Latest news with #Stroop
The Herald
25-04-2025
- Business
- The Herald
'Cyber crime ranks as the number one risk in SA, overtaking long-standing issues': expert
Cyber crime now ranks as the number one risk in South Africa, overtaking long-standing issues including load-shedding and political instability. According to the Allianz Risk Barometer 2025, cyber incidents — including ransomware attacks, data breaches and IT outages — are now the top global business risk, marking their fourth year at the top. A decade ago, only 12% of global respondents cited cyber crime as a major concern. In 2025, that surged to 38%. 'Cyber is the top risk across North and South America, Europe and Africa, dominating industry concerns from aviation to legal services,' said Allianz. Cell C suffered a major ransomware attack in December 2024, exposing sensitive customer data such as ID numbers, bank and medical details, and passports, which were later leaked on the dark web. Similarly, the SABS faced a ransomware attack in November 2024. By February 2025, its core systems were still encrypted — marking the third cyberattack on the organisation in five years. Herman Stroop, lead ISO Specialist at WWISE, a leading ISO standards and systems implementation consultancy, believes both breaches were entirely preventable. 'Neither Cell C nor SABS were ISO/IEC 27001 certified — a globally recognised standard for information security management. This standard isn't just a technical checklist. It's a framework that forces an organisation to understand its vulnerabilities, assess its risks, and apply controls that address these risks in a structured, auditable way,' he said. The ISO/IEC 27001 standard focuses on confidentiality, integrity and availability — the foundation of modern information security. It requires organisations to conduct ongoing risk assessments, implement policies and technical controls, and continuously monitor and update these defences in response to emerging threats. According to Stroop, the absence of such a system is often due to a lack of strategic commitment from leadership. 'Cybersecurity is wrongly seen as an IT issue. Top management often fails to view it as a core business risk, resulting in underinvestment in preventive frameworks like ISO/IEC 27001,' he said. Further Stroop said that poor enforcement of existing regulations is a key challenge in South Africa. He said while the Protection of Personal Information Act (Popia) and Minimum Information Security Standards (Miss) lay out clear expectations for information governance, many organisations either ignore or delay compliance due to a perceived lack of consequences. 'The irony is that prevention is far cheaper than remediation. In many cases, organisations suffer reputational damage, legal liability and operational downtime that far exceed the cost of implementing an ISO-compliant Information Security Management System,' Stroop said. He believes that Cell C and SABS also provide examples of poor transparency as details about the nature of the attacks and how they were handled remain vague. 'When an organisation isn't ISO-certified, it usually doesn't have the documentation, procedures or incident response plans to respond properly — let alone communicate clearly — during a breach,' said Stroop. According to the Information Regulator, South Africa sees between 150 and 300 cyberattacks reported each month — and that's just the reported incidents. Many go unreported due to reputational fears or because organisations are not compliant with Popia and fear investigation. Stroop believes that ISO 27001 should be mandated for public institutions and critical infrastructure operators. 'Without minimum compliance levels, we're just waiting for the next disaster. It's not a matter of if but when.' However, he notes that some insurance providers are beginning to offer premium reductions for ISO-certified organisations, while major corporate clients now demand ISO 27001 certification from vendors. 'It's becoming a market differentiator. Organisations serious about protecting their data and reputation cannot afford to ignore ISO 27001 any longer,' he said. TimesLIVE
TimesLIVE
24-04-2025
- Business
- TimesLIVE
'Cyber crime ranks as the number one risk in SA, overtaking long-standing issues': expert
Cyber crime now ranks as the number one risk in South Africa, overtaking long-standing issues including load-shedding and political instability. According to the Allianz Risk Barometer 2025, cyber incidents — including ransomware attacks, data breaches and IT outages — are now the top global business risk, marking their fourth year at the top. A decade ago, only 12% of global respondents cited cyber crime as a major concern. In 2025, that surged to 38%. 'Cyber is the top risk across North and South America, Europe and Africa, dominating industry concerns from aviation to legal services,' said Allianz. Cell C suffered a major ransomware attack in December 2024, exposing sensitive customer data such as ID numbers, bank and medical details, and passports, which were later leaked on the dark web. Similarly, the SABS faced a ransomware attack in November 2024. By February 2025, its core systems were still encrypted — marking the third cyberattack on the organisation in five years. Herman Stroop, lead ISO Specialist at WWISE, a leading ISO standards and systems implementation consultancy, believes both breaches were entirely preventable. 'Neither Cell C nor SABS were ISO/IEC 27001 certified — a globally recognised standard for information security management. This standard isn't just a technical checklist. It's a framework that forces an organisation to understand its vulnerabilities, assess its risks, and apply controls that address these risks in a structured, auditable way,' he said. The ISO/IEC 27001 standard focuses on confidentiality, integrity and availability — the foundation of modern information security. It requires organisations to conduct ongoing risk assessments, implement policies and technical controls, and continuously monitor and update these defences in response to emerging threats. According to Stroop, the absence of such a system is often due to a lack of strategic commitment from leadership. 'Cybersecurity is wrongly seen as an IT issue. Top management often fails to view it as a core business risk, resulting in underinvestment in preventive frameworks like ISO/IEC 27001,' he said. Further Stroop said that poor enforcement of existing regulations is a key challenge in South Africa. He said while the Protection of Personal Information Act (Popia) and Minimum Information Security Standards (Miss) lay out clear expectations for information governance, many organisations either ignore or delay compliance due to a perceived lack of consequences. 'The irony is that prevention is far cheaper than remediation. In many cases, organisations suffer reputational damage, legal liability and operational downtime that far exceed the cost of implementing an ISO-compliant Information Security Management System,' Stroop said. He believes that Cell C and SABS also provide examples of poor transparency as details about the nature of the attacks and how they were handled remain vague. 'When an organisation isn't ISO-certified, it usually doesn't have the documentation, procedures or incident response plans to respond properly — let alone communicate clearly — during a breach,' said Stroop. According to the Information Regulator, South Africa sees between 150 and 300 cyberattacks reported each month — and that's just the reported incidents. Many go unreported due to reputational fears or because organisations are not compliant with Popia and fear investigation. Stroop believes that ISO 27001 should be mandated for public institutions and critical infrastructure operators. 'Without minimum compliance levels, we're just waiting for the next disaster. It's not a matter of if but when.' However, he notes that some insurance providers are beginning to offer premium reductions for ISO-certified organisations, while major corporate clients now demand ISO 27001 certification from vendors. 'It's becoming a market differentiator. Organisations serious about protecting their data and reputation cannot afford to ignore ISO 27001 any longer,' he said.
BBC News
17-04-2025
- Business
- BBC News
Traders excited ahead of Derby's Market Hall reopening
Traders who have signed up for units at Derby's transformed Market Hall say it heralds a new era for the city market closed for a £35.1m refurbishment in 2021 and is set to reopen on 24 city council says the venue will be a flexible space that incorporates a modern street food dining area and bars, traditional and contemporary retail units, and creative spaces for artisan makers and of those who have signed up have never traded in markets before and say the reopening presents a unique opportunity. Steph Biggs and Dan Bacon currently have one of the shortest commutes in the country. Their clothing business, Layer, operates from a modern shed at the bottom of their garden in Long Eaton, Derbyshire. But the couple, who currently sell their range at running events and shows, are now taking the plunge and have signed up for a unit at the Market Hall. "It feels like there might be more of a boutique-style feel about it and I hope that comes across," said mum-of-one Steph."I hope we're going to stand out and I think we're going to make a good impression on everyone who comes through those doors and into the Market Hall".Her partner is equally optimistic, telling the BBC: "I feel really excited, actually. I feel it's the next step for us."It's been two years of growth and learning and I think we get to put all of that together when we go into the Market Hall". It has been a mixed picture for the UK's markets in recent the A52 in Nottingham the city council announced it was closing the Victoria Centre market after years of falling other towns such as Stockport in Greater Manchester have seen a boost after work to refurbish markets. Nico Sgro is another of those opening a business in the Market design engineer, who is originally from Bergamo in Italy, has been making gelato - Italian ice cream - as a hobby and will now offer a choice of 12 flavours from his unit, including pistachio and salted caramel."I had thought about opening a shop but the opportunity at the market came along at just the right time," he said."I feel really excited about the opening but also a real sense of responsibility as I'll be taking on staff." George's Cheeky Pancakes is another business which is taking on its first retail Tsagurnis, from Ilkeston, set up his business during the Covid pandemic and has been selling poffertjes (Dutch-style pancakes) and Stroop waffles at festivals and shows."It's a fantastic opportunity to really grow our business and take it to the next step," he said."I've been inside the Market Hall and I was in awe of the place."It's a beautiful glass-ceiling Victorian building and we can't wait to get going."
