Cyberattacks like WannaCry, the ransomware worm that spread rapidly across a number of computer networks, has put serious cybercrime on the radar of South African companies. It’s an ever-evolving, exciting, in-demand field that has attracted CA(SA) Jordaan Burger. He offers some insights into this intriguing world
Every year brings new IT security breaches, but 2017 witnessed some of the most destructive and disturbing attacks since the dawn of the Internet age. Data breaches, virtual bank heists and state-sponsored malware attacks are becoming alarmingly commonplace. With economic crime in South Africa hitting record levels last year, organisations expect cybercrime to become an increasingly disruptive force in business over the next 24 months.
According to the PWC Global Economic Crime and Fraud Survey 2018, released In February, economic crime continues to disrupt business, with this year’s results showing a steep incline in reported instances of economic crime in South Africa. We have the highest levels in the world, at a staggering 77%. The global results were equally dismal, revealing the highest level of reported fraud and economic crime since PwC first began publishing the survey in 2001.
Greater awareness in South Africa
Jordaan Burger, a CA(SA) and the financial director of MWR InfoSecurity, a global provider of cyber security services, says he believes that the figures are the result of heightened awareness about cybercrime in South Africa. ‘We are seeing a definite increase in the knowledge and understanding of the extent of cybercrime on the part of the South African business sector, and that is good news,’ he says.
South Africa’s awareness of economic crime is indeed higher than the global average, with 70% of South African respondents indicating high or extensive knowledge. Burger attributes this to an increasing drive by the information security industry to ensure that organisations continue to invest in fighting crime.
If you run an online dating site, Burger says, you are likely to be targeted by hacktivists. Banks, on the other hand, are more likely to be hit by more severe cyber-attack categories such as nation states or crime syndicates, but it depends what industry and business you are in, and what your assets look like. ‘It’s tough to determine where attacks will originate from,’ he says. ‘On the corporate and commercial level, they can come from almost anywhere. Whether local or international, syndicates work on an internal rate of return – they seek out the highest returns for the lowest effort, and they will hit the softest targets first, regardless of their location.’
Info security skills shortage
Burger notes that one of the biggest challenges facing the industry, locally and globally, is the skills shortage. It’s one of the reasons behind the playful, vibrant offices MWR has created for its employees.
‘To attract the best skills, we need people to enjoy what they are doing. This is a place where we work hard and play hard too. To encourage people to think outside of the norm, they need to be creative. Hence the toys, the art, and the gorgeous industrial strength Italian coffee machine. The first three months of training here focuses on barista skills,’ he jokes. ‘That’s what determines who makes it through probation. It’s about giving our people the freedom to take things apart, do the research, and come up with new solutions, from the perfect cup of coffee to the latest in cyber defence.’
To make an impact in this industry you have to be research-led. MWR InfoSecurity employees take part in many global cybersecurity competitions, which is where its clients are able to see the level of expertise on offer.
To find the right type of employees, the company has an interesting recruitment process. HackFu, an annual two-day event serves as a way for MWR to spot potential new hires and to get people interested in cybersecurity. ‘The participants are drawn from universities, and this is one way to get into our internship programme. They are mostly electronic engineering and computer science graduates. We focus on finding problem solvers, and people who can work together as part of a team. It’s fascinating to learn more about this industry and to understand what it means to be a safe computer user.’
As cyber threats become more pervasive and destructive, so it has become critical not to wait for enemies to strike but go looking for them. MWR employs threat hunters for one of their managed solutions, who look for signs of unusual activity and different types of attacks, essentially pre-empting strikes where possible. They focus on the human elements in attack detection.
‘One of the biggest challenges for any business is to take the appropriate action,’ says Burger. ‘There has been a big shift from focusing on prevention to taking a more all-encompassing approach. We call it PPDR − prediction, prevention, detection and response. Each phase requires strategies and activities that will move the process to the next phase so that you ultimately have all the components of an effective cybersecurity strategy. As an analogy, one cannot prevent attackers from climbing over your walls no matter how high you build them, which is why in cybersecurity, detection and response have become critical. The attacker only needs to find a single entry-point to compromise an organisation, so the defender must defend all systems perfectly all the time to be secure. Automated systems gather data, collecting network traffic and pulling in logs from everywhere, but ultimately, you need a human to do the real analysis.’
How did Burger, a CA(SA), find himself in this fascinating world? He says he’s always been drawn to finance and business. Alter qualifying, he was exposed to investment banking for a short time, and then he went into private practice for six years, before ending up at MWR. Once in, he was immediately captivated. It’s for this reason that he encourages newly qualified CAs(SA) to experiment and discover what they are truly passionate about.
The company was established in South Africa in 2007 by two expats who had been working for MWR in the UK, and then relocated back here. From a start-up enterprise run from a house in Pretoria, MWR has grown into one of the top cybersecurity providers in the country, with around 100 employees.
MWR’s finance activities were initially outsourced to a firm of registered accountants and auditors where Burger was the engagement partner. The relationship progressed over the years until he finally made the leap to join MWR full time.
The company continues to grow apace, in line with the need for increasingly sophisticated security solutions. “What we do differently is that we try to solve actual problems, he says. We focus on scoping exercises and really looking at the clients’ needs from a strategic level, to see how best to mitigate their risk.”
Operations and finance
At heart though, Burger is still a numbers guy. He has used his skills to build a small, effective and highly skilled finance team that services the business globally. ‘The team has amongst others three fully fledged CAs(SA) and one who is almost qualified – and has been structured to align with what we do as a business,’ he says. ‘Being a predominantly serviceoriented company, we do not deal hundreds of invoices and daily transactions. Instead, every transaction we handle requires high-level thinking because of the complex nature of the work. That is how we became responsible for much of the global operations of MWR InfoSecurity. We have an excellent working relationship with the holding company finance team in the UK.’
Although there are always challenges when it comes to running global operations, he is inspired by the diverse nature of the work, which includes figuring out accounting processes for new services that are introduced, as well as understanding all the different aspects of the business, including the commercial and procurement components.
He maintains that CAs(SA) have an advantage over other global practitioners because they know how to survive in harsh environments. ‘In South Africa, we have had to learn to deal with constant fluctuation in the foreign exchange rates and, as a result, our team has developed expertise in foreign exchange gains and losses, and hedging transactions, which makes us a good fit for our offices in Singapore, the US, Poland and Germany.’
Looking ahead, he says it is important to focus on creating a more secure society. It’s an industry packed with opportunities. With PwC estimating that accountants and other financial institutions are particularly attractive to cyber criminals – they are 30% more likely to be targeted than other companies – Burger advises accountants, both in practice and in the industry, to understand how to identify and respond to cybersecurity risks, rather than ignore the issue in the belief that information security is the domain of their IT departments or that their organisation’s firewall will prevent any breaches.
HOW TO SELECT THE RIGHT SECURITY PARTNER
Choosing a cyber security vendor is a significant business decision. Here are some of the questions you need to consider when making a decision:
What is the company’s track record?
How long has it been in business? What proof do you have of its stability and ability to do the job? Can the company provide references?
What certifications does the company have?
The certifications and credentials of the team are key. Some to look out for include OSCP. CREST, ISC Certification, GIAC Certified Intrusion Analyst (GCIA), and the ECSA penetration testing certification.
What level of research does the company produce?
Research is critical as this demonstrates knowledge of industry trends and threats.
Does the company have a global footprint?
A global presence in cyber security and application delivery solutions is critical as this demonstrates global mitigation capacity as well as an ability to provide comprehensive support. It also means that the company has access to the latest information on threats and is able to stay ahead of the curve.
Is the company willing to educate your team?
Cyber security is everyone’s responsibility and the partner you choose should be willing to train your team with a focus on improving their approach to security and enhancing their awareness of the risks. The effectiveness of the solutions they provide will, after all, depend in no small way on the education of the users.
Words Monique Verduyn
Photos André van der Merwe