KPMG expert talks cyber security

Speaking at CFO South Africa's recent event, which followed the theme of 'Digital Transformation', Nathan Desfontaines, Information Security & Protection & Business Resilience Manager at KMPG, both informed and entertained attendees on the importance of cyber security. According to him, there are organisations that have been hacked and know about it, and organisations that have been hacked and don't.

Desfontaines said:

"When it comes to cyber security we can agree on some comment facts: threats are increasing, and companies are doing more but not enough, because we spend so much time on our firewalls, but these don't give us the security we need to keep our organisation protected."

When it comes to hacking and penetration testing, it's not always about the vulnerabilities to which you are accustomed, the expert said. He added that while watching CFOs at the event, the number one thing that stuck out to him was vulnerability. He said:

"A criminal eyeing your organisation will be targeting the things you least expect - the human element, the social control - and bypassing the physical security within the organisation. From there he can get to the information aspect you least expect."

Desfontaines added that companies don't spend enough on physical controls and made the point that risk is already in every organisation. However, he said, with continuous monitoring, SEO checking and data analytics it is possible to look at the intel within an organisation and draw stats and do something with that information.

According to Desfontaines, Ransomware is currently SA's foremost cyber threat. It doesn't enter an organisation because of a penetration test that failed but because of a human element that failed. He said:

"Ransomware is a form of malware that gets in, encrypts your data and holds you ransom to unlock it. We've seen that 10 out of 10 of our customers who've been infected with Ransomware have made a payment to these people; not because they didn't have backups to restore but because the encryption was more secure than the encryption they had in their own organisation."

Desfontaines made his point quite clear: threats may change - in fact, they're constantly changing - but they will never go away. It won't be a super cyber criminal who breaks the organisation either, he says, it will be a social flaw, a governance issue, bypassing the wireless within your environment or the boardroom network access point. He concluded:

"It's going to be the simplest thing you didn't think of that bypasses the organisation."

  • Read all about the full Digital Transformation event here.

  • To view a gallery of images from the evening, click here.

  • Stay connected, up to date and in the loop on what is happening in the world of finance and keep track of newly published expert insights and interviews with CFOs and CEOs. Become an online member and receive our newsletter, follow us on Twitter and join us on LinkedIn.