Business Insider SA -  Sep 16, 2020

• 
  
• South Africa is reopening its borders, at least partially, soon.
• But that doesn't mean foreign visitors will immediately stream into the country.
• Despite relatively low and dropping new coronavirus case numbers, SA remains red-listed by many countries, which means quarantine for those who travel here when they return home.
• SA now has to decide whether to accept risky tourists, as the tourism industry looks toward a multi-year recovery.

 

President Cyril Ramaphosa announced on Wednesday that South Africa will open its borders to internationally tourists in October - with some caveats. 

But that doesn’t mean they will come. South Africa remains on many so-called red-lists as far as leisure travel goes, even as infection numbers drop.

Depending on the country’s specific system and requirements, this means that although South African borders may be open for leisure travel, those who come could be subjected to mandatory quarantines on their return.

The most significant overseas contributors to local tourism come from the United States, United Kingdom, Germany, The Netherlands, and France. Although South Africa’s coronavirus situation is improving, none have yet placed SA on list of countries that do not require at least self-isolation upon return.

That could be an issue, says South African Tourism CEO Sisa Ntshona.

“Home-country quarantines are a barrier.

But he is hopeful, considering the rapid change in new infections reported in South Africa.

"According to UK criteria we were in the red zone last week, but we’ve now moved into the amber or yellow zone, and projections are that we are going to move into the green zone within the next two weeks,” says Nsthona.

The methods used to determine these red zones or lists vary from country to country. 

The United Kingdom and Germany, for example, use a variety of factors to determine a country’s status - but primarily looks at the infection rate over the previous seven days, to arrive at an estimation of active cases. 

In the case of the United Kingdom, infection levels must be below 20 new cases per 100,000 of the population over the previous seven days. In Germany, this figure is 50 new cases per 100,000 over the last week.

According to the most recent data, South Africa is reporting approximately 18.58 new cases per 100,000 per week – well within Germany’s threshold, and just under the United Kingdom’s. 

Even so, most countries that the South African tourism sector is heavily reliant on have yet to ease restrictions. 

According to the German mission in South Africa, at present, “given the Covid situation in South Africa, Lesotho and Eswatini, these countries currently do not belong to the list of countries, where travel restrictions could be eased”. 

The same is true for the United Kingdom - which has dropped isolation requirements for residents returning from some 66 countries - but still requires them for visitors from South Africa.

The Netherlands has a slightly softer stance; that country’s government “strongly advises” travellers returning from several destinations, including South Africa, to self-quarantine at home or in temporary hotel accommodation for 10 days upon arrival in the Netherlands.

These zones are a moving target, which Ntshona says makes planning difficult.

“This calibration is done on a weekly basis, so all of this can change if suddenly numbers spike up,” he says.

Because of this much of his organisation's focus will be on countries in Europe that are a relatively easy night flight away.

“Many people argue that South Africa is a long-haul destination, but we’re arguing that it’s an overnight flight away, especially for Europe. So we are now looking to position ourselves as an overnight flight destination, so we can get into the shorter term type of booking,” says Ntshona.

Ntshona also says that given the constantly shifting patterns of Covid-19 infections, it may well lead to travellers taking more spontaneous trips. 

But with many European Union countries allowing relatively unrestricted internal travel – and with no requirement to self-quarantine upon return – it may prove a difficult sell to get these visitors to venture further than a regional trip.

Nsthona believes these issues are not insurmountable, but require countries to remain agile as Covid-19 infection numbers rise and fall.

“We’ve seen the turmoil between the UK, France and Spain, where UK tourists were already in Spain, and then suddenly were subjected to a 14 day quarantine on return because of Spain’s changing status. That complicates plans,” he says.

Ntshona believes South Africa could be in many countries’ green zones by early October. 

"We’ve already seen the likes of Switzerland move us into the green zone as well, so essentially we’re moving into the right space,” he says.

According to Switzerland's Federal Office of Public Health, South Africa is no longer on that country's mandatory quarantine list, as of Monday.

South Africa, in turn, will have to decide whether to welcome visitors that may bring a resurgence of the virus.

“The question is, is South Africa as a country willing to accept that travellers from red zones, who bring their own risk?” asks Nsthona.

Even with open borders, and the possible arrival of some international visitors, there’s little chance of recovering anything close to the usual international traveller spend in South Africa.

“We’ve estimated that it will take us 24 to 30 months in order to restore to 2019 levels of activity, so it’s a two and a half year recovery,” he says.

www.samigration.com

 New evidence reveals widespread airtime theft and fraudulent WASP subscriptions on Vodacom’s network and shows that the company failed to act decisively against the criminals.

The latest evidence follows an industry investigation which revealed airtime theft on a mass scale from Vodacom’s prepaid customers.

What sets the latest evidence apart is that it comes from a prominent company which uses machine-to-machine communications and IoT devices with prepaid SIMs from Vodacom.

It is therefore impossible for these SIMs to pro-actively subscribe to WASP services, which means this data provides conclusive evidence of fraudulent subscriptions and airtime theft.

The company’s chief executive, who asked to remain anonymous because of his relationship with Vodacom, told MyBroadband hundreds of their SIMs have been hit by airtime theft.

The company experienced theft on both brand-new SIMs and SIMs which have been in devices for years.

He said Vodacom refuses to acknowledge any problem and added that it is very difficult to get refunds for the stolen airtime.

Only around 5% to 10% of the airtime theft which they logged with Vodacom were refunded.

He said it requires considerable effort to get a refund, which is further complicated as it is impossible to approach Vodacom with a list of SIMs from which airtime was stolen.

“You need to phone in as a single prepaid customer and go through the motions of trying to convince them that the SIM is in a device with no human access,” he said.

“You have to hound them repeatedly to get the refund to be processed, and you often just give up after a while.”

The evidence further showed that the same WASPs continue to steal airtime from SIMs long after it was reported to Vodacom.

The data provided to MyBroadband stretches back for many months and conclusively proves:

• There is widespread fraud and airtime theft on Vodacom’s network to this day.
• Vodacom was made aware of this fraud and airtime theft, for a long time, but failed to act decisively.
• The same companies continue to steal airtime from Vodacom’s subscribers.

A look at the data

The data in the table below are all from prepaid Vodacom SIMs installed in machine-to-machine and IoT units.

“There’s no way anyone has pulled out the SIM and subscribed to anything. We even detect and log when a SIM is removed from the device,” the CEO said.

Prepaid SIMs do not get invoices, but the company has developed its own logging mechanism which records airtime changes and subscriptions.

Through this platform each SIM’s airtime is checked regularly through USSD commands.

The company also continually runs USSD commands to query if there are any subscriptions.

If an illegal subscription is detected, the name is logged, and the service is removed using a USSD command.

He said most of the subscriptions are detected before significant losses are incurred, but occasionally they catch one that has R100 or more stolen.

The table below shows some of the airtime theft detected on hundreds of SIMs over the past two months alone.

It should be noted that this is only a small sample of the true extend of the fraud.

Airtime theft on M2M SIMs
Detected Date	Estimated loss per SIM	Subscription Name
22/08/2020 14:31	R2.00	gamingTool
21/08/2020 20:58	R21.00	Amapiano Jingle
21/08/2020 00:55	R18.00	reportME
19/08/2020 02:13	R24.00	Summertime
18/08/2020 10:18	R16.00	Ha a Mfa
17/08/2020 23:19	R15.00	ExploreApp
17/08/2020 12:05	R62.00	gamingTool
16/08/2020 20:36	R15.00	Monate
11/08/2020 00:48	R24.00	Ngikhulile
07/08/2020 00:57	R57.00	ExploreApp
27/07/2020 16:05	R37.00	BeFit
27/07/2020 16:05	R38.00	DOWNLOAD
25/07/2020 14:16	R41.00	DOWNLOAD
21/07/2020 18:36	R46.00	reportME
19/07/2020 10:38	R23.00	reportME
17/07/2020 06:36	R30.00	ExploreApp
17/07/2020 04:03	R7.00	ExploreApp
15/07/2020 17:56	R100.00	ExploreApp
13/07/2020 21:58	R74.00	ExploreApp
13/07/2020 00:32	R37.00	gamingTool
11/07/2020 12:13	R39.00	ExploreApp
10/07/2020 00:51	R14.00	ExploreApp
09/07/2020 15:50	R2.40	Doce Vida ft DJ Tarico
09/07/2020 11:15	R7.50	Cheers
07/07/2020 01:16	R32.00	RetroGame
06/07/2020 18:12	R14.00	Ngikhulile
06/07/2020 05:25	R13.00	BeFit
06/07/2020 05:25	R13.00	RetroGame
06/07/2020 05:25	R13.00	Don’t change
05/07/2020 00:53	R113.00	ExploreApp
28/06/2020 10:53	R53.00	gamingTool
28/06/2020 10:50	R21.00	DOWNLOAD
25/06/2020 12:25	R2.00	loveislove
23/06/2020 01:13	R44.00	BeFit
23/06/2020 01:13	R45.00	DOWNLOAD
22/06/2020 15:13	R30.00	DOWNLOAD
21/06/2020 23:21	R17.00	ExploreApp
21/06/2020 23:20	R28.00	reportME
21/06/2020 22:54	R7.00	reportME
21/06/2020 22:29	R35.00	reportME
19/06/2020 01:16	R7.00	reportME
18/06/2020 13:09	R35.00	BeFit
18/06/2020 13:09	R35.00	express07
18/06/2020 13:09	R36.00	Question
18/06/2020 08:38	R44.00	gamingTool
17/06/2020 01:22	R96.00	ExploreApp
16/06/2020 00:55	R16.00	reportME
15/06/2020 21:34	R35.00	reportME
15/06/2020 18:09	R23.00	reportME
15/06/2020 18:08	R42.00	Entertainment Content
15/06/2020 18:08	R42.00	DOWNLOAD
15/06/2020 18:08	R35.00	gamingTool
15/06/2020 18:08	R28.00	gamingTool
15/06/2020 09:00	R28.00	RetroGame
15/06/2020 02:28	R14.00	reportME
14/06/2020 13:47	R42.00	reportME
14/06/2020 13:47	R14.00	reportME
14/06/2020 00:32	R21.00	reportME
14/06/2020 00:25	R37.00	ExploreApp
13/06/2020 01:22	R16.00	reportME
12/06/2020 09:25	R21.00	gamingTool
12/06/2020 08:43	R14.00	gamingTool
11/06/2020 07:47	R86.00	ExploreApp
08/06/2020 22:55	R3.00	ExploreApp
08/06/2020 19:58	R3.00	ExploreApp
08/06/2020 19:57	R35.00	DOWNLOAD
08/06/2020 19:57	R3.00	bestofgames
08/06/2020 19:54	R42.00	RetroGame
08/06/2020 19:51	R7.00	reportME
08/06/2020 19:42	R26.00	DOWNLOAD
08/06/2020 19:42	R101.00	ExploreApp
08/06/2020 19:35	R28.00	(unknown)
07/06/2020 14:32	R42.00	gamingTool
07/06/2020 00:57	R119.00	gamingTool
05/06/2020 16:58	R21.00	RetroGame
03/06/2020 07:20	R4.00	Doce Vida ft DJ Tarico
03/06/2020 07:20	R5.00	Mum & Baby Premium
02/06/2020 22:32	R3.00	ExploreApp
02/06/2020 16:35	R111.00	ExploreApp
02/06/2020 12:29	R13.00	besstmusicapp
02/06/2020 01:19	R21.00	gamingTool
01/06/2020 18:05	R21.00	gamingTool
01/06/2020 17:31	R14.00	reportME
01/06/2020 02:16	R6.00	The only One

The evidence versus what Vodacom claimed

Over the past few years Vodacom has consistently made a few claims regarding fraudulent subscriptions and airtime theft on its network.

• It has a zero-tolerance approach to any illegal activity on its network and takes a hard line against perpetrators.
• It investigates this fraud when it becomes aware of it and suspends suspected WASPs during this period.
• Its standard practice is to refund the customer first and then investigate the query later.
• It introduced and enabled content blocking on all M2M and IoT SIMs in December 2018, which prohibits content subscriptions and purchases such as WASP services from these SIMs.

The evidence from this company and from previous cases show that Vodacom’s claims are inaccurate and misleading.

The evidence revealed that despite having been alerted to companies stealing airtime from their subscribers, Vodacom failed to take decisive action against them.

In some cases, companies which have been accused of stealing airtime from Vodacom customers for years continue to do so with impunity.

It therefore shows that Vodacom either does not investigate accusations of airtime theft or does not suspend suspected fraudulent WASPs during this period.

The latest evidence also shows that it is very tough to get a refund – even in the case of M2M and IoT SIMs.

This echoes feedback from other Vodacom subscribers who said they also struggled to get a refund from Vodacom.

In one of the recent reports the victim said Vodacom first tried to blame him and said the unwanted subscriptions were his fault.

He first had to refute numerous false accusations from Vodacom before they were willing to process his refund application. Even after all of this, he still did not receive a refund.

These reports fly in the face of Vodacom’s claim that it “refunds the customer first and then investigates the query later”.

Vodacom’s claim of content blocking on all M2M and IoT SIMs is also brought into question by the latest data.

All the SIMs which were targeted were M2M and IoT SIMs, which clearly shows it is possible to steal airtime from these SIMs through content subscription services.

This raises the question as to why Vodacom is not stopping this fraud which has been plaguing its subscribers for years.

Industry players told MyBroadband that Vodacom does not want to address this fraud as they are making millions in profit from it.

One industry player, who has been operating a WASP for over a decade, told MyBroadband that mobile operators are enabling this fraud and are well aware of it.

“No WASP can take a subscriber’s airtime without the operator fully knowing about it – and enabling it,” he said.

Another industry player said Vodacom has always seen this as a revenue stream despite the misery caused.

“It’s criminal and should be thoroughly investigated,” he said.

Vodacom responds

MyBroadband asked Vodacom whether any action has been taken against WASPs implicated in airtime theft.

Vodacom said it cannot arbitrarily take action against a commercial partner – WASPs included – without requisite proof or evidence of a contractual breach or fraud.

“Rest assured, should we have this information, we will ensure that appropriate measures are taken,” it said.

Commenting on the issue of refunds for stolen airtime, Vodacom said if it suspects that customers have been defrauded, it will ensure that they are proactively refunded.

“Should we have proof or evidence that customers were incorrectly debited, it follows that we will effect refunds to customers in addition to taking appropriate measures against fraudsters,” it said.

Commenting on the examples that Vodacom is not refunding victims of airtime theft as promised, it said “we cannot comment on examples that we have not had the opportunity to investigate”.

“Our standard Customer Care policy is to effect refunds,” Vodacom said.

“We are fully committed to remedying instances where standard policy has not been adhered to but will naturally need the requisite customer information to do so.”

www.vsoftsystems.co.za

The Airports Company South Africa (Acsa) has welcomed the country’s move to a level lockdown and says that it is prepared for the gradual lifting of restrictions on international flights but has warned that passengers will need to jump through extra hoops if they plan on travelling.

Addressing the nation on Wednesday evening (16 September), president Cyril Ramaphosa said that the government will gradually ease restrictions on international travel for business and leisure from 1 October – subject to certain containment measures.

International travel will only be allowed through the main border ports or through OR Tambo International, Cape Town International, or King Shaka International.

Acsa said it is still awaiting official regulations and directives from the Department of Transport which are set to be published in the coming days.

However, it reiterated comments by president Cyril Ramaphosa and warned that travellers need to be absolutely certain of their eligibility to fly and that they are in possession of valid visas to enter or re-enter South Africa before booking flights.

It added that the following requirements will need to met:

• On arrival, travellers will need to present a negative Covid-19 test result not older than 72 hours from time of departure;
• All travellers will be screened on arrival and those presenting with symptoms will be required to have Covid-19 test; and
• Where necessary, travellers will need to enter mandatory quarantine facilities at their own cost.

“People wishing to travel across borders should monitor our ACSA website for airports and airlines operating during Level 1 and the airline web sites for availability of flights,” it said.

“We expect the number of international passengers to grow gradually as this is an important step on the road to recovery. We greatly look forward to once again welcoming international visitors to our international airports and to South Africa.”

The list 

The list of countries that will be allowed for international travel is likely to be limited when travel restarts again on 1 October. Ramaphosa said that the list of permitted countries will be published at a later date and the country’s selected on the latest scientific data.

While not mentioned in his address, reports indicate that travel will likely focus on regional travel, including neighbouring countries and parts of Africa.

Tourism minister Mmamoloko Kubayi-Ngubane has indicated that her department is focusing on creating a ‘regional travel bubble’.

“Our next step is to work towards the reopening of international travel,” she said in a media briefing on 4 September. “We are monitoring the risk of the virus spread and we are satisfied with the current downward trend of new infections, if sustained, can fast-track the reopening of regional borders soon.”

In this way, through regional coordination with our regional partners, we could create a regional travel bubble, she said.

“Africa land markets form the bedrock of tourism in South Africa. This region alone accounts for 71% of international arrivals. This would give a further boost to the recovery efforts of the sector.”

“The rise in domestic tourism together with regional travel will help us build confidence for global travellers so that when we eventually open all are borders, we will be able to attract traveller as a safe destination.”

What it will be like to fly 

Government already has strict rules in place for domestic travel, with clear regulations for both airports and airlines.

Passengers are allowed inside the terminal buildings and that temperature screening will be conducted at terminal building entrances before any passenger is allowed entry. No passengers will be allowed inside the terminal buildings without masks.

All the airports have markings on the floor for social distancing of 1.5 metres. This will be applicable at check-in counters, security checkpoints and airport lounges.

All airline check-in agents will wear face shields and the counters will be installed with protective screens. Check-in counters will also be frequently sanitised.

The check-in process is as follows:

• Passengers should check-in online before going to the airport;
• Online check-in can be done at the screens in the terminal building;
• A limited number of check-in counters will be open and physical distancing rules will apply in these queues;
• Using a check-in counter will take longer.

The security checkpoint process is as follows:

• Passengers will scan their own paper-based or mobile device-based boarding pass to the scanner at the security checkpoint;
• Passengers should remove any metal and electronic items from their person before entering the security queue;
• These items must be placed in the tray at the security scanner;
• This process will minimise the need for security officers to conduct physical pat-downs at the checkpoint.

The boarding process is as follows:

• Physical distancing rules apply for queues to board an aircraft;
• Passengers must scan their own boarding pass at the boarding gate;
• Boarding will be done in a controlled manner with passengers travelling in the rear seats of the aircraft boarding first. Passengers with tickets for Row A, for example, will board last;
• Masks must be worn for the duration of the flight.

The following measures will apply inside the cabin of the aircraft:

• No catering will be allowed:
• No magazines on board;
• The last row will be reserved for isolation of suspected cases.
• All aircrafts must be disinfected before entering into service and after each flight.

The disembarkation process will be as follows:

• Masks must continue to be used when disembarking and moving towards the baggage carousels;
• Physical distancing rules will apply at the baggage carousels;
• Crowding close to the baggage carousels will not be permitted

 

www.samigration.com

While 'conversational commerce' is not a new concept, the phenomenon is gaining momentum, driving innovation and customer experience in an ever-changing e-commerce landscape.

The way today’s consumers choose to communicate and interact with brands is fundamentally shifting. Gone are the days of infuriating calls, jumping through multiple hoops to get to the right department, and confusing out-of-date websites – customers now expect to be able to engage in seamless, conversational experiences with businesses, similar to how they communicate with their friends and family.

Conversational commerce is exactly that: a conversation between the business and their clients. It combines the power of messaging tools and platforms with the shopping experience, and also extends to customer service. Using platforms like WhatsApp, Facebook Messenger or Apple Business Chat, it allows businesses to engage the consumer where they are.

Payment functionality becomes a breeze when you consider linking your online store to a provider like SnapScan, Zapper or Master Card. It also enables automated and personalised online experiences for customers. Business leaders who don’t want to be left behind need to give some serious thought to how they can make this techy trend work for both themselves and their customers.

 

The social and economic implications of the lockdown have forced businesses to rethink their sales strategies in order to stay afloat and meet shifting consumer demands...

Adoption of conversational commerce

A simple example of conversational commerce is a buyer using Facebook Messenger to ask a seller a question, thereby facilitating the transaction. It also includes more sophisticated tools, like chatbots, which have been widely adopted by many websites.

Although some consumers may have been wary of conversational commerce channels at first, they now embrace – and even expect – them to be available in order to simplify their online shopping experience. From querying product specifications to looking for recommendations, customers are able to make more informed decisions that much faster.

Conversational commerce has now evolved to the point where messaging apps are integral to the selling and customer-service processes of various companies.

Burberry’s 'R Message' is an example of this. Through this messaging service, employees can text high-value customers directly, rewarding loyal customers with access to in-store appointment bookings, personalised online advice and shopping-from-home assistance. The service was designed to offer peerless service to customers by giving them the right information at the right time, all while driving sales.

In other words, conversational commerce transcends previously expected value and has the potential to drive more meaningful interactions between companies and customers, thereby increasing customer satisfaction and, ultimately, accelerating revenue conversion.

Indian e-commerce giant Flipkart has debuted a voice assistant feature to make consumers' online shopping journeys "simpler and more natural"...

The benefits of conversational commerce

The most important question for businesses to answer is: why do consumers want conversational commerce? It offers a convenient and personalised service that speaks to the customer in a language they can relate to, and enables ‘always-on’ availability.

We live in an age where people rely on their smartphones for almost everything; there is very little they can’t accomplish with the click of a button. This is true when it comes to brand interactions, too.

The rapid development of natural language processing technology and artificial intelligence systems have made it easier for conversational trade to mimic the human element, creating connections and making customers feel valued.

But why would consumers favour this model of human-like contact to traditional buying channels? It may be because the best examples of conversational commerce feel like shopping with your own personal assistant who’s ready to answer any and all of your questions – clearly a win for consumer experience.

So, how does this benefit businesses in the long-run? Some results from early adopters of this e-commerce trend show just how powerful it can be when used in the right way.

US fast-food chain Taco Bell created a purpose-driven bot called TacoBot to take customers’ orders via Slack. The service proved particularly effective in solving real-time problems and eliminating significant pain points when it came to dietary preferences and hunting down food items that the customer might have forgotten the name of.

Another example that can’t be ignored is Amazon Echo, selling over 3 million units in less than 18 months. Because it is hooked up to Amazon’s full product catalogue, it can tap into the user’s order history and intelligently carry out voice commands to buy or reorder items. Alexa, the default addressable name, can even walk you through options when ordering something for the first time. It shows just how powerful conversational commerce can be when it’s linked to delivering the best possible consumer experience.

It is this level of improved customer experience that fosters brand loyalty and can even lead to cross-selling or upselling opportunities – as is the case with the Amazon Echo. It also helps that the consumer’s online behaviour is recorded, which in turn can be used to make future suggestions and continue to add value to the customer journey down the line.

How to start using conversational commerce

With social platforms like Facebook, Telegram and WhatsApp Business, it may be easier than you think to start a simple conversational sales strategy. However, if we look at Amazon Echo, we can predict where the future of conversational commerce is headed. Chatbots and voice assistants are useful to businesses, but when fully integrated with e-commerce, they can revolutionise the sales process.

So, where do you start? To create a sustainable solution in a world where technology is constantly changing may sound complex and overwhelming, but this technology is easy to integrate with your current business processes using a single business messaging API. The software involved in implementing this is user friendly; just log in and you can start reaping the benefits.

As these technologies evolve, we will see new forms of brand-to-consumer communication and interaction emerge, paving the way for more intelligent touchpoints and increased customer satisfaction. Commerce is becoming not only more conversational, but more ubiquitous and seamlessly integrated into our lives, and the way we interact with brands will be forever changed as a result

 

www.vsoftsystems.co.za

The past couple of months should lay to rest any doubt over whether South African organisations are under sustained attack from cybercriminals.

Over the past three months we’ve seen well-known local healthcare and financial organisations falling victim to cyberattacks and data breaches, and in some cases being forced offline.

The local data breaches coincided with high profile attacks and outages for global brands like Twitter and Garmin. And in headline-grabbing news, credit bureau Experian reported a massive breach of data that exposed the personal information of up to 24 million South Africans and nearly 800,000 businesses.

These incidents have brought to light a battle that has been waging quietly in the background.

Cybercriminals – using increasingly sophisticated techniques – are targeting South African public and private sector organisations in orchestrated attacks that could lead to devastating losses in business productivity, reputational damage and revenue.

In the Mimecast State of Email Security 2020 report, 53% of South African organisations reported increased phishing attacks and 46% reported increased incidences of impersonation fraud compared to the previous year.

The coronavirus pandemic only served to accelerate the volume of attacks: a Mimecast Threat Intel report found a 75% increase in impersonation fraud in South Africa over the first 100 days of the pandemic.

As South African organisations implement systems and policies to ensure compliance to the Protection of Personal Information Act (POPIA), which comes into force in July 2021, we are likely to hear about more data breaches.

This is in part because of the legislative requirement to inform customers and regulators of any breach as soon as reasonably possible. The regulator appears to have since indicated that 72 hours is a reasonable period.

Advocate Pansy Tlakula, who heads up the Information Regulator which is tasked with monitoring compliance to the POPI Act, said recently that the spike in data exposure incidents highlights the importance of understanding cybercrime and the sophisticated fraud impersonation techniques used to access company and personal data.

What can we learn from these latest data breaches? Here are the big takeaways for business and security leaders:

No organisation is immune from a data breach

Big or small, any organisation can fall victim to a data breach. As the Experian breach has showed, it’s not always computer whizzes that ‘hack’ company data.

A clever fraudster posing as a trusted partner or supplier can just as easily get away with valuable internal data that can be used in cyberattacks.

Breaches are also more common than most people realise: with POPIA now in effect, organisations are duty-bound to disclose breaches. We can expect to see many more reports of data breaches over the coming months.

Don’t assume data is harmless

When the data breach at Experian was first revealed to the public, the company was quick to point out that the data – which consisted of ID numbers, phone numbers, physical and email addresses – was harmless.

However, if savvy cybercrooks gain access to this information, they can use the personal details of impacted consumers and supplement it with readily available information from social media.

They can then use this to launch sophisticated social engineering attacks that make it very difficult for consumers to distinguish whether they are dealing with an authorised representative or a fraudster.

It’s now come to light that the Experian data is in fact on the internet. This means that criminals can potentially use this information to launch targeted cyberattacks aimed at the individuals whose personal information was breached.

Luckily banks pre-empted this possibility. They’ve been communicating with customers to take extra care with their banking profiles and to be on the lookout for suspicious communication over the coming weeks, should their data be used in attempts to access bank accounts.

Develop a layered security strategy

While nearly all (94%) cyberattacks leverage email, organisations can’t afford to only focus on their email perimeter.

The threat landscape has shifted to the point where organisations need to approach security with three zones in mind:

1. At the email perimeter – where security controls can detect and block malicious emails;
2. Inside the organisation – which includes protecting against internal threats and awareness training; and
3. Beyond the perimeter – where cybercriminals are finding great success with brand impersonation that can trick unsuspecting customers and partners into offering up important information or into making payments to fraudulent bank accounts.

Organisations should deploy brand exploit protection to ensure their domains are not being subverted by cybercriminals and to enable them to take swift action should any brand exploitation be detected.

In the Experian example, brand protection is a consideration in two situations.

Firstly, it was likely a missing security component for the customer or supplier that the fraudster impersonated to trick Experian into handing over the data.

Secondly, banks and other trusted brands would be smart to have brand exploit protection in place, to ensure criminals don’t impersonate them and target their customers with sophisticated attacks.

Focus on empowering your people

Even with the best cyber defences, organisations remain susceptible to data breaches if they don’t have a strong human firewall. Studies suggest human error plays a role in 90% of all data breaches.

Mimecast found that users who had been exposed to cyber awareness training were over 5 times less likely to be taken in by certain types of fraud.

One of the most effective cybersecurity strategies is to conduct regular, memorable and on-going awareness training to ensure employees can identify and avoid risky online behaviour.

In addition, organisations need to identify high-risk employees or job titles – such as those in finance – that cybercriminals are likely to target, and ensure they invest in additional awareness training and security controls for such employees.

www.vsoftsystems.co.za