Organisations face many threats that coarsely can be separated in inside threats and outside threats. Threats from insiders are especially hard to counter since insiders have special knowledge and privileges. Therefore, malicious insider actions are hard to distinguish from benign actions.
When considering security of organisations we must distinguish between threats and attacks. A threat is amenace against the organisation, that can be caused by, for example, insufficient security precautions, incorrect configuration of security devices, or human error. An attack, on the other hand, represents a realisation of a threat; an attacker has identified a threat and uses it to his advantage. Clearly organisations can face many threats and attacks at the same time.
While only an attack can potentially cause “real” damage, threats can for example cause loss of reputation. To minimize the likelihood of a certain attack to happen, organisations must therefore minimize the number of threats they are exposed to, or at least they must ensure that they can identify and are aware of threats.
Threats against an organisation can come from a multitude of sources, which can be classified based on different metrics. If we consider the origin of threats, they can coarsely be divided into threats from the outside and threats from the inside of the organisation’s perimeter. The usual goal of IT security precautions is to contain threats from the outside of an organisation; protecting the organisation’s perimeter and assets against outside threats is fairly well understood, and a multitude of techniques exist. These approaches usually assume that the inside of the organisation is well-behaved or trusted.
Threats from the inside, on the other hand, pose a completely different set of problems. Actors inside of an organisation are legitimated to perform certain actions as part of their work. It is therefore difficult to distinguish benign and malicious activities by insiders.
Insiders are trusted to adhere to the policies governing their work, and only to break them in certain situations. Different approaches to insider threats often use different definitions of what an insider is, and what constitutes an insider threat, and so do different communities.
Defining Insiders and Insider Threats
An insider is defined as an individual with privileged access to an IT system. This focus on IT systems is not surprising, since they often are used to realise insider attacks, and often are the source of insider threats. On the other hand organisations are so much more than their IT systems, and if already the fundamental definition is putting focus on a specific technique, it is dubious how well it will be useable to address the whole spectrum of issues.
Key issues here are: access to the system, ability to represent, knowledge, and trust by the organisation. An insider is a person that has been legitimately empowered with the right to access, represent, or decide about one or more assets of the organisation’s structure.
An insider threat is the threat that an insider can perform an action that violates the organisation’s goals or expectations. Goals and expectations can be realised as policies, but they can just as well be implicitly expected behaviour.
Mitigating Insider Threats
Containing insider threats requires three major components: identification of potential inside attackers and threats, monitoring. All of these techniques pose interesting research questions in the light of insider threats, mainly because of the fact that inside attacks are executed with the rights and privileges of legitimate actors. It is therefore so difficult to identify an attack once it started. It is therefore so important to develop techniques to identify insider threats before an attack.
When dealing with insider threats we need identifying techniques in a number of areas, including, e. g., legal frameworks, policies, and human behaviour. The main goal with these techniques is to provide classifications of events and observations to decide whether or not an insider attack is in progress or to be expected.
In the area of insider threats we have to deal with a number of conflicting goals in different areas, where realising either extreme results in severe consequences; These might, e. g., be violation of laws or serious damage of employees’ compliance with policies. Here we consider the two most serious ones, namely dealing with surveillance and privacy, and with regulation and autonomy.
4.1 Surveillance vs. Privacy
The agonism between surveillance and privacy can be seen as the most important conflict between goals. When monitoring as much as needed, this will with big probability violate privacy rights of employees and visitors, to name a few. When monitoring as little as possible to protect privacy, the monitored data will often not be meaningful to determine threats and attacks.
The problem is that the acceptable level can very well oscillate over time, depending on legal requirements, policies, and so on. Over-monitoring can result in an increased feeling of surveillance and distrust, resulting in a weakening identification of employees with an organisation.
Boitshepo Bolele is a Director at Hlanganani ICT Botswana, a BQA Accredited Institution, located at Unit 21 THE OFFICE. For preliminary assessment of Insider threats, contact us on3980483/ 3132255 / 72537788 or email email@example.com
This week, Botswana Telecommunications Corporation Limited (BTCL), the country’s only listed telecoms company, released its annual report for the financial year ended 31st March 2021.
The company, listed on the local bourse in a historic IPO in 2016, has been grappling with the uphill task of transforming from a wholly state-owned organisation to a fully commercial publicly listed entity. This excise has seen some financial years registering a decline in both revenue and profits.
On Tuesday, BTCL reported a significant rise in profits, attributable to a slight pick-up in revenue and serious cost containment measures. The beginning of the fiscal year saw the implementation of the company’s new three-year strategy, which is focused on strengthening the core business, optimising efficiencies and return on assets, and pursuing growth opportunities.
The start of the financial year coincided with the implementation of the national measures to contain the COVID-19 virus, leading to national lockdowns, which placed pressure on the BTCL performance for the first half of the year. “However, we have since seen a decent recovery in our financial performance year-on-year,” said BTCL Managing Director Anthony Masunga
BTCL Group, which comprises among other business segments: mobile, fixed and broadband, has reported revenue of P1.43 billion, which is a 1% increase over the prior year. According to BTCL directors, this increase in revenue was driven by the monetisation of significant investments in fixed and mobile broadband infrastructure in support of high-speed internet service at homes and offices across most parts of the country.
“We delivered a strong double-digit growth in profit after tax of 16% when compared with the prior year, driven by the slight increase in revenue and robust cost reduction strategies that improved EBITDA to P463 million, leading to an increase in cash,” Masunga explained. Cash and cash equivalents significantly increased by 20.4%, from P120 million in the prior year to P364 million at the end of March 2021.
The increase was driven by a positive cash conversion ratio of 52% and favourable working capital resulting from debt collection measures during the year. Masunga explained that the healthy cash balance enabled the BTCL to finance further expansion of its mobile data network and replace traditional copper connections with fibre to better support the needs of its customers.
“The uptake of our data products has been growing steadily, with the improving quality of service leading to increased revenues even as voice revenues declined,” he said. The cost of services and goods sold reduced by 3% from P612 million to P594 million when compared to the previous year, leading to an increase in gross profit for the year by 3%, an increase of P27 million to P832 million, translating to an improvement in gross profit margin from 57% to 58%.
Despite the increase in the top line, which would have led to a rise in the cost base, the Group Continued with its robust cost containment measures, leading to a slight increase in all other operating costs by P3 million. The control of costs led to an overall increase in the earnings before interest, depreciation, taxation and amortisation (EBIDTA) by P55 million, with a margin expansion of 370 basis points compared to the previous year.
The operating margin increased by 2% to 13%, coming from the earnings before interest and tax (EBIT) to P186 million, a P24 million increase compared to the prior-year figure of P163 million. Net interest increased significantly, driven by the new accounting treatment of the IRU liability. All the above led to an overall increase in the profit before tax of P27 million, which increased to reportable gain to P166 million.
The Group ended the year with a P135 million profit after tax compared to P117 million for the same period last year with a tax expense of P31 million in the current year, which is higher when compared to the P22 million reported in 2020. Therefore, the Group delivered an impressive 16% increase year-on-year with a 9% net profit margin, compared to 8% in the prior year.
BTCL continues to dominate the fixed-line business despite a continued reduction in the demand for fixed lines globally and locally. Trends continue to show an increased shift of consumer preference to mobile communications, a direction according to Anthony Masunga is due to his company’s “increased flexibility, convenience, and innovation.’
BTCL’s mobile phone market also continued to grow during the year, with many consumers owning multiple SIM cards from the three mobile network operators. Smega, BTC’s Mobile Money Services, saw significant growth in subscriptions during the year, and we expect to attract more customers as the Group continues the Visa card rollout.
Masunga boasted that Smega could interact with traditional banking systems, offering more convenience to BTCL customers. “The platform supports greater financial inclusion for the country’s sizeable unbanked population,” he said. BTC Board Chair Lorato Ntakhwana said that in the future, the 51 percent government-owned telecom giant will bank on its new 3-year strategy for growth paths.
She revealed that the new strategy would build on the great foundation set by its predecessor, enabling BTC to reap the full benefits of its digital infrastructure investment to drive the growth of the business.
Ntakhwana explained that the digital transformation of the business underpins the strategy to realise enhanced efficiencies and continue to maximise the utilisation of its technologies. “We remain committed to transforming BTC into a digital services company, leading the Fourth Industrial Revolution to create maximum shareholder value. We see technology and digitisation as a vehicle to the provision of solutions to the nation’s challenges,” she said.
First National Bank Botswana (FNBB) has released its audited summarised consolidated financial statement for the year ended 30 June 2021. According to the statement, the balance sheet reduced by 6% year-on-year primarily due to declining gross advances to customers. Credit risk remained heightened amid the prevalent economic uncertainty of the COVID-19 pandemic.
The bank said it continued to apply a prudent approach to lending to ensure responsible and manageable consumer exposure, which resulted in a decline in gross customer advances by 7% while gross market advances increased by 4%.
Retail advances experienced a sharp decline of 7%, while the Botswana retail market increased by 9%. According to the bank’s financial statement, the decline was driven by competitive pressures, with the market extending loan tenures, resulting in increased market debt. However, the bank maintained its existing affordability criteria and a selective approach to retail exposure.
The corporate segment experienced remarkable growth of 19% year on year. In comparison, the commercial advances portfolio reduced 19% because of a cautious lending risk appetite, a reduction in the Non-Performing Loans (NPL) and the overall lack of growth in the market.
The combined result of FNBB’s commercial and corporate advances was a decline of 7% against the overall comparable decrease of 3% in the market. While actively looking for the opportunities arising out of the anticipated recovery pattern, the bank said it would continue to be cautious in maintaining the quality of its credit book.
NPLs, according to FNBB financial declined by 11% year-on-year from P1.2 billion to P1.09 billion, resulting in a NPL/gross advances ratio of 7.3% as of 30 June 2021. FNBB stressed that reduction in NPL was primarily due to a recoverability assessment of long-outstanding NPL loans resulting in the write-off of irrecoverable loans. The closing provision levels remain appropriate.
The June 2020 deposit portfolio experienced significant growth following the reduced spending commensurate with the lockdown restrictions and deferred capital expenditure cycles by corporates. In the June 2021 results, deposits declined from P23.2bn to P21.4bn (8% decline), driven by an increase in activity following the lifting of COVID-19 restrictions and the normalisation of the market liquidity.
Investment securities declined by 17% year-on-year following the normalisation of market liquidity to pre COVID-19 levels. The decline was driven by the drop in short term assets at the back of the decrease in demand deposits.
FNBB indicated that it had demonstrated a resilient performance amid COVID-19 uncertainty shown by maintaining the profit before tax despite the significant reduction in the Bank Rate. This was underpinned by the normalisation of credit losses and a resilient non-interest revenue (NIR) base. Return on equity of 18.2% (2020: 20.1%) has declined due to the conservative level of capital held over the financial year, as well as the 2% reduction in profit after tax.
The past year has presented itself as a real and severe economic test, and FNBB has shown that its income streams are resilient while a critical focus has been on strengthening the balance sheet. A decrease of 15% in interest income was driven by the reduction in the Bank Rate, the decline in the advances book, and a change in the advances portfolio mix.
This was further driven by the fall in the cash and investment portfolio interest income due to the reduction in risk-free rates and lower yields across investment securities for a portion of the year. Interest expense decreased 22% following an 8% decrease in deposits and the Bank Rate reduction. The deposit mix shifted from overnight deposits to term deposits as clients sought higher yields.
Impairments declined by 43% year-on-year, driven by a 49% reduction in both Stage 1 and 2 impairments, as well as a 40% reduction in Stage 3 impairments. The stage 1 and 2 impairment decline followed a reduction in the gross advances exposure and the normalisation of impairments in June 2021.
The Stage 3 impairments decline, is attributed to a reduction in defaults over the period, with the bank has partnered with clients to help their businesses through the pandemic. The P180m reduction in impairments decreases the credit loss ratio to 1.6% (2020: 2.6%).
De Beers Group on Wednesday announced the value of rough diamond sales (Global Sightholder Sales and Auctions) for the seventh sales cycle of 2021.
Figures show continued growth in rough sales, bolstered by solid demand for polished goods in the key markets of the United States of America and China. The 2021 cycle seven rough sales clocked a provisional figure of $514 million, a slight increase from $513 million recorded in the previous cycle. The jump, however, is a significant increase when mirrored against the 2020 cycle 7 figure of $334 million.
Owing to the restrictions on the movement of people and products in various jurisdictions around the globe, De Beers Group continued to implement a more flexible approach to rough diamond sales during the seventh sales cycle of 2021, with the Sight event extended beyond its typical week-long duration.
As a result, the provisional rough diamond sales figure quoted for Cycle 7 represents the expected sales value for 23 August to 7 September. It remains subject to adjustment based on final completed sales. Commenting on the sales results Bruce Cleaver, Chief Executive Officer of De Beers Group, said sentiment in the diamond industry’s midstream continues to be positive, as reflected in the company’s sales for Sight 7.
Cleaver explained that demand for rough diamonds results from robust demand for polished diamonds in De Beers’sBeers’s key markets of the US and China. He highlighted that the midstream’s optimism for the remainder of the year was also evident at the recent JCK Las Vegas trade show, which was a success despite being held under challenging circumstances.
“As we now head towards a traditionally slower period for rough diamond sales, we remain cognisant of the risks to economic recovery from the global pandemic,” he said. De Beers impressive rough sales run is against the backdrop of performance come back in the first half of the year.
The revenue for the first six (6) months of 2021 demonstrated resilience and an impressive comeback following a devastating 2020. The more significant part of 2020, in particular, the first half of the year, was characterized by low demand across the entire diamond value chain due to the COVID-19 pandemic.
Countries put measures to curb the spread of the virus that broke out of China in late 2019; this came with travel restrictions that curtailed the movement of goods and people, reducing trade to record low levels. However, this year as crucial markets continue to reopen and exhibit signs of pre-covid demand levels, De Beers total revenue for the first half of 2021 increased significantly to $2.9 billion (Over P32 billion) from $1.2 billion (P13 billion), mirroring a jump of over 141%.
The growth in revenue for the first half of the year was bolstered by continued recovery in global consumer demand for diamonds, as the industry dusts itself from the impact of Covid-19, supported by fiscal stimulus in the US and the roll-out of Covid-19 vaccines. Restrictions on international travel and entertainment over the pandemic resulted in higher discretionary spending on luxury goods, including diamond jewellery.
In the first six months of 2021, the cutting centres achieved strong sales of polished diamonds in response to the ongoing recovery of consumer demand. However, the severe Covid-19 wave in India during April and May reduced capacity to cut and polish operations within the critical Indian midstream sector, further exacerbated by polished diamond grading backlogs in critical markets.
The relative shortage of polished supply contributed to a positive, polished price trend in the first half of 2021. The recovery of demand in all parts of the pipeline enabled rough diamond producers to destock at the start of 2021. This robust demand, combined with supply constraints arising from production challenges, created a favourable dynamic in the first half of 2021 that supported higher rough diamond prices.
At half-year, De Beers rough diamond sales had risen to $2.6 billion from $1.0 billion in the half-year 2020, and this was driven by robust rough diamond demand as the midstream pulled through stocks in response to the recovery in consumer demand, with rough diamond sales volumes significantly higher at 19.2 million carats from 8.5 million carats in the first six (6) months of 2020.