Modern security teams are consumed with identity and access management, device management, ransomware threats, phishing attacks, awareness training, privacy and compliance.

Due to a pervasive cybersecurity skills shortage, these teams are often stretched thin. In fact, 鈥榗ybersecurity skills鈥� were the most in-demand among African organisations in SAP鈥檚 latest聽聽report, with 86% of companies citing demand.

Organisations know they should keep systems up to date. But all too often, updates are postponed in favour of more immediate priorities, leading to potentially costly delays.

Very costly. A Harvard Business School publication notes that the devastating cyberattacks on the UK鈥檚 National Health Service and credit bureau Equifax聽.

鈥極utdated鈥� explained

Outdated software 鈥� referring to applications, platforms or operating systems that have not received critical updates or patches despite newer versions being available 鈥� is one of the most persistent and preventable security risks for modern enterprises.

Outdated software also includes software that has reached end-of-life, meaning it is no longer supported by the vendor through security patches and bug fixes. For example, a surprisingly large number of well-known companies聽, despite those operating systems no longer being supported by the vendors.

Businesses often run these older versions of software out of habit, or due to perceived cost savings. Others fear the disruption of change and hope to avoid costly downtime and change management. But these savings are superficial 鈥� the cost of a breach will always outweigh the cost of keeping software updated, especially as聽.

Reducing risk

Failing to maintain software updates exposes companies to a range of risks, including:

• Known vulnerabilities go unpatched聽鈥� Every software product has vulnerabilities, but what matters is how quickly they鈥檙e fixed. Software vendors actively monitor and patch these flaws. However, once support ends, so does the protection. Cybercriminals actively target known exploits in unpatched software. Since some of these vulnerabilities are widely documented, they risk being exploited if left unresolved.
• Incompatibility with modern defences聽鈥� Cybersecurity doesn鈥檛 stand still. Encryption methods evolve. Firewalls improve. Detection tools become smarter. Outdated software struggles to integrate with these advancements, weakening your security posture across the board. Companies could be investing in the latest cyber defences, but if their legacy apps can鈥檛 support them, they remain exposed to significant risk.
• Standing defenceless against new threats聽鈥� The threat landscape changes daily. Attackers are constantly developing new techniques, from zero-day exploits to advanced phishing campaigns. Unsupported software doesn鈥檛 get the updates needed to recognise or defend against these evolving threats.
• The inevitability of data breaches聽鈥� Once attackers exploit a vulnerability, this can lead to a total compromise of the entire landscape. Personal data, financial records, and customer information all become potential targets. And in the modern threat landscape, it鈥檚 not a matter of聽if聽a company will suffer a data breach, but聽when. When a breach occurs, the consequences can be severe: reputational damage, regulatory fines, legal action, operational downtime and financial losses compound the misery. And these aren鈥檛 theoretical risks 鈥� they鈥檙e playing out in boardrooms across the continent.

Staying secure

Keeping the enterprise secure requires a proactive approach that includes a strong focus on maintaining up-to-date software as well as a layered security strategy. Organisations should take note of the following best practices to secure against unnecessary cyber risk:

• Modernise where it matters聽鈥� Organisations using end-of-life or unpatched software should transition to supported systems. While upgrades may cause some disruption, the risk of a breach is far greater and harder to control.
• Stay current on patches聽鈥� Even supported software can be vulnerable if it鈥檚 not updated. Organisations must ensure their IT teams have a clear process for applying patches and updates in a timely and controlled manner.
• Conduct regular security audits聽鈥� It鈥檚 unwise to wait for an incident before identifying a security gap. Regular vulnerability assessments can identify outdated systems, missed patches, and other blind spots in the enterprise environment, giving organisations the opportunity to fix them before they鈥檙e found by someone else.

Technology isn鈥檛 static, and neither are cyber threats. The tools and systems companies rely on must evolve alongside them or they become the weak link in an otherwise strong chain. Outdated software might not grab headlines like a major data breach, but all too often, it鈥檚 what causes one.

If cybersecurity is a board-level concern (and it should be), then software maintenance must be a strategic priority. In a world of rising threats, staying up to date isn鈥檛 just good practice for African enterprises, it鈥檚 a critical defence.

The post An Enterprise Security Perspective on Skipping Software Updates appeared first on 51风流Africa News Center.

The African Context: Why AI Matters for Business Continuity

Africa鈥檚 businesses operate in a uniquely challenging environment: unreliable infrastructure, regulatory fragmentation, and a surge in cyberattacks (South Africa alone saw a 62% increase in ransomware attacks in 2023). Yet, AI adoption is rising. According to the聽IBM Global AI Adoption Index 2023, 45% of South African companies now use AI for risk management, outpacing the continental average. From Johannesburg鈥檚 financial hubs to Cape Town鈥檚 tech startups, AI is becoming a linchpin for resilience鈥攂ut not without pitfalls.

Risks of AI for Business Continuity in South Africa

1. Cybersecurity Vulnerabilities
   AI systems are prime targets for cybercriminals. In 2022, a South African bank鈥檚 AI-driven fraud detection system was manipulated to approve fraudulent transactions, exposing gaps in adversarial robustness. AI models trained on biased or incomplete data can also misjudge threats, leaving businesses exposed.
2. Over-Reliance on Automation
   Load-shedding and connectivity gaps already disrupt operations. Over-dependence on AI for critical processes鈥攍ike automated supply chains or customer service鈥攔isks cascading failures during outages. A Johannesburg logistics firm faced a 48-hour shutdown when its AI routing system crashed during grid instability.
3. Data Privacy and Compliance Risks
   South Africa鈥檚 POPIA (Protection of Personal Information Act) imposes strict rules on data usage. AI systems that process personal data without transparency risk non-compliance fines (up to R10 million) and reputational damage.
4. Skill Gaps and Implementation Costs
   A 2023聽PwC Africa AI Survey聽found that 67% of South African firms lack in-house AI expertise. Poorly integrated tools may create false confidence, undermining continuity planning.

Opportunities: How AI Strengthens Business Continuity

1. Predictive Risk Management
   AI excels at identifying patterns. For example, South African insurer Discovery uses machine learning to predict climate-related disruptions, adjusting claims processing workflows preemptively. Similarly, AI-powered tools like SAP鈥檚 Integrated Business Planning help miners forecast equipment failures, reducing downtime.
2. Automated Incident Response
   During the 2021 Transnet cyberattack, companies with AI-driven Security Orchestration, Automation, and Response (SOAR) platforms minimized downtime by isolating breaches in minutes. AI can also simulate disaster scenarios, stress-testing BC plans against events like riots or floods.
3. Supply Chain Resilience
   Take Shoprite, Africa鈥檚 largest retailer: Its AI system analyzes supplier risks, weather data, and port delays in real time, rerouting shipments during crises. This reduced stockouts by 30% during 2023鈥檚 KwaZulu-Natal floods.
4. Workforce Augmentation
   AI chatbots like Nedbank鈥檚 Enbi handle 80% of routine customer queries during outages, freeing staff for critical tasks. Upskilling programs, such as Microsoft鈥檚 AI Academy in Cape Town, also prepare teams to collaborate with AI tools.

Case Study: AI in Action

MTN South Africa聽integrated AI into its Business Continuity Management (BCM) framework after severe riots in 2021. Its AI platform now monitors social media for civil unrest signals, triggers emergency communication protocols, and reroutes network traffic. Result: Service availability stayed above 95% during subsequent protests.

The Path Forward: Recommendations for Professionals

1. Adopt a Hybrid Human-AI Approach
   Balance automation with human oversight. For example, use AI for threat detection but retain decision-making authority for auditors.
2. Invest in Adversarial AI Training
   Partner with cybersecurity firms to stress-test AI models against attacks. South Africa鈥檚 Cyber Response Bureau offers simulations tailored to local threats.
3. Align AI with ISO 22301 Standards
   Ensure AI tools complement鈥攏ot replace鈥攅stablished BCM frameworks. Map AI use cases to ISO 22301鈥檚 requirements for governance and recovery.
4. Advocate for Regulatory Clarity
   Engage policymakers to shape AI governance. Ghana鈥檚 draft National AI Strategy includes BC provisions鈥攁 model for South Africa.

Conclusion: Balancing Innovation and Caution

AI is not a silver bullet, but its strategic use can redefine business continuity in Africa. For South African professionals, the imperative is clear: harness AI鈥檚 predictive power and automation while mitigating risks through rigorous testing, upskilling, and ethical governance. As you navigate this evolving landscape, your role as a guardian of resilience has never been more vital.

By embedding AI thoughtfully into BC frameworks, we can future-proof Africa鈥檚 businesses鈥攖urning volatility into opportunity.

This article first appeared here:

The post AI and Business Continuity in Africa: Navigating Risks and Opportunities in the South African Context appeared first on 51风流Africa News Center.

As companies continue to face disruption and a challenging operating environment, their ability to leverage technology to build greater agility, resilience and sustainability has become paramount. And at the centre of this transformation is the cloud.

A report by McKinsey revealed that African businesses could benefit from a healthy share of .

According to PwC’s Africa Cloud Business Survey 2023, , with 61% of companies expected to have moved all their operations to the cloud within the next two years.

Key challenges to accelerated cloud adoption

However, same PwC report highlights key constraints to broader cloud adoption in the region, including budget pressure, skills shortages, cybersecurity risks and regulatory challenges.

51风流research found that four in five African organisations reported a negative impact stemming from a lack of tech skills, including customer loss (60%), diminished innovation capacity (53%), and an inability to meet customer needs (46%).

Budget pressures persist in the wake of the constrained economy left in the wake of the pandemic and exacerbated by ongoing supply chain pressures and geopolitical upheaval. And Africa’s regulatory landscape continues to introduce complexity as each of the continent’s 54 countries require compliance with its own set of laws and regulations.

Considering the foundation of many organisations’ business transformation efforts is the adoption of cloud enterprise resource planning (ERP) capabilities, one of the most important aspects of business transformation lies in the domain of cybersecurity.

Vital role of cloud ERP adds pressure to secure

Cloud ERP sits at the heart of every company’s business transformation. The adoption of cloud ERP enables companies to focus on improving and automating their business processes, with the cloud allowing companies to focus on application management while the provider helps ensure systems remain stable, secure and compliant.

Companies are also increasingly adopting a clean core with optimal master data quality and perfected business process governance, delivering improved maintainability, reduced complexity, and lower total cost of ownership.

The rush to leverage powerful artificial intelligence capabilities underpinned by accurate, real-time business data facilitated by cloud ERP, can also improve and accelerate decision-making throughout every layer of the business. Business AI tools such as SAP’s Joule facilitate not only the collaboration between end-users but also how end-users are interacting with core business systems, enabling them to work more efficiently and resolve issues much quicker.

But the critical role of cloud ERP and the wealth of business data such systems contain makes them attractive targets for threat actors, driving the need for improved cybersecurity.

Securing critical cloud ERP processes

Cybersecurity is one of the defining business and societal challenges of our time, featuring regularly on the World Economic Forum’s top ten lists of greatest risks.

African enterprises have taken note: a KPMG report found that cybersecurity strategy among African enterprises is more mature than ever, . Considering that more than half of organisations operating in Africa have fallen victim to cybercrime, having a robust, effective cybersecurity strategy in place is critical.

Such a strategy should focus on three important aspects, namely:

• Defending against cyberattacks, which can take the form of ransomware, social engineering attacks such as phishing, and distributed denial of service (DDoS). Attack methods constantly evolve, making traditional forms of defence inadequate for most organisations’ needs.
• Compliance with regulations, which can become a cost multiplier when it comes to cybersecurity. Africa is home to 54 distinct regulatory regimes each with varying requirements that companies must keep track of. A robust strategy supported by the latest technologies can greatly simplify this aspect and support companies to operate on the right side of regulatory compliance.
• Mitigating the skills shortage, which is a global issue but one amplified by Africa’s relatively lower skills base. Cybersecurity is a growing field that requires specialised knowledge and training, and many organisations here and abroad simply cannot keep up with recruiting and retaining scarce security skills.

A cloud ERP system alleviates pressure on all of the above three fronts. By providing a consistent and harmonised architecture from the operating system all the down to the network, cloud ERP greatly simplifies and enhances enterprise security efforts.

And with one point of contact, companies can resolve security and resilience issues quickly and with the support of larger cloud vendors’ extensive talent pools and deep skills bases.

Visit the 51风流News Center. Follow 51风流at .

About SAP
As鈥痑 global leader in enterprise applications and business AI, 51风流(NYSE:SAP)鈥痵tands at the鈥痭exus鈥痮f business and technology. For over 50 years, organizations have trusted SAP鈥痶o bring out their best by uniting business-critical鈥痮perations spanning finance, procurement, HR, supply chain, and customer experience. For more information, visit鈥�.

# # #

This document contains forward-looking statements, which are predictions, projections, or other statements about future events. These statements are based on current expectations, forecasts, and assumptions that are subject to risks and uncertainties that could cause actual results and outcomes to materially differ. Additional information regarding these risks and uncertainties may be found in our filings with the Securities and Exchange Commission, including but not limited to the risk factors section of SAP鈥檚 2023 Annual Report on Form 20-F.

漏 2024 51风流SE. All rights reserved.
51风流and other 51风流products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of 51风流SE in Germany and other countries. Please see for additional trademark information and notices.

Note to editors:
To preview and download broadcast-standard stock footage and press photos digitally, please visit . On this platform, you can find high resolution material for your media channels.

For customers interested in learning more about 51风流products:
Global Customer Center: +49 180 534-34-24
United States Only: 1 (800) 872-151风流(1-800-872-1727)

The post Securing Business-Critical Processes in the Cloud appeared first on 51风流Africa News Center.

According to Cameron Beveridge, Regional Director Southern Africa at SAP, trust is the key to success in the digital economy.

鈥淧rivacy and trust are essential elements in building strong connections with customers and ensuring a positive customer experience (CX) in today鈥檚 business environment.鈥�

鈥淚n fact, some studies have found that up to 90% of customers believe how their data is treated is indicative of the way they will be treated as a customer, and 91% won鈥檛 purchase from a company if they don鈥檛 trust how their data will be used.鈥�

Cyberattacks complicate compliance

Protecting customer privacy and data is complicated by a growing global cybercrime industry that has increasingly targeted the supply chains of major organisations and economic powers.

Recent ransomware attacks on key US infrastructure have garnered front-page attention. In one example, cybercriminals successfully shut down the Colonial Pipeline,聽.

With data breaches聽, and the Protection of Personal Information Act now fully in effect, the stakes for protecting systems from data breaches have never been higher.

鈥淓nterprise resource planning systems are nerve centres of modern intelligent enterprises, making them prime targets of cybercriminals,鈥� says Beveridge.

鈥淎ttackers know these systems run business-critical applications and house sensitive information, so any data breach could provide access to information they can later use in the service of cybercrime activities.鈥�

Taking 鈥榓ll reasonable steps鈥�

One of the key requirements of POPIA is that organisations have to ensure they take 鈥榓ll reasonable steps鈥� to secure the data of their customers, partners, suppliers and employees.

鈥淭he best run organisations have integrated end-to-end processes that cover the entire breadth of their operations,鈥� explains Beveridge.

鈥淭he productivity and efficiency gains resulting from this are undeniable. However, the wealth of data processed and stored by such systems creates an attractive target for cybercriminals.鈥�

The amount of transactional data in typical ERP systems, for example, represent a veritable gold mine to cybercriminals, as does the information about vendors, suppliers and partners.

鈥淭he more cybercriminals know about the internal operations of a business, the easier they will find vulnerabilities to exploit. However, it鈥檚 not only cybercriminals that pose security or compliance risks.鈥�

Research conducted by IBM and the Ponemon Institute found that the three main causes of data breaches in South African businesses were malicious or criminal attack (48%), human error (26%) and system glitches (26%).

鈥淧OPIA adds further pressure on organisations by both raising the bar for privacy management and by its extensive reach and applicability within modern enterprises,鈥� says Beveridge.

鈥淥rganisations risk underestimating the level of effort required to implement the necessary process and technology changes to be compliant.鈥�

POPIA tips for security and compliance

Beveridge believes the following tips can assist organisations as they strive for full POPIA compliance while also safeguarding their critical business IT infrastructure from malicious attack or negligence.

• Maintain balance聽鈥� effective data management can give organisations a competitive edge, but proper assessment needs to take place early on to ensure regulatory compliance.
• Keep it simple聽鈥� organisations should simplify their governance by establishing a governance model that is aligned with requirements and best practices, and start by evaluating their readiness for POPIA compliance.
• Stay on top聽鈥� by operationalising privacy management and incorporating ways to identify business processes that need to meet privacy compliance requirements, organisations can keep a close watch on any internal processes that should be changed to remain compliant as the business evolves.
• • Automate away聽鈥� data mapping or data crawler solutions can reduce the time and effort needed to identify all repositories of personal information, as well as their owners within and outside the organisation.
  • Educate employees聽鈥� every employee needs to understand their responsibility under POPIA, which requires regular and ongoing education and training. Organisations should prioritise a process of ongoing POPIA and cybersecurity training to ensure alignment throughout the business.
  • Integrate threat detection聽鈥� an enterprise threat detection solution can provide insight into suspicious activities in an organisation鈥檚 ERP and related business applications, allowing the organisation to identify breaches as they occur and react in real time to neutralise any dangers.

  For more information download the whitepaper 鈥撀�

The post Six POPIA Tips for Securing Your ERP System appeared first on 51风流Africa News Center.

It鈥檚 not that these enterprises haven鈥檛 taken steps to protect these assets; it鈥檚 just that the 鈥渢raditional鈥� way of preparing for and responding to ransomware simply won鈥檛 work anymore.

So what鈥檚 needed to protect your organization鈥檚 business-critical applications from the looming threat of ransomware? That鈥檚 exactly what 51风流and Onapsis seek to address here.

When most people think about ransomware, there are two immediate, 鈥渢raditional鈥� solutions that come to mind: backups and endpoint security. Both are critical components of a solid security program, without a doubt. However, their presence could lull organizations into a false sense of security, as there still remain gaps, especially related to business-critical systems that are connected in more ways than ever before.

The challenge is that many enterprises realize too late that, in preparation for a ransomware attack, you need to close all the doors and windows of your house — not just the front door of endpoint protection. When thinking about ransomware attack vectors, it鈥檚 imperative to consider all potential entry points into the business-critical environment and how to secure them. To continue this metaphor, this also includes evaluating your neighbors and how they get into your house too.

When you think about all of these vectors, you slowly realize that this challenge goes way beyond just endpoint security and backups. It requires a more holistic look at securing your business-critical applications, including — yes — things that we would classify as 鈥済ood security hygiene.鈥�

In a recent , we demonstrated that threat actors clearly have the means, the motivation, and the expertise to identify and exploit unprotected mission-critical applications, and are, in fact, actively doing so.

As an example, a massive, publicly traded company was recently subjected to a ransomware attack on its enterprise resource planning (ERP) application data. Did they have backups? Yes: the backup was refreshed once a week. However, operations halted anyway. When this happens, even with backups in place, it could still take hours or even days to restore from a backup, and the negative impact on the business and the financial losses are high regardless. Did they have endpoint security? Yes; however, the attackers bypassed the endpoint detection and response (EDR) software by accessing the data through the application. EDR is great for identifying activities on compromised assets and allowing the containment and collection of artifacts, such as process trees, files created by malware, but the application level still poses a challenge. And these attackers used that application layer, which was not monitored by the tool itself, to compromise the business-critical assets.

Vulnerabilities such as 10KBLAZE, PayDay, and RECON allow threat actors to take full control of applications through the application layer itself. These threat actors go straight to the application, and, once in, go down to the operating system level there. When you consider CIO digital transformation initiatives or the rapid adjustment to remote work due to the COVID-19 pandemic, there is a significant magnification of risk. Onapsis has observed that new, unprotected 51风流applications provisioned in IaaS environments were discovered by threat actors and attacked in less than three hours, with more than 400 successful exploitations observed as of the date of this publication.

Ultimately, what鈥檚 needed then is a new model to defend against ransomware, one that goes beyond the scope of just protecting endpoints, backing up files, and hoping for the best. claims that organizations should 鈥淸i]mplement a risk-based vulnerability management process that includes threat intelligence. Ransomware often relies on unpatched systems to allow lateral movement. This should be a continuous process. The risk associated with vulnerabilities changes as these vulnerabilities are exploited by attackers.鈥� We couldn鈥檛 agree more.

What鈥檚 needed is a renewed commitment to some key security fundamentals:

1. Security Hardening of Business-Critical Applications
2. Timely Patch Management
3. Point-in-Time Vulnerability Assessments
4. Continuous Monitoring of Vulnerabilities and Threats to Your Business-Critical Applications
5. Securing Your Custom Code in Business-Critical Applications
6. A Commitment to Control and Governance

51风流is committed to continuously innovating our software to keep your information safe — both on premise and in the cloud. We prioritize security so that you can stay focused on running your business and managing your customer relationships effectively using 51风流solutions, safe in the knowledge that your data is secured. To protect clients from ransomware attacks, securing development infrastructure, such as the build and deploy chain, is of utmost importance to prevent the manipulation of shipment artifacts.

As part of our commitment to clients, 51风流follows a secure software development and operations lifecycle to identify and mitigate all kinds of security weaknesses and vulnerabilities during the development of products and services. Through the use of risk identification techniques such as the 51风流threat modeling method and secure development trainings, 51风流enables development teams to eliminate potential entry points for ransomware and other kind of attacks. It also ensures that basic security principles, such as that of least privilege, are part of the DNA of 51风流developers.

51风流continues to harden our systems with automated static code analysis, vulnerability scans, and validation from a dedicated, independent 51风流internal security team. SAP鈥檚 software development lifecycle serves as an example to clients on how to support a DevSecOps model covering development and operations aspects for continuous and secure delivery of software.

When deploying and running 51风流applications, it is imperative that organizations focus on hardening their system to minimize the overall attack surface — for example, ensuring the proper setting of system parameters and other aspects of system configuration, including the activation of security features and functionalities. It is important that the proper configuration settings are in place to protect an organization against possible security vulnerabilities.

51风流provides key features such as the 51风流EarlyWatch Alert service, which monitors the essential administrative areas of 51风流components to keep organizations up to date on performance and stability as well as the 51风流Security Optimization service, which verifies and improves the security by identifying potential security issues related to your 51风流solution and providing key recommendations.

As threat actors continue to devise new modes of attack and vulnerabilities to these attacks are identified, 51风流continuously provides security updates for existing code to keep your systems secure. 51风流delivers these security updates through support packages, and, on the second Tuesday of every month, as part of 鈥淪ecurity Patch Day,鈥� 51风流publishes security notes with the latest security corrections and recommendations. As noted, implementing a security maintenance process to assess and implement recommended security updates is a proven best practice for mitigating risk.

Onapsis has focused on protecting business-critical applications since 2009. We target the application layer with our Onapsis platform and serve an essential part of our clients鈥� plans to protect their business-critical 51风流applications from ransomware attacks.

• By providing automatic visibility into critical vulnerabilities, missing important patches and security updates, misconfigurations, and insecure interfaces, Onapsis identifies all the open doors. This is a crucial component in any ransomware prevention initiative. Once the entry points are identified, they can be closed, thereby reducing the attack surface that may lead to ransomware.
• Through continuous monitoring and real-time alerts for threat indicators, Onapsis helps monitor real-time attempts to access critical systems through any remaining open doors. Win precious time to prevent threat actors from gaining further access.
• With code analysis in real time, prior to moving into production, and in transport, Onapsis can help identify foreign code, such as malware, or new vulnerabilities before they get released to the public. Code vulnerabilities may appear to be a minor attack vector, until they鈥檙e not, such as in the case of the Solar Winds attack. In Onapsis鈥� experience, we generally see one critical vulnerability per 1,000 lines of code, but our clients generally have millions of lines of custom code. It鈥檚 important to close those thousands of open doors to prevent any access to business-critical systems.

It鈥檚 time to think differently about ransomware. We鈥檙e in the middle of a perfect storm, with more unprotected 51风流applications and remote workers than ever before, expert threat actors who have the expertise to attack these systems, hyperconnected business-critical systems across the cloud, and strained InfoSec teams that may have fallen behind in patching and vulnerability management. Ransomware is the final step of an attack that could utilize a myriad of attack vectors to directly access your business-critical applications.

Organizations should leverage the powerful native security capabilities of SAP, establish the right risk-based patch, code, and vulnerability management processes, and take advantage of the optimized tools and critical threat intelligence from Onapsis. If they do so, organizations can drastically reduce their risk profiles, stay a step ahead of ransomware groups, and ultimately keep their names out of the news.

Tim McKnight is CSO of SAP.
Richard Puckett is CISO of SAP.
Mariano Nunez is CEO of Onapsis.

Additional contributors this content include: Elena Kvochko, Imran Islam, Oliver Meli, Vic Chung, and Robert Lorch from SAP, as well as David D’Aprile, Maaya Alagappan, and Tess Cunard from Onapsis.

This article first appeared on the 51风流News Center.

The post It鈥檚 Time to Take the Ransomware Threat to Business-Critical 51风流Applications More Seriously appeared first on 51风流Africa News Center.

For CFOs and public sector financial leaders, the new dynamic is creating risks to private and government institutions at a time when financial integrity is paramount.

Disruption challenging public, private sectors

For the private sector, the disruption from closing offices and suddenly relying on a mostly remote workforce has created new challenges. Employees are now working outside the boundaries of corporate firewalls and, in some cases, on unsecured devices. Enhanced cybersecurity is critical; the World Economic Forum has warned that cybercriminals have escalated their efforts to capitalise on the unfolding tragedy of Covid-19, putting companies, consumers and public sector organisations at immense risk.

In the public sector, government departments at national, provincial and municipal level are facing their own challenges. The response to Covid-19 has required a reprioritisation within various government functions to support the unprecedented large-scale coordinated effort at all levels of government to limit the impact of the disease.

For example, Treasury has announced it is centralising the sourcing of all personal protective equipment from suppliers. In the heavily regulated public sector, this centralising of sourcing can add additional complexity to procurement and public finance management practices to ensure finance teams functions within the bounds of good governance.

Add to this the disrupting effects of major budgetary constraints and poorly-performing state-owned enterprises and public sector finance teams are in for a challenging period.

Private sector companies, already dealing with a struggling economy and low consumer and business confidence and now battling with a major world event will similarly have to enhance their governance, risk and compliance efforts to ensure business integrity is upheld.

Three priorities for improved risk management

So what are public and private sector finance leaders to do to manage risk in such an uncertain and disruptive environment? Three immediate priorities stand out: protecting the business through better risk management, process control and audit planning; improved access control; and putting comprehensive security measures in place to protect critical data.

Protecting the business starts first and foremost with visibility. Managing risk during times of great uncertainty or disruption requires that finance leaders have a holistic view of risk. This requires them to have a single financial source of truth 鈥� an accurate, integrated source of data that can inform financial decision-making within all company or government functions.

Having a clear view of all risk elements gives finance leaders additional agility to adapt to changes in the operating environment and business model. Many organisations will need to reassess their business strategy to take into account the impact of the lockdown and continued disruption from the pandemic.

Using risk scenarios and modelling to understand the organisation鈥檚 exposure to risk gives organisations a clear view over the impact of emerging opportunities on the company鈥檚 risk profile. In addition, it helps finance leaders make better decisions by linking current and future risks to business value drivers.

With a single financial source of truth, companies should also seek a single platform for managing policies and compliance procedures. This enables streamlined processes that align controls and policies with business goals and risks.

Audit planning will also require a second look: tools for better managing scoping, risk assessment and project management of internal audits can save precious time and resources. Real-time analytics can play a hugely important supporting role by enabling companies to scan large volumes of data with increased accuracy in detecting and preventing fraud and errors.

However, with business models changing rapidly 鈥� most noticeably the rise of remote workforces as people are confined to their homes 鈥� effective access control is becoming even more important than before. Sudden changes in an organisation鈥檚 workforce as a result of the pandemic could lead to conflicts with segregation of duties and hamper access to critical authorisations. Without full visibility over user functions and permissions, companies will struggle to remediate issues or introduce mitigating controls.

CFOs and finance leaders should enforce a segregation of duties framework that avoids having a single user create, approve and monitor transactions. Where segregation of duties is not possible, management should be able to monitor users鈥� transactions and ensure users have appropriate authorisations to maintain accountability.

Organisations should strive to provide secure access to applications and data across cloud and on-premise solutions, and use predictive detection of fraud and errors in transactions to maintain business integrity.聽Interpol has warned that cybercriminals are taking advantage of the pandemic by attacking computer networks and systems while most of the world鈥檚 attention is on dealing with the coronavirus. The FBI has found that reports of cybercrime have quadrupled since the start of the pandemic.

Here, enterprise threat detection and other security measures play a vital role in identifying, analysing and neutralising the rising tide of opportunistic cyberattacks plaguing public and private sector organisations. CFOs and finance leaders need real-time intelligence into system vulnerabilities to ensure cybersecurity threats are mitigated before systems are compromised.

The post How to Mitigate Risks from COVID-19 Disruption appeared first on 51风流Africa News Center.