft a unique cloud solution, purpose built to meet specific needs, using the best services from each cloud provider. Deploying a multicloud solution therefore allows users to cherry-pick the best fitting offerings from various cloud platforms, crafting a unique solution. In fact, Oracle’s 2023 S&P Global multicloud survey shows that 97 per cent of organisations today use more than one cloud provider.

As agility, innumerable technology options, and large potential for cost savings continue to propel

the rise of multicloud, it is important to become familiar with this ecosystem, its challenges and its benefits. With a multicloud strategy, businesses are empowered to use the best elements from various cloud platforms, whether private, public or a combination of the two. With the right planning in place, this can offer a wealth of benefits, including not being tied to a single provider, increased efficiencies in operations, total reliability, and advanced security and regulatory compliance.

Where to start

When it comes to planning for multicloud adoption, the first step is to develop a tactical plan. The strategy must be linked not only to the overarching business plan, but also to a clear digital strategy, continuously aligned with key drivers in the market and designed to deliver against stakeholder expectations.

Here, the business must strive for a deep understanding of the impact that this transformation will have on people, applications, and technology within the organisation. To achieve this, the project must begin with sound, data-driven insights within the specific business context.

The strategy must be linked not only to the overarching business plan, but also to a clear digital strategy, continuously aligned with key drivers in the market and designed to deliver against stakeholder expectations.

A crucial element to success undoubtedly the chosen implementation partner. Innovation, cloud, technology – these can all be heavily complex and expensive. Partnering with implementation specialists that simplify the offering usually leads to far greater successes down the road. The key is identifying providers that ease the process with less complex, more affordable solutions, while being geared to deliver against any cloud strategy.

A cloud journey typically begins with an assessment phase, during which information is gathered. This is then followed by carefully planning which workloads will be migrated and in what fashion, while scrutinising each workload against the seven Rs of cloud migration: refactor, replatform, repurchase, rehost, relocate, retain and retire. In the end, this is to be layered across a full understanding of the business intent and a total-cost-of-ownership exercise. A cloud adoption plan, journey map and migration can be quite a lengthy exercise if done correctly, but the outcome is almost always favourable.

Proceeding with intent

Going hand-in-hand with the chosen partner is the foundation built prior to implementation. Experts across the world agree that most cloud implementations fail as the result of a lack of strategic intent at the onset. Added to this, Medium Magazine notes “following the trend” and trying to apply a one-size-fits-all approach as the top reason for failure. Future Processing highlights the importance of choosing the right cloud partner, while CIO magazine shares survey results that pinpoint a lack of understanding of cloud security and compliance, lack of clearly identified business objectives for migrating to the cloud and lack of planning as top reasons for failure.

Moreover, what every multicloud project needs to be successful is total buy-in to maximise adoption. Businesses taking this approach are modernising and digitising faster than ever before, while successfully bridging the gap between current and future business aspirations. It’s the cloud journey at its best, and it demands a sound strategy with a reliable partner to steer the course. The goal? Innovation, cost-effective infrastructure management and seamless business continuity. The result? A wholly transformed business.

Searching gets smarter: how AI is changing the web

Artificial intelligence isn’t here to take your job; it’s here to change your entire online reality – one prompt at a time, writes LINDSEY SCHUTTERS

Your voice was supposed to be the new era of computing, but it turned out to be a false prophet. Tech scribes called this shift from handheld (or lap-bound) devices towards speaking to the internet through ubiquitous microphone arrays “ambient computing”. In many ways, typing a query into the chatbot dialogue boxes that are popping up all over the web stays true to that idea of requesting knowledge from the air. It’s just that the air is of the Macbook variety and the computing happens on a server on the other side of the world.

A new breed of technology is transforming the way we interact with the internet through those textboxes. They’re called large language models (LLMs), and they’re changing the way we discover things. You know them by name: Microsoft Copilot, OpenAI GPT-4, Anthropic’s Claude 2 or Inflection’s Pi, and they’re the fashionable

gatekeepers of the way we retrieve, analyse and consume information. Instead of just spitting out links, these models generate nuanced answers, ushering in a new post-search paradigm.

The only thing they are bound by, however, is pre-existing data. Yes, That means generative artificial intelligence (AI) cannot create anything original; it can only reinterpret what it has already learnt in a way that answers the query.

AI doesn’t have all the answers; people do “One current shortcoming of most LLMs is that they draw their responses from a fixed body of knowledge that usually does not include domain-specific data,” explains Dr Colin Schwegmann, head of engineering at

HELM. That is a major shortcoming when your company creates chatbot solutions.

Teams like HELM use retrieval augmented generation (RAG) with LLMs to get around this hurdle. This tech tackles a current limitation by bringing together information retrieval systems – search engines and data crawlers – allowing LLMs to consider real-time trends and highly relevant data alongside user queries.

Building RAG into LLMs is downgrading traditional search engines to simple data crawling and ranking tools that find and rank content, data and information in context to what the user is exploring.

The LLMs then employ deep learning algorithms to comprehend data and produce results that closely resembles human language. They can synthesise insights across the diverse datasets that were used to train them, integrating disparate information sources into a unified understanding.

“One current shortcoming of most LLMs is that they draw their responses from a fixed body of knowledge that usually does not include domain-specific data.” – Dr Colin Schwegmann

The imitation game

While this is reshuffling represents a generational leap for user interaction, it is also an existential threat to companies built around creating those traditional search-and-rank methods.

Google won the search engine and web browser wars of the early 2000s through pure innovation and good storytelling, but now stands to lose out in the next age of the internet. The company is racing to formulate a winning response to this new threat and stumbling over its own values to bring a ChatGPT competitor to market.

Dr Alistair Mokoena, head of Google Africa, maintains that understanding what users need remains key. “We’ve continually evolved Search over the past two decades, and over that time we’ve learned that there isn’t just one way people want to engage with information. There are now more types of information at your fingertips than ever before – in images, video, audio and text – and our ability to understand all information types has continued to improve.”

Google, an early pioneer of tying language models to realtime web search data in that ambient computing transition, has doubled down on its core founding philosophy of “organising the world’s information” by experimenting with generative AI and LLMs in search.

“We’ve been bringing new AI capabilities to Search for many years, including using generative models to better organise information on the page.” –

Dr Alistair Mokeona

generative models to better organise information on the page,” explains Mokoena. “Now we’re bringing generative AI capabilities to the forefront of the Search experience.”

Mokoena adds that Google Search Labs is the playground for these bright ideas, where people’s feedback will guide future developments.

Augmenting intelligence

The limitations of LLMs make it difficult for them to be a one-to-one replacement for search because the machine learning models still need to consult a search engine to craft relevant responses. It’s that translation part from AI prompt to search engine query and back to an answer for the user that is the tricky part. This chain of data analysis and generation requires massive compute power to happen in near real time.

“We’ve been bringing new AI capabilities to Search for many years, including using

Alex de Vries, a PhD candidate at VU Amsterdam and founder of the digital sustainability blog Digiconomist, analysed trends in AI energy use and, in his findings published in Joule, predicted that current AI technology could be on track to consume as much as 29.3 terawatt hours of electricity per year. That’s approximately the

same as Ireland. That compute expense is a major hurdle for companies like HELM to work around without the backing of trillion-dollar tech giants like Microsoft or Google.

To get around this, HELM uses a clever combo of LLMs with their own Natural Language Understanding (NLU) product to keep things cost-effective and give users the best experience. For high-volume interactions, NLU offers quick, affordable responses. LLMs are then layered in for specific situations, like open-ended conversations, where they shine.

“This approach is, in our view and experience, critical to realising the true value of LLMs in transforming user experiences and leveraging the data available,” says Schwegmann.

Good user experience

LLMs have massive potential for making online interactions more personal. As Schwegmann highlights, LLMs can tailor user experiences to individual needs, abilities and interests. This can seriously boost engagement and how well people remember things.

The rise of LLMs has also brought a new focus on using AI responsibly and ensuring a diverse representation of information, which necessitates some interference and guidance in how the machine learning models navigate information.

“The challenge though is that many folks don’t yet have a picture of what ‘good’ looks like,” says Schwegmann, underlining the importance of thoughtful design to ensure positive user experiences.

Google, on the other hand is now in a trial-and-error phase of its generative AI journey as a result of being hastened by the meteoric rise of its competitors.

The internet is changing – and it’s going to be a messy transition.

FROM CHAOS TO CONTROL: EMPOWERING BOARDS WITH CONTINUOUS EXPOSURE MANAGEMENT

As cybercrime becomes increasingly sophisticated and criminals weaponise vulnerabilities, enterprises must race to mitigate risk across an ever-increasing attack surface, writes SKYBOX SECURITY

Mitigating the risks associated with cybercrime can prove overwhelming for cybersecurity professionals. Trying to protect everything all the time is unrealistic as vulnerabilities are infinite, but resources aren’t. Pouring too many resources into mitigating every conceivable risk and planning for worst-case scenarios can be as detrimental to the organisation as overlooking the most significant risks altogether.

It is important to be able to put context around the vulnerabilities, understanding what assets they are on, how critical the vulnerabilities are, and what risks these exposures present to the business.

CONTEXT MATTERS

In many cases, understanding what is being protected is glossed over or buried in generalisations such as “we need to protect the data or the servers”. With context and an understanding of which business processes are mission-critical, the enterprise is better positioned to mitigate risk where it matters and when it matters most.

Skybox Security provides security management software that aggregates millions of data points and analyses them from multiple

perspectives, giving visibility and insight into the data. With a multifaceted approach, Skybox normalises these disparate data sources and effectively creates a comprehensive overview akin to a “Google map” of the network infrastructure. This holistic understanding allows organisations to gauge the adequacy of their security measures and cease adjustments once optimal protection is attained. Skybox Security enhances decision-making processes by providing intelligence and insight, giving unprecedented visibility into the previously unknown and empowering proactive and targeted responses to risks.

As advanced technologies are invaluable for risk management, enterprise security and business, teams will still need to prepare the way for the deployment and optimisation of these solutions. The need to identify which assets are critical, get to grips with how they interact with each other and understand all the context around the impact of potential exposure, reduces the time to value and combats the risks. An organisation must invest in understanding what needs protecting and the consequences of not addressing gaps and understanding the risks associated with these.

A PROACTIVE AND RISK-BASED APPROACH

This process cannot be accomplished solely at a single point in time. Organisations must avoid excessive reliance on isolated efforts such as penetration testing or periodic network scans. Instead, these procedures should be iterative and ongoing. Given the everevolving nature of the threat landscape, it is imperative to adopt a risk-based approach and implement a continuous, structured programme that manages efforts to mitigate risks effectively.

The good news is that organisations do not need to wait until all preparatory work is done before benefitting from continuous exposure management. You don’t have to wait for perfect alignment before taking action. With Skybox Security, your security teams can be mobilised into action immediately and begin improvements instantly, gradually incorporating context and additional information. This proactive approach leads to enhanced performance and a tangible reduction in the attack surface.

By embracing proactive and iterative approaches to cybersecurity, organisations can not only strengthen their defences, but also demonstrate a commitment to safeguarding their assets and reputation.

Boards are increasingly recognising the value of continuous threat exposure management as a strategic imperative in today’s dynamic threat landscape. Therefore, prioritising investments in technologies such as Skybox Security can provide the necessary framework for resilience, enabling organisations to stay ahead of evolving threats and navigate challenges confi dently.

For

The rise of no-code

MEGAN ELLIS unpacks how the no-code revolution is helping to deliver simplified yet advanced solutions for businesses

No-code solutions are changing the way businesses and individuals make products, apps and websites, making it faster and easier to create things that previously required a large time investment.

But what exactly is no-code, what is the status of the no-code movement in South Africa, and do no-code solutions pose a threat to job development in the country?

Rather than requiring users to write out the code for applications and products they want to create manually, low-code/no-code uses a visual approach to software development. In low-code solutions, the need for traditional code writing (also known as pro-code) is reduced. In no-code solutions, however, the user does not need to perform any pro-code writing. Rather, they use a simplified graphical interface to build and create products. WordPress is one example of a low-code platform because it allows users to build websites without requiring them to code these themselves. However, more advanced users still have the option to customise their sites with JavaScript, HTML and CSS. Meanwhile, AWS’s PartyRock platform is no-code, since it doesn’t require you to write any code to produce your own app.

There’s also SAP Build on the SAP Business Technology Platform, which allows businesses to create and optimise enterprise apps, build business sites and more.

How does it help?

While no-code platforms are especially beneficial in a business context, freelancers and professionals also find them useful to streamline their work processes. There are a multitude of benefits to no-code tools, including lowering the barrier to entry for creating software.

According to Tshepo Mahloko, head of SAP Co-Innovation Lab, Africa, no-code tools fundamentally shift the dynamics of software development. “The biggest benefit of no-code lies in the ability to innovate and address business problems quickly and efficiently, without the typical lead time of traditional software development life cycles.

“This democratisation of software development through no-code tools fosters a culture of innovation across organisations, as individuals from diverse backgrounds and skill sets can contribute to the creation process.”

By eliminating the need for specialised coding skills or a large development budget, businesses and individuals can experiment with new ideas and respond swiftly to the demands of the market.

The South African no-code movement

The no-code movement has particular importance in South Africa due to the high demand for software development skills.

According to the Department of Home Affairs’ Gazetted Critical Skills List (updated in October 2023), occupations such as software developer, programmer analyst, developer programmer and applications programmer are all critical for the country. However, there is a shortage of applicants in South Africa.

According to the 2023 CareerJunction Employment Insights Report: “IT professionals remain at the top in terms of scarce talent in South Africa.”

The report names software development specifically as one of the areas of high demand and a skills shortage.

“The biggest benefit of no-code lies in the ability to innovate and address business problems quickly and efficiently, without the typical lead time of traditional software development life cycles.”

– Tshepo Mahloko

Tshepo Mahloko

Because no-code tools come with prebuilt templates and components, customisation according to business needs can be limited.

No-code tools offer one way this skills shortage can be mitigated. However, according to Mahloko, the no-code movement in South Africa is still in its early stages due to a variety of local challenges. “We still have to contend with challenges around infrastructure, connectivity and job creation before we can get to the right level of maturity for technology innovation.”

At the same time, some people may be concerned that no-code tools could take away job opportunities in a country that already faces an unemployment rate of 32.1 per cent as of the last quarter of 2023.

However, Mahloko says that no-code tools don’t eliminate the need for pro-code developers. After all, these developers are needed to create and maintain the no-code tools and platforms. “Although no-code solutions democratise software development by enabling individuals without traditional coding skills to create applications, I believe there will always be room for both.

“More critical and complex applications will still be reserved for pro-code developers, together with the architecture design and service layer required for integration into enterprise applications. Pro-code developers together with IT will need to ensure access to APIs required by citizen developers is

secure, with proper governance around data access.” Because of the concerns that automation and artificial intelligence (AI) development could take away jobs, Mahloko says that the rise of the no-code movement in South Africa needs to be accelerated by raising awareness and creating an enabling environment around the technology.

Rather than taking away jobs, fostering the movement could contribute to economic growth and create high-value employment, says Mahloko. “By leveraging the power of no-code solutions, South Africa can unlock new opportunities for businesses, empower individuals, and contribute to a more inclusive and prosperous economy.”

The limitations of no-code solutions

Another reason traditional developers will continue to be needed is the current limitations of no-code tools. Mahloko identifies three areas of concern: flexibility, scalability and performance.

Because no-code tools come with prebuilt templates and components, customisation according to business needs can be limited. Mahloko says tools will need to improve the ability for users to customise and extend their no-code applications.

In terms of performance and scalability, no-code platforms need to optimise performance and provide the ability to scale. “Optimising performance and scalability while maintaining the simplicity and ease of use inherent to no-code platforms is a balancing act that requires continuous improvement and innovation,” Mahloko says.

set to play an important role in amplifying the abilities of no-code platforms while providing a simple user interface.

AI-based code development with Joule copilot on the SAP Build Code platform. “This is a true game-changer for all SAP developers, as SAP Build Code now offers a turn-key environment for coding, testing, integrating, and managing Java and JavaScipt application life cycles by bringing together key design and runtime services and tools in a single offering,” says Mahloko. Despite the challenges and limitations, the no-code movement continues to build on previous advances to deliver simplified, yet advanced, solutions for businesses and individuals alike.

Building cyber resilience

Zero trust is becoming a strategic imperative for South African SMEs, writes ROSCOE PETERSEN, head of cybersecurity at Cyberlogic

In the fast-evolving landscape of cyberthreats, South African small and medium-sized enterprises (SMEs) face a growing challenge to secure their digital assets. As businesses become more interconnected and data-dependent, a robust cybersecurity strategy is becoming paramount. One approach gaining traction globally is that of zero trust.

Understanding the landscape

South African SMEs operate in an environment where cyberthreats are not only increasing but also becoming more sophisticated. Traditional security models built on the assumption of a secure perimeter are proving inadequate in the face of today’s dynamic threat landscape. This realisation underscores the need for a strategic shift – one that aligns with the realities of modern cybersecurity challenges.

Zero trust: a pragmatic solution

Zero trust is not just a buzzword; it’s a pragmatic cybersecurity strategy that works for both large entities and SMEs, in South Africa and globally. At its core, zero trust challenges the traditional notion that entities within a network should be implicitly trusted. Instead, it advocates for a continuous verification process, ensuring that trust is never assumed and security is upheld at every interaction. In simple terms, zero trust is based on the premise that everyone and everything requesting anything in your IT environment must be verified before it can be trusted.

Tailoring zero trust for South African SMEs

What makes zero trust appealing is that implementing it doesn’t mean you have to overhaul your existing systems. Instead, it involves a strategic, phased approach that aligns with the unique needs and constraints of SMEs.

1. Identifying critical assets: SMEs can start by identifying and prioritising their most critical assets. This could be customer data, financial records, or proprietary information. By pinpointing these assets, businesses can tailor their zero trust implementation to protect what matters most.

2. User-centric security: Zero trust revolves around the principle of “never trust, always verify”. This places a strong emphasis on user authentication and authorisation. For SMEs, this means implementing multifactor authentication, role-based access controls, and regular user access reviews.

3. Continuous monitoring: Unlike traditional security models that focus on the perimeter, zero trust requires continuous monitoring of all network activities. This proactive approach allows SMEs to detect and respond to potential threats in real-time, minimising the impact of a potential security incident.

At its core, zero trust challenges the traditional notion that entities within a network should be implicitly trusted. Instead, it advocates for a continuous verification process, ensuring that trust is never assumed and security is upheld at every interaction.

4. Vendor and supply chain security: Many South African SMEs collaborate with external partners and vendors. Zero trust extends its principles beyond the organisation’s borders, emphasising the need for secure connections and continuous verification throughout the supply chain.

The cost advantage

Contrary to the misconception that robust cybersecurity comes with a hefty price tag, zero trust can be cost-effectively implemented. By focusing on prioritised assets, leveraging user-centric security measures and adopting scalable solutions, SMEs can enhance their cybersecurity posture without breaking the bank.

Embracing cyber resilience

In a digital landscape fraught with uncertainties, zero trust is emerging as a strategic imperative for South African SMEs. It’s not just about preventing breaches; it’s about building cyber resilience – the ability to adapt and respond to and recover swiftly from any security incident.

As SMEs embark on this cybersecurity journey, zero trust offers a pragmatic, accessible and effective approach. It’s not a silver bullet, but rather a strategic mindset shift that aligns security measures with the evolving threat landscape. In embracing zero trust, South African SMEs can fortify their defences and navigate the digital terrain with confidence.

Telephony security

While a telephony solution may not immediately spring to mind when you think about security risks, you could inadvertently be giving hackers the keys to the kingdom, writes

Modern voice over IP (VoIP) telephony solutions run on the same kinds of networks that your computing systems do. Unfortunately, they are seldom secured as tightly as your computer systems, which makes them vulnerable.

It’s important to realise that if someone can get to your telephony system they can get to your IT systems. A lot of people defi ne their security at the perimeter – for example, they deploy a fi rewall to keep people out. Once someone is inside, however, it’s relatively easy for them to get anywhere else, including into your operational IT systems and data. People tend to ignore security on telephony systems because they don’t recognise them as fully fl edged computer systems. This can be a costly omission.

Expensive vulnerabilities

Operational technology, such as telephony systems and the systems running factories, power plants and the like, are increasingly being

recognised as weak points by attackers.

According to the Fortinet 2022 State of Operational Technology and Cybersecurity Report, 93 per cent of organisations surveyed had an intrusion in the previous year and 61 per cent of those intrusions impacted operational technology systems. Worse, says Fortinet, it took hours to restore service in 90 per cent of those cases.

Weakness in VoIP systems and network or device compromises are increasing resulting in losses for businesses globally. The Communications Fraud Control Association 2021 Global Fraud Loss Survey highlighted that IP PBX hacking resulted in R34.6-billion worth of fraud that year. Spoofing, the most common telephony fraud method, cost businesses nearly R50-billion.

In addition to standard security measures like implementing IPSec (which secures data traffic across networks) and secure authentication, your cloud telephony provider should be implementing additional features and functions that help keep your telephone system secure.

People tend to ignore security on telephony systems because they don’t recognise them as fully fledged computer systems.

Block international traffic granularly

While your business may need to make international calls, you likely only need to reach a selected handful of countries. Your telephone system should enable you to block calls to any destination that your teams have no reason to be calling, rather than blocking by region, or blocking international dialling entirely.

Set dialling restrictions

Dialling restrictions allow you to block outbound calls from extensions that don’t need to call externally – for example, extensions in kitchens or other common areas that only need to be reached by other people inside the business.

Global contact lists

A centrally managed contact list makes it much easier to spot fraud because you can rapidly identify calls to numbers that are not on your contact list or are personal calls. Your telephony system should provide a range of reports listing not just the numbers called but also the names of the people called. Spotting abuse is very difficult otherwise.

Reports should highlight the top 10 most expensive calls, most dialled numbers, most dialled destinations and the user making the most calls to help you to spot call traffic that is fraudulent or abusive.

Your next delivery might be electric

JUSTIN

South African businesses have invested in solar installations to overcome load shedding, but these could also fuel their delivery fleets in future – and it’s likely to start with local deliveries.

South Africa’s installed solar photovoltaic capacity increased 349 per cent between March 2022 and June 2023, largely driven by businesses installing panels at their premises.

Given the interim tax incentives on solar installations, this figure is expected to grow

exponentially in the next few years, which means that in two to four years, we may just have a glut of commercial solar energy with nowhere to go.

What can businesses do with the extra power? Feeding it back into the grid is an unlikely option, as South Africa’s electricity grid simply doesn’t have capacity to carry those loads or offer attractive tariffs. The answer is to pour that sunshine into commercial electric vehicles.

Starting small

The electrification of South Africa’s fleets will start, we believe, with smaller two- to four-tonne electric vehicles (EVs) moving loads around locally. The first routes will likely be 120-odd kilometre loops from distribution centres for retailers and e-commerce operations.

Trucks will complete a delivery loop in the morning, recharge briefly while they’re being reloaded with cargo back at the depot and

complete a second loop in the afternoon. Overnight, the vehicles can fully recharge using solar power stored in the depot’s on-site batteries.

Alternatively, vehicles can spend the day charging off the depot’s batteries and do delivery runs at night, causing less disruption to traffic. Either way, today’s investment in solar pays for tomorrow’s “fuel”.

This would be a huge cost-saver for companies, addressing rising diesel and petrol costs and reducing time spent on fuel management. Granted, it’s not quite the right time to invest in the actual vehicles yet – that will come in a few years when EV trucks are more advanced and prices are lower – but we are almost there.

For now, business owners should consider oversupplying their businesses with solar panels. This way they can take advantage of the Income Tax Act’s Section 12BA tax benefit.

Driven by data

The next step will be for businesses to identify popular routes, preferably in a 120km loop. This step is the data-gathering phase, which can be done using existing telematics data to plot out electric routes.

Vehicle electrification plans will need data points about current routes, vehicle load capacity, usual cargo, available drivers, grid quality near your business premises, the size of the business’s solar investment and various other factors. This could take quite some time to gather, but will guide decisions about replacing internal combustion engine vehicles with EVs during the normal fleet replacement cycle.

In two to three years’ time, businesses can then take the next step: investing in one or two EVs in the one-to-four-tonne range. At the moment, the commercial EV options in South Africa are limited. However, EV manufacturers

Vehicle electrification plans will need data points about current routes, vehicle load capacity, usual cargo, available drivers, grid quality near your business premises, the size of the business’s solar investment and various other factors.

are launching new models regularly and a large influx from Asia is anticipated from 2026 onwards. As a result, the quality of eight-, ten-, and 24-tonne trucks is now almost on par with their internal combustion engine counterparts and EV vehicle prices are dropping.

The reality of running a full EV delivery fleet is still a few years away, but you can start planning and preparing for this future by investing in as much solar as you can handle. Your investment will pay off in the long run, when highway electrification becomes more feasible for toll companies and you can invest in larger trucks.

Connectivity enables safer, smarter fleets

Embracing the future of mobility is crucial for fleet managers to thrive in this new, technologically driven era, writes HENRY SMITH, fleet sales director,

In the rapidly evolving landscape of technology, one area that has seen significant advancements is telematics – where telecommunications and informatics are combined to monitor, collect and transmit data. At the core of this advancement lies the rapid evolution of mobility technologies. From autonomous vehicles to advanced telematics, innovation is abundant. Unlike its predecessors, fleet mobility embraces flexibility and accessibility, leveraging innovative transportation technologies to offer agile, tailored and holistic solutions on demand for fleet management, from safety and security to efficiency, compliance and sustainability

Artificial intelligence (AI) has been integrated into various industries, including telematics, and this convergence of telematics, AI, and the internet of things (IoT) offers a powerful

combination. IoT devices, such as sensors and cameras, enhance data collection, which, when integrated with telematics and analysed by AI, provides a comprehensive view of the operational environment.

The use of AI in telematics has various potential benefits for fleet managers, and the marriage of AI and IoT is a complete paradigm shift in fleet management systems.

The IoT advantage

IoT integration into fleet management systems – especially with the added benefit of AI – offers substantial benefits for fleet operators. For example, these systems can be used to monitor vehicle diagnostics and maintenance needs in real time. This information can be used to improve the efficiency of a fleet by reducing downtime and maximising the utilisation of each vehicle.

Processes such as route planning, which was once performed manually, can now be fully optimised using complex algorithms based on millions of data points collected by internet-enabled monitoring systems on a fleet’s vehicles.

Additionally, IoT-enabled telematics systems can be used to track the location of vehicles to optimise routes and improve customer service. Finally, IoT-enabled telematics systems can be used to collect data on driver behaviour. These metrics translate to actionable insights that identify risky driving patterns and prevent accidents.

Processes such as route planning, which was once performed manually, can now be fully optimised using complex algorithms based on millions of data points collected by internet-enabled monitoring systems on a fleet’s vehicles. This level of connectivity not only enhances mobility, but also results in efficient, safer and smarter lower-cost operations with a smaller environmental footprint.

Looking ahead, IoT’s role in fleet management will expand, shaping the evolution of fleet management systems. As AI and IoT devices become more accessible, we expect to see the emergence of fleet management solutions leveraging IoT technology. These solutions aim to streamline IoT operations, enhance human-machine interactions, and improve data management and analytics, empowering fleet managers to make informed, real-time, data-based decisions, driving unprecedented levels of automation and efficiency for safer fleets.

Managing payment security

Some consumers still prefer to pay with cash, while many others enjoy inserting or tapping their debit or credit cards. Some savvy consumers opt to tap their smartphones with the likes of Apple Pay or Google Pay, while others prefer scanning a QR code or using the relatively new interbank instant payment app PayShap. Retailers need to cater to these ever-evolving tender types, including vouchers, mobile wallets and cryptocurrency.

Levelling the playing field

Ever-increasing payment options, with their concomitant increased attack surfaces, shine the spotlight on security. A security breach comes with obvious financial risk, but there are also reputational, compliance and legal risks to consider.

While tier one or enterprise retailers face myriad security risks, mid-market retailers often don’t have entire departments dedicated to security and compliance. Smaller companies often cannot take on the financial burden of having to invest in addressing the array of different security and compliance obligations. This opens them up to vulnerabilities that they simply cannot control.

A partner who brings enterprise experience and solutions to the mid-market segment effectively levels the playing field, particularly if they can offer a one-stop solution that’s encrypted end to end, enabling smaller retailers to serve customers as effectively and safely as their tier one counterparts.

Retailers have no choice but to keep pace with rapidly evolving tender types that bring with them massive cost and complexity considerations, plus added security and compliance risk. By WAYNE STEPPE , enterprise architect, and BERNARD VAN DER MERWE , information security officer, at Ecentric Payment Systems

With a significant proportion of payments still being conducted by card, the first thing retailers need to understand is that there are Payment Card Industry Data Security Standard (PCI DSS) requirements based on their footprint and volume. Effective partners come in and initiate risk descoping exercises, effectively removing or minimising risks by implementing solutions such as point-to-point encryption for cards.

Naturally, cash is still highly prevalent in South Africa, meaning that retailers need clearly defined systems and processes for how they manage cash. Technology plays an important role here, with reconciliation software ensuring that retailers have financial certainty and a single source of truth for all the tender types they accept, not just card payments.

The card space is already highly regulated, but with increasing options for alternative payments, such as SnapScan, PayShap, and evencCryptocurrency, regulators will mandate new security mechanisms and best practices. Retailers should appreciate that these are new and different technologies, and as such they come with new and different challenges.

Security begins in house

Cybercriminals evolve at breakneck speed, and in any organisation there are vulnerabilities in code that can be exploited. It is nonnegotiable to build robust in-house capability to stay ahead of trends or partner with specialists who can. For example, while not directly related to payments, South Africa is now one of the most targeted countries in the world for ransomware.

Yet, despite needing to address vulnerabilities across all attack surfaces, the biggest risk for any organisation is its people, followed by processes that fail. Retailers should invest heavily in staff training and education, as well as reactive security in the form of audits and controls, which – if effective – can help identify problems quickly.

Retailers also need to stay on top of preventative controls and measures to prevent any unauthorised individuals from accessing their systems. It is too late if a breach is detected only after the nefarious actor has entered the environment. An example of this would be workflows to terminate unauthorised access during onboarding and offboarding of staff. Another effective security strategy, which is made easy with modern, in-person payment solutions, is segregating duties to ensure that one individual never has complete control over a process.

It is evident that every time someone taps their smartphone or enters a voucher code, there is a host of highly complex systems and processes triggered, including encryption, payment rails, switching, settlement and reconciliation. Security needs to be woven into every step.

While this really has been the source of many sleepless nights for those in charge of IT and security at mid-market retailers, the evolution of technology means this no longer has to be the case. As long as a smaller retailer sources a partner with a long, proven track record in the enterprise space who can bring the same level of tier one security and functionality to smaller businesses in simple one-stop solutions, it has all but futureproofed itself and can confidently punch above its weight.

Despite needing to address vulnerabilities across all attack surfaces, the biggest risk for any organisation is its people, followed by processes that fail.