By Vicky Sidler for MyBroadband / Nick Saunders at Mimecast

When I say the word “bat”, what image comes to mind? A flying mammal? A cricket bat?

In English, they call this a “homograph”: when two or more words are spelled the same but don’t have the same meanings or origins.

In cyber-security, a homograph is a lot more sinister. It’s a term given to a type of impersonation attack where an email address or website URL looks legitimate but isn’t. It’s designed to trick people into clicking on malicious links or to fool them into transferring money or sharing sensitive information.

Recent research by Vanson Bourne and Mimecast found that more than 85% of respondents had seen impersonation fraud in the past 12 months, and 40% had seen an increase in this type of attack in the same period. In South Africa, 36% of respondents had seen an increase in impersonation fraud asking to make wire transactions, and 37% had seen an increase in impersonation fraud asking for confidential data.

Despite this growth, many organisations do not have a cyber resilience strategy in place to help them detect, prevent and recover from these types of attacks.

Easy to execute, hard to detect
Homograph attacks are difficult to detect – by both the user and regular email security systems.

To create these lookalike domains, attackers use non-Western character sets or special characters found in Greek, Cyrillic and Chinese, to display letters which, to the naked eye, look identical to the western alphabet. Mimecast.com, for example, looks like мімесаѕт.com in Cyrillic. According to one domain name checker, there are 117 possible Mimecast domains that can be misrepresented with just one character from a non-English alphabet.

These subtle changes are likely to go unnoticed by users. In South Africa, 31% of respondents were not confident that employees could spot and defend against impersonation attacks, which easily and often slip through an organisation’s security systems.

Some 21% of South African respondents were not confident that their organisation’s security defences could defend against impersonation fraud asking for confidential information, rising to 25% for fraud asking to make wire transactions – in line with global trends.

This is because the emails themselves don’t contain malware and the URLs often have legitimate (read: stolen) security certificates.

Is it me you’re looking for?
Website URLs aren’t the only avenues for impersonation attacks; email address impersonation is also on the rise.

These types of attacks are designed to trick users such as finance managers, executive assistants and HR representatives into transferring money or disclosing information that can be monetised by cybercriminals. The email appears to come from someone they trust – a C-suite executive or a third-party supplier that they regularly do business with – and therefore wouldn’t think twice about responding to.

South Africans reported that, in the past 12 months, cybercriminals have attempted to impersonate finance teams (24%), third-party vendors (20%), a member of the C-suite (7%), as well as HR, sales, operations, legal and marketing team members (between 5% and 8%).

Again, these emails do not contain malware, which means they can go undetected by most email security systems. Social engineering attacks such as these rely on our inability to spot anomalies in URLs and email addresses – and the fact that we believe we’re communicating with someone we know.

Know what to do
Cybercriminals have figured out that they can bypass security systems by switching from malware-laden attacks to malware-less impersonation attacks. Now, social engineering meets technical means to put us in the middle of the next evolution of cyber-attacks.

Here are some measures organisations can implement to guard against these types of attacks:

  1. Education – when users know how social engineering and spoofing attacks work and then understand they shouldn’t click on links in emails, breach incidents can be drastically reduced. Users should be encouraged to physically type an address into a browser rather than click on a link in an email, even if it was supposedly sent by someone they know and trust. Education and awareness will always be the most important defence mechanisms.
  2. Protection – email security systems are getting better at stopping malware which enter the network through dodgy files and attachments, but few are effective against impersonation attacks. Organisations need a solution that can deep-scan all inbound emails and inspect for header anomalies, domain similarity, sender spoofing and the existence of keywords and suspicious impersonation emails. These can then be blocked, quarantined, or delivered as flagged to alert the receiver of potential risk.
  3. Resilience – having the right threat protection in place is just one part of a robust cyber resilience strategy. Organisations also need to be able to adapt their strategies to stay ahead of attacks, while having the durability to continue with business as usual in the event of an attack, and the recoverability to ensure data and emails are always accessible.
  4. Oversight – often, lax security on a third-party supplier’s side provides an entry point into an organisation’s network. Enterprises should continuously evaluate and manage the security and privacy policies of their suppliers and include security in their service level agreements. They should also perform on-site security assessments with new suppliers before sharing sensitive information.
  5. Visibility – organisations need to know who their vendors are and who has access to company information, and for what reasons. This is even more important now that the EU’s General Data Protection Regulation has come into force and will affect all South African organisations when the Protection of Personal Information Act is finalised.

Thirty-seven percent of South African organisations have suffered data loss because of email-based impersonation attacks in past 12 months. These organisations also reported reputational damage (34%), loss of customers (29%), direct financial loss (17%) and lost market position (19%).

Email continues to be the number one threat to organisations globally and accounts for 96% of all incidents that organisations face.

Clearly, there is an urgent need to work towards a higher standard of email security. Cyber-criminals have evolved their attack methods. It’s time the security strategies organisations use to protect their users and their businesses evolve as well.

Source: Martha Stewart

Monogrammed boxes
These elegant containers are perfect for jewelry, gift cards, and small items.

Materials:

  • Coloured card stock
  • Computer
  • Printer
  • Bone folder
  • Scissors
  • Straightedge
  • Glue stick
  • Heavy books

Instructions:

In a photo-editing program, create a 2-page document. On the first page, draw a picture box, and then import a box template, from a CD, centering it carefully on the page.

Draw a second picture box, and place it on the template where you want the letter to appear. Import letter from a CD, sizing it as desired.
Copy template and letter from first page, and paste onto second page in the same position.
Delete letter from first page; delete template from second page.
Print first page onto colored card stock. Flip card stock over, and print second page with letter on other side.
(For a white letter, draw a picture box on the second page larger than the template. Color in box, make the letter white, and print onto white card stock.)
Cut out along template’s outside edges.
Using a bone folder and a straightedge, score straight dotted lines. Score curved lines using a round plate as a guide. Fold along straight lines, and seal with a glue stick.
Let dry between heavy books. Fold along curved lines to close box.

Punch-out pizzazz
Whimsical iron-on shapes turn basic T-shirts and totes into one-of-a-kind gifts.

Materials:

  • Photo-editing program
  • Iron-on transfer paper
  • Paper punches or decorative scissors
  • Iron
  • T-shirts or tote bags

Instructions:

In a photo-editing program, import patterns.
Print onto iron-on transfer paper, following the manufacturer’s instructions. (For crisp printouts, use paper meant for dark fabric.)
Cut out shapes using paper punches or decorative-edge scissors.
Iron onto fabric, following the manufacturer’s instructions.

Memory DVD
Create a DVD full of memories for the favourite dad in your life.

Materials:

  • Blank DVDs
  • DVD labels
  • Digital images
  • Printer
  • Envelopes
  • Card stock
  • Ribbon

Instructions:
Share memories of your Dad by creating your own DVDs and DVD labels on a computer. Simply take one of your favorite pictures, and print the image on a sticky label designed to fit a DVD – it’s a small touch that makes the gift extra special. When packaging the DVDs, place them all into individual envelopes, and then take your chosen photographic image and print it on card stock to make a one-of-a-kind cover.

Custom treats container
Take holiday photo cards to the next level: paste an image on a small container and fill it with your Dad’s favourite treats.

Materials:

  • Small box
  • Red nontoxic acrylic paint
  • Paintbrush
  • Pencil
  • Card stock
  • Scalloping shears
  • Photograph
  • Craft glue
  • Scissors
  • Glassine
  • Favourite snacks (such as sweets, biltong and nuts)

Instructions:
Coat a small box, outside and in, with red nontoxic acrylic paint; let dry. Trace the box top onto card stock.
Draw a circle about 1/2 inch larger around the traced circle; cut out with scalloping shears. Repeat to make a second circle.
Print or photocopy a photograph, adjusting the color, if desired. Trace the box top onto the picture; cut out. Use craft glue to affix the photo to one of the scalloped red circles; let dry.
Affix that circle to the top of the box and the other circle to the bottom using craft glue. Line bottom of the box with glassine.
Fill with your Dad’s favourite snacks.

By Harry Pettit for MailOnline 

An ’embarrassing’ leak shows the European Union has fallen short of its own data protection laws.

The European Commission’s website has published 700 records, including the names, addresses and mobile numbers of conference attendees, according to a report.

Officials in Brussels admitted the authority that designed the rules is not itself compliant with the General Data Protection Regulation (GDPR).

The Commission has previously warned that those who breach these rules, which came into force last week, could face millions in fines.

Following the leak, a spokesperson said the authority was exempt from GDPR laws for ‘legal reasons’.

Officials in Brussels will follow a similar set of new laws that ‘mirror’ those laid out in GDPR.

These rules will not enter force until autumn, according to the Telegraph.

The spokesperson added that the Commission is ‘taking and will continue to take all the necessary steps to comply’.

GDPR aims to strengthen and unify data protection for all individuals within the EU, which means cracking down on how companies use and sell user data.

Under GDPR, companies are required to report data breaches within 72 hours, as well as allow customers to export their data and delete it.

Companies scrambled to comply with the rules before they were ratified on May 25 with the Commission threatening hefty fines for those who breached them.

The bureaucracy’s website exposed 700 records that include people’s names, professions, and even some postcodes and addresses.

Officials in Brussels admitted the authority that designed the rules is not itself compliant with the General Data Protection Regulation. GDPR aims to strengthen and unify data protection for all individuals within the EU.

The records, some of which featured the private information of Britons, were collected during EU meetings and conferences and stored on data spreadsheets.

Tech website Indivigital found the documents are among thousands hosted by the website Europa.eu that are freely accessible online.

Many of them could be found by simply searching for the document on Google.

This leak would constitute a breach of GDPR rules were the blunder committed by other organisations or businesses.

What is GDPR?

The General Data Protection Regulation is an EU-wide law that cam into force on May 25 2018.

It gives greater power to regulators to penalise companies who mishandle personal data or are not transparent about how their business uses it.

For consumers, it brings new powers that require firms to obtain clear consent from users before processing their data.

It also grants users a right to easily access the data collected from them and transparency on how it is being used.

Everyday users have to do very little to comply with GDPR – it’s more targeted at big online businesses.

Under the new rules, any company that controls or processes the data of EU citizens must adhere to the GDPR guidelines.

This ends territorial-based accountability used by some firms not based in the EU to previously avoid sanction.

The law also states that notification of a data breach must occur within 72 hours of being first discovered, increasing transparency around leaks.

The weight of fines able to be issued has also increased under GDPR.

Regulators will be able to issue penalties equivalent of up to four per cent of annual global turnover or 20 million euro (£17.5 million) – whichever is greater.

For tech giants such as Google and Facebook, this could mean the risk of fines running into the hundreds of millions.

Fines for such a breach can reach up to £17.5 million ($23 million) or four per cent of global turnover – whichever is largest.

Jon Baines, a data protection expert at law firm Mishcon de Reya, described the ‘irony’ of the EU’s admission.

‘Although the information disclosed here does not appear to be particularly sensitive, it does raise questions about the general level of compliance, and whether any further inadvertent disclosures have been made,’ he told the Telegraph.

Steve Gailey, security expert at database security firm Exabeam, added that the exposure ‘is embarrassing for the EU, coming hot on the heels of GDPR’.

Reserve Bank trials blockchain successfully

By Hanna Ziady for Business Live 

Payments between SA’s banks, averaging R350-billion daily, can be settled using blockchain technology, tests demonstrate.

“Project Khokha”, whose results the Reserve Bank announced on Tuesday, successfully trialled interbank settlements using distributed ledger technology (DLT), of which blockchain, the mainstay of cryptocurrencies such as bitcoin, is one type.

Distributed ledgers use independent computers to record, share and synchronise transactions in online ledgers, without the need for an independent third party to verify those transactions. DLT could “fundamentally change the financial sector, making it more efficient, resilient and reliable”, according to the World Bank. In the long term, it could usurp a large portion of the work performed by trusted intermediaries such as banks and clearing houses.

DLT developments

Central banks around the world, meanwhile, are grappling with the implications of financial technology (‘fintech’) for financial markets and their supervisory roles in those markets. That Project Khokha has been a success puts the Bank at the cutting edge of developments in DLT, alongside the likes of the Bank of Canada and Singapore’s central bank.

The trial was designed, built and executed in three months. Key role-players included the Bank’s fintech unit, established in August 2017, and SA’s six biggest banks, as well as newcomer Discovery Bank.

The results show that the typical daily volume of SA’s payments system, averaging R350bn, could be processed on a distributed ledger in less than two hours with full confidentiality of transactions.

This has considerable implications for future applications of blockchain technology in SA. Future “blockchain experiments” might involve other central banks on cross-border payments, said Bank governor Lesetja Kganyago.

The Bank had “pushed the envelop in a number of ways” on the project, said Peter Munnings, technical lead of enterprise delivery at New York-based ConsenSys, a blockchain software technology firm and the Bank’s technology partner.

“There are many issues to consider before the decision to take a DLT-based system into production can be taken,” the Bank said.

“Some of these issues relate to the practicalities of implementation, but also to legal and regulatory factors, and to the broader economic impact.”

One of the objectives of Project Khokha was to better understand how the South African Multiple Option Settlement (SAMOS) system would integrate with a DLT system. SAMOS is the current interbank settlement system provided by the Bank, allowing banks to settle their obligations in real-time.

HP to cut 5 000 jobs in restructure

By Dion Weisler for CNBC 

HP now expects 4 500 to 5 000 employees to leave the company by the end of fiscal 2019 as part of an ongoing restructuring plan, the PC maker said on Tuesday.

In October 2016, HP’s board had approved a restructuring plan to be implemented through fiscal year 2019, under which it had expected around 4,000 job cuts. In May, the company said it expected that number to increase by 1 to 2 percent.

The company employed 49,000 people as of October 31.

HP, formed in 2015 when the then Hewlett-Packard Co was spilt into two, said in a regulatory filing. It now expects pretax charges of about $700 million related to the layoffs, compared with about $500 million forecast earlier.

HP estimates that about half of the expected pretax costs will relate to severance and the remaining costs due to infrastructure, non-labor actions, and other charges.

When Hewlett-Packard Co split up, HP Inc focused on the consumer-facing hardware business, including sales of PCs and printers, while Hewlett Packard Enterprise co-hosted the company’s data-center, software and services units.

HP, which has the top position in worldwide PC shipments in the first calendar quarter of 2018 with a 22.6 percent market share, reported better-than-expected quarterly sales of $14 billion in the quarter ended April 30.

Source: BusinessGhana

Award-winning South African designers are taking on the world of online stationery with beautiful, locally illustrated designs.

Ink & Bash is a new Stellenbosch-based start-up that’s making it easy for anyone to design their own high-quality, one-of-a-kind event invitations. Their online store features a range of 65 invitations that allows people to insert their own event details into the designs. Invitations can then be e-mailed, sent via WhatsApp or printed for guests.

The Ink & Bash brand was incubated at Fanakalo, an award winning design team from Stellenbosch. They’ve long been known for their original, offbeat design work for wineries, craft spirits and beer both locally and abroad. They recently won a double Gold for their wine label work at the San Fransisco International Wine Competition and walked away with two golds at the fourth annual South African Wine Label Design Awards.

It was a simple problem that led to the creation of Ink & Bash: most people can’t afford to pay for a designer to craft an special invitation to their event, be it an save-the-date, kids birthday party or just a get together between friends. To solve this problem, Ink & Bash created 65 editable invitations for their website at R25 per design. If compared to the average cost of between R2 500 – R7 500 when using a designer, this is significant.

Customisable templates are a quick and easy way of creating stationery for special occasions, but the work that goes into the Ink & Bash templates is everything but instant. They’re thoughtfully created with a whole lot of love, and feature painstakingly hand-drawn illustrations. There are also plenty of themes to choose from, ensuring that there’s something for every kind of bash, from braais and kids birthday parties to kitchen teas and weddings.

“We saw the need for event stationery that is well-designed and different. An invite is the first thing guests see. It should say ‘this event is special and the party is going to be loads of fun’. Unfortunately the somewhat cheesy and cliched event stationery designs that are out there today aren’t making a great first impression. So with Ink & Bash we want to kick so-so, same old stationery to the curb,” says Frans De Villiers, one of the co-founders of Ink & Bash.

Which IT job pays best in South Africa?

Source: CareerJunction

Jobs portal CareerJunction has published it latest salary review for 2018, showing among others what the average IT employee earns per month.

CareerJunction used actual salary offerings on their jobs portal Web site (16 000+ jobs monthly) for the latest measurable period (December 2017 to May 2018).

Skill levels covered in the report include both intermediate and senior.

IT management jobs saw the biggest jump in salary, moving from R59 490 per month to R66 010 (11%). Systems analysts were the worse hit by decreases, losing 17.1% in value over the year (from R42 420 to R35 170).


Image credit: Business Tech

Regional salary differences

The Western Cape and Gauteng remain favourable locations to work for IT professionals. Salaries in these regions are very close to the national average while salaries in KwaZulu-Natal are not nearly as competitive.

The salary ranges above are based on monthly “cost to company” remuneration and only serve as an indication of the average salary offerings for each occupation.

By Adiel Ismail for Fin24 

Goliath and Goliath CEO Kate Goliath is encouraging small businesses to ramp up security measures after her comedy and entertainment agency fell victim to invoice intercepting as a result of e-mail hacking. You should be able to manage and secure your company data, as it is the most valuable thing. If you need some help managing your business data, make use of RadiusBridge business reporting software.

Goliath and Goliath is out of pocket to the tune of more than R300 000, while its subsidiary The PR Bailiff has been scammed out of R20 000.

The hackers gained access to the company’s emails and requested clients to make payments to a different bank account.

Goliath told Fin24 that small businesses shouldn’t just rely on tech companies to educate them about cybercrime.”Find out as much information about how hackers get into the systems so that you are aware of what service providers need to offer,” she said.

“Be vigilant. Protect your business and insure the technical side of your business as well.”

The company opened a case with the police and is in the process of sending a subpoena to the bank where the funds have been deposited.

Afrihost said it will work with the police to further investigate the incident. “We strongly believe this was a case of phishing,” a representative told Fin24.

Entertainment and media high risk for cybercrime

“We have noticed that some banks are posting warnings before a client makes a payment to verify that the bank details they’re using are correct. We assume that this is because of an increase in these types of phishing attacks.”

Cyber incidents rank top in the entertainment and media, financial services, technology and telecommunications industries, according to the Allianz Risk Barometer 2018.

The report revealed that cyber incidents remain a top threat with 38% of responses for South African businesses, which is reported to lose billions of rands a year to cyber attacks.

The three Goliaths – Jason, Donovan and Nicholas – do stand-up comedy and entertains at workshops, conferences, award ceremonies and events.

Craig Rosewarne, Managing Director at Wolfpack Information Risk, which is a threat intelligence firm that specialises in understanding and predicting cyber threats, said small and medium businesses are just as vulnerable as big businesses when it comes to hacking.

“Their challenge however is that security is often the last thought until they get stung and end up either losing a substantial amount of money or leaking their customer’s sensitive data,” he told Fin24.

Wolfpack has assisted many small and medium sized businesses whose invoices have been hacked, said Roseware. In this regard it has found three common causes:

1. Attackers will perform reconnaissance on key individuals in IT / Finance / Execs and send a targeted spear phishing email to target their machines for access or further information

2. Spyware is loaded on their devices that record keystrokes and take screenshots for the attacker

3. Compromising their online hosting / email platform and adding in rules for any email that has the word “invoice” or “payment” – to send a duplicate email to the attacker’s gmail or “burner” account.

Tips for companies

Roseware suggested that companies under attack should conduct an independent risk assessment and obtain guidance on how to mitigate risk.

“Employees should also be made aware of risks and this should be backed up with an information security policy signed by staff and contractors.”

He also stressed the importance of having up to date anti-malware software on all devices that process sensitive information.

Cyber risk is fast becoming the number one risk facing countries, governments and organisations, noted Roseware.

“In all of these scenarios it often boils down to an individual that gets compromised so cyber awareness is key in both your business and personal lives.”

MTN steals Cell C contract from Vodacom

By Loni Prinsloo, Bloomberg/Fin24 

MTN will replace its cross-town rival Vodacom in a network-sharing deal with Cell C, South Africa’s third-largest mobile phone operator.

Cell C, which has roamed on Johannesburg-based Vodacom’s network since 2001, will switch to MTN from next month, Cell C chief executive officer Jose dos Santos said in an email.

The bulk of services will be transferred within two months and will allow the operator to offer 3G and 4G connectivity in areas where Cell C has decided not to build networks, he said.

For MTN, the deal will help fund “our ongoing network expansion,” MTN South Africa CEO Godfrey Motsa said in a statement.

Cell C will roam on MTN’s network in smaller cities and rural areas, where the company has additional capacity. Vodacom couldn’t immediately comment.

South Africa is MTN’s largest market after Nigeria and the company has invested almost R30bn during the past three years to expand its network and catch up with Vodacom’s coverage in the country.

Uber Eats buys local start-up

By Zeenat Vallie for IOL

Uber Eats has today announced that it acquired South African restaurant technology company owned by venture capital firm Knife Capital, orderTalk.

This acquisition is a major step for Uber Eats which will be able to streamline workflows by directly integrating with leading point of sale (POS) systems.

Knife Capital which leads a business model that sells off companies has sold orderTalk in order to secure significant returns.

“An exit is part of the standard business model for any VC. We invest with the intention to secure significant returns for our entrepreneurs and investors and trade sales are the most common way to generate such returns. The time was right and so was the offer by Uber. It therefore made sense to exit,” says Knife Capital.

orderTalk which is the original provider of online ordering systems for restaurants worldwide, utilises proprietary remote ordering software including mobile and social media applications.

The start-up, which was founded by Hilton Keats in 1998 was backed by an online ordering software development partnership with a United States restaurant chain.

In 2004, lawyer Patrick Eldon joined the group and opened its Cape Town office a year later.

orderTalk then received a R9 million investment in 2008 from Knife Capital which is owned by internet billionaire, Mark Shuttleworth to scale the business internationally.

“Raising capital by way of the investment made by HBD provided enormous value, not only in tangible but also intangible terms. The strategic support, mentoring, advice and hands-on assistance received from HBD and Knife Capital
over the years of the investment have been invaluable”, said CEO of orderTalk, Patrick Eldon.

Although Knife Capital said that they would love to disclose the sale of the acquisition, for strategic reasons from Uber’s side: ‘Terms of the deal were not disclosed’.

“Since they are the main player in this acquisition and not to compromise orderTalk’s new path/ partnership, we respect that and choose not to disclose anything that is not in the public domain”, said Knife Capital.

Meanwhile, the Uber Eats business which works with over 100 000 restaurants in 200 cities in 35 countries said that POS integration on a large scale is challenging. This is the reason they acquired orderTalk.

According to Uber Eats head of business development, Liz Meyerdirk, this acquisition will give rise to greater efficiency and essentially less errors that arise with manual labour and to streamline workflow.

“With orderTalk’s engineering talent and the group of people that we’re acquiring, we’ll be able to supercharge our own point of sale integration strategy,” said Meyerdirk.

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top