Nedbank, Telkom, Discovery and Investec are among top South African listed companies with the most exposure to cybersecurity risks.
This is according to a new research report from the Cyber Intelligence Research Group, the results of which are being released on Monday at CyberCon, a cybersecurity conference in Johannesburg.
The Cyber Exposure Index (CEI) was launched in Singapore earlier this month. Over the next few months, indices for eleven major global stock exchanges outside of the US will be released. Following the release of the Singaporean and Finnish indices, the South African index is the third to be published.
In the ICT sector, those scoring a 4 included Telkom, MTN and EOH. Mix Telematics, Vodacom, Huge Group, Mustek, Adapt IT, Blue Label Telecoms and Naspers all scored 3
The CEI scores listed companies on their levels of exposure. South African companies received an average exposure rating of 1.9.
The index aggregates data that is publicly available through the dark and deep Web, or as the result of third-party data breaches. This data is used to identify top listed companies’ vulnerability to hacker group activity, disclosed sensitive information and leaked credentials.
Companies are then scored from 0-5, where 0 indicates no exposure and 5 places a company among the 1% of firms with the most exposure.
While no South African company scored a 5, many household names — from Sasol to Liberty Holdings and from Woolworths to Anglo American — scored a 4.
In the ICT sector, those scoring a 4 included Telkom, MTN and EOH. Mix Telematics, Vodacom, Huge Group, Mustek, Adapt IT, Blue Label Telecoms and Naspers all scored 3. ICT companies scoring at the other end of the scale, with 0, included Alviva Holdings (formerly Pinnacle Holdings) and Labat Africa.
Telecommunications companies have among the highest levels of exposure in South Africa at 13.1%, compared to the global average of 2.4%, according to the researchers.
South Africa’s global relative cyber exposure by industry, according the Cyber Exposure Index
South African companies have received an average exposure rating of 1.9 in the debut results of the Cyber Exposure Index
The company responsible for the index, Kinkayo, is a Singapore-based cyber intelligence organisation founded by professionals in the cybersecurity field.
The CEI has been developed as a way for companies to gauge their cyber exposure, empower them with the opportunity to identify where their vulnerabilities lie and take decisive action against their risks, it said.
Download the full list here.
Source: Tech Central
It seems like there is a new data breach every other day, causing companies untold embarrassment and reputational damage when customers’ private details are leaked.
A new Web site called www.haveibeenpwned.com allows you to see if your details have been compromised by a data breach.
Simply click on the link, enter your email address and click the pwnd? button to find out if you’re a victim.
Major data breaches
Some high profile leaks in the last while include:
- RNC (2017)
A misconfigured database containing the sensitive personal details of over 198-million American voters was left exposed to the internet by a firm working on behalf of the Republican National Committee (RNC) in their efforts to elect Donald Trump.
- Zomato (2017)
Zomato, which provides users with an online guide to restaurants, cafes and clubs, reported that data from 17-million users had been stolen, including email addresses and hashed passwords.
- NHS (2017)
The recent WannaCry ransomware infected 47 NHS England Trusts and hundreds of companies across the world.
- ‘Eddie’ breach (ongoing)
Security researchers at the Kromtech Security Research Center discovered a massive database of 560-million login credentials which is believed to come from up to 10 popular online services such as LinkedIn and Dropbox, obtained during previous data breaches.
- Wonga (2017)
Payday loan company Wonga has fallen victim to a large data breach that could have hit as many as 245,000 of its customers including bank account numbers and sort codes.
- Tesco Bank (2016)
Late last year, Tesco Bank, the consumer finance wing of the British supermarket giant, froze its online operations – after as many as 20 000 customers had money stolen from their accounts.
- Sage (2016)
As a FTSE-100 firm, the apparent insider attack admitted by accounting and HR software firm Sage could turn out to be one of the most important in UK data breach history if its scale is confirmed.
- Ashley Madison (2015)
In July 2015, a group calling itself “The Impact Team” stole the user data of Ashley Madison, a commercial website billed as enabling extramarital affairs. The group leaked more than 25 gigabytes of company data, including user details.
- Mumsnet (2014)
A direct victim of the infamous and widespread Heartbleed SSL software flaw, the compromise allowed hackers to access anything up to 1,5-million user accounts on the hugely popular site, its owners revealed.
- Yahoo (2013, 2014)
It seems hard to pin down just one data breach spawning from Yahoo’s 22 years in business. Last year appeared to unearth a mammoth lack of security on Yahoo’s part with reports uncovering a breach affecting over 500-million Yahoo user accounts during 2014.
- Sony PlayStation Network (2011)
The largest data breach in history at the time, Sony’s disastrous 2011 breach saw hackers make off with the customer records of 77-million people relating to its PlayStation Network, including a small number revealing credit card numbers.
Sources: www.techworld.com; wikipedia; www.haveibeenpwnd.com