Organisations face many threats that coarsely can be separated in inside threats and outside threats. Threats from insiders are especially hard to counter since insiders have special knowledge and privileges. Therefore, malicious insider actions are hard to distinguish from benign actions.
When considering security of organisations we must distinguish between threats and attacks. A threat is amenace against the organisation, that can be caused by, for example, insufficient security precautions, incorrect configuration of security devices, or human error. An attack, on the other hand, represents a realisation of a threat; an attacker has identified a threat and uses it to his advantage. Clearly organisations can face many threats and attacks at the same time.
While only an attack can potentially cause “real” damage, threats can for example cause loss of reputation. To minimize the likelihood of a certain attack to happen, organisations must therefore minimize the number of threats they are exposed to, or at least they must ensure that they can identify and are aware of threats.
Threats against an organisation can come from a multitude of sources, which can be classified based on different metrics. If we consider the origin of threats, they can coarsely be divided into threats from the outside and threats from the inside of the organisation’s perimeter. The usual goal of IT security precautions is to contain threats from the outside of an organisation; protecting the organisation’s perimeter and assets against outside threats is fairly well understood, and a multitude of techniques exist. These approaches usually assume that the inside of the organisation is well-behaved or trusted.
Threats from the inside, on the other hand, pose a completely different set of problems. Actors inside of an organisation are legitimated to perform certain actions as part of their work. It is therefore difficult to distinguish benign and malicious activities by insiders.
Insiders are trusted to adhere to the policies governing their work, and only to break them in certain situations. Different approaches to insider threats often use different definitions of what an insider is, and what constitutes an insider threat, and so do different communities.
Defining Insiders and Insider Threats
An insider is defined as an individual with privileged access to an IT system. This focus on IT systems is not surprising, since they often are used to realise insider attacks, and often are the source of insider threats. On the other hand organisations are so much more than their IT systems, and if already the fundamental definition is putting focus on a specific technique, it is dubious how well it will be useable to address the whole spectrum of issues.
Key issues here are: access to the system, ability to represent, knowledge, and trust by the organisation. An insider is a person that has been legitimately empowered with the right to access, represent, or decide about one or more assets of the organisation’s structure.
An insider threat is the threat that an insider can perform an action that violates the organisation’s goals or expectations. Goals and expectations can be realised as policies, but they can just as well be implicitly expected behaviour.
Mitigating Insider Threats
Containing insider threats requires three major components: identification of potential inside attackers and threats, monitoring. All of these techniques pose interesting research questions in the light of insider threats, mainly because of the fact that inside attacks are executed with the rights and privileges of legitimate actors. It is therefore so difficult to identify an attack once it started. It is therefore so important to develop techniques to identify insider threats before an attack.
When dealing with insider threats we need identifying techniques in a number of areas, including, e. g., legal frameworks, policies, and human behaviour. The main goal with these techniques is to provide classifications of events and observations to decide whether or not an insider attack is in progress or to be expected.
In the area of insider threats we have to deal with a number of conflicting goals in different areas, where realising either extreme results in severe consequences; These might, e. g., be violation of laws or serious damage of employees’ compliance with policies. Here we consider the two most serious ones, namely dealing with surveillance and privacy, and with regulation and autonomy.
4.1 Surveillance vs. Privacy
The agonism between surveillance and privacy can be seen as the most important conflict between goals. When monitoring as much as needed, this will with big probability violate privacy rights of employees and visitors, to name a few. When monitoring as little as possible to protect privacy, the monitored data will often not be meaningful to determine threats and attacks.
The problem is that the acceptable level can very well oscillate over time, depending on legal requirements, policies, and so on. Over-monitoring can result in an increased feeling of surveillance and distrust, resulting in a weakening identification of employees with an organisation.
Boitshepo Bolele is a Director at Hlanganani ICT Botswana, a BQA Accredited Institution, located at Unit 21 THE OFFICE. For preliminary assessment of Insider threats, contact us on3980483/ 3132255 / 72537788 or email email@example.com
Strategic partnership offers inherent benefits of global knowledge, African insights, and local expertise and commitment
Minet Group and Africa Lighthouse Capital today announced that they have received regulatory approval and fulfilled all requirements to acquire Aon’s shareholding in Aon Botswana, and consequently will begin the process to rebrand to Minet Botswana.
Minet Group is a well-known and trusted pan-African risk advisory firm and Aon’s largest Global Network Correspondent and has been rapidly expanding its African footprint since 2017 through the acquisition of operations from global professional services firm Aon in Kenya, Lesotho, Malawi, Mozambique, Namibia, Tanzania, Uganda, and Zambia. Minet has been delivering world class products and services across Africa for over 70 years.
Africa Lighthouse Capital (ALC) is a leading Botswana citizen-owned private equity firm focused on investing in Botswana companies and propelling them into regional champions, with over BWP 500 million in funds under management.
The new entity will be rebranded to Minet and will inherit deeply rooted respect by its clients for their innovative and locally relevant solutions, responsiveness, and efficient processes. Furthermore, it shall have the benefit of consistency in leadership and staffing, with Barnabas Mavuma, previously Managing Director of Aon Botswana, continuing to lead the business as the MD supported by the local management team.
“The addition of Minet Botswana to our growing African network affirms our belief in the great opportunities for growth that Africa offers, driven by rising consumer demand, huge investment in infrastructure and quick adoption of new technology,” says Joe Onsando, CEO at Minet Group.
“This transaction significantly adds to the diversity and skills base of our team and will have a positive impact on the range of products and services we provide. Our Correspondent agreement with Aon gives us access to global expertise and data driven insights and uniquely positions us to deliver risk advisory solutions that reduce volatility, thus driving improved performance for our clients. This is a very exciting time to be Minet in Africa.”
“The significantly increased Botswana citizen shareholding effected by this transaction gives rise to an exciting era of local market focus and growth for Minet Botswana,” says Bame Pule, Founder and CEO of Africa Lighthouse Capital. “We intend to work with Minet Botswana’s local management team to further localise the business in terms of product development, while at the same time investing in local skills development and business development. We look forward to this exciting journey, which will result in a significantly enhanced service offering for Minet Botswana’s clients.”
Consequently, and similar to the other members of the Minet Group, Minet Botswana becomes an Aon Global Network Correspondent, retaining its access to Aon’s resources, technology, and best practises, combined with the benefit of independent, local agility. This transaction furthermore significantly increases local shareholding, enabling operations to become even nimbler and better positioned to unlock new and existing growth opportunities.
Clients of Minet Botswana will experience continuity of product and service delivery standards in the short term. In the near future, they can expect an enhanced offering that combines agility with technology and product innovation, tailormade for their specific needs.
Together, Minet and ALC bring a sound understanding of local market conditions, strong governance, and an established track record in the region. These qualities, combined with Aon’s global capabilities and expertise, will bring clear benefits for clients.
This transaction vastly increases citizen ownership with shareholders who are going to be active in the business. The transfer of equity interests in Botswana to investors with local and regional expertise, presence and commitment will allow the businesses to move quickly in line with market movements, and to introduce products that are tailored to the local market.
“Minet’s commitment and drive to incessantly adapt to changing market conditions, and to innovate to meet the unique insurance demands of the African continent, while maintaining the high standards customers have come to expect – Onsando concludes – will continue to grow and give Minet a powerful competitive edge within the African market”.
French President Emmanuel Macron received 21 Heads of state and government officials from Africa during the recent summit on the Financing of African Economies that focused on Africa to take full advantage of the tectonic shifts in the global economy and the call for a joint effort for financial and vaccination support for the continent.
President Emmanuel Macron stressed that “Most regions of the world are now launching massive post-pandemic recovery plans, using their huge monetary and fiscal instruments. But most African economies suffer the lack of adequate capacities and such instruments to do the same. We cannot afford leaving the African economies behind.
We, the Leaders participating to the Summit, in the presence of international organizations, share the responsibility to act together and fight the great divergence that is happening between countries and within countries.
This requires collective action to build a very substantial financial package, to provide a much-needed economic stimulus as well as the means to invest for a better future. Our ambition is to address immediate financing needs, to strengthen the capacity of African governments to support a strong and sustainable economic recovery and to reinforce the vibrant African private sector, as a long-term growth driver for Africa.”
For her part, International Monetary Fund (IMF) Managing Director Kristalina Georgieva highlighted that “there is urgency to focus on financing Africa. Last year, the pandemic-caused recession shrank the GDP of the Continent by 1.9 percent – the worst performance on record. This year, we project global growth at 6 percent, but only half that 3.2 percent for Africa.” Adding that Africa needs to grow faster than the world at 7 to 10 percent to meet the aspirations of its youthful populations, and become more prosperous and more secure.
Georgieva revealed that the price tag on the shot is estimated to be “$285 billion through 2025. Of this $135 billion is for low-income countries. This is the bare minimum. To do more – to get African nations back on their previous path of catching up with wealthy countries – will cost roughly twice as much. These are large numbers. They may seem out of reach. But to quote Nelson Mandela: impossible until it is done.”
The main areas of interest to achieve this include; first, end the pandemic everywhere, 40 percent of the population of all countries is targeted to get vaccinated by the end of 2021, and at least 60 percent by mid-2022.
Second, bilateral and multilateral developmentfinancing grants and concessional loans ought to go up. Over the last year, the IMF have swiftly ramped their financing for the Continent, including providing 13 timestheir average annual lending to sub-Saharan Africa. And are working to do much more. The IMF has also received support to increase access limits so they can scale up their zero-interest lending capacity through the Poverty Reduction and Growth Trust.
The IMF has also devised exceptional measures. Their membership backs an unprecedented new allocation of Special Drawing Rights (SDR) of $650 billion, by far the largest in their history.Once approved, which is intended to be achieved by the end of August, it will directly and immediately make about $33 billionavailable to African members. It will boost their reserves and liquidity, without adding to their debt burden.
Over the course of the last year, the IMF has built experience in facilitating the on lending of SDRs – thus managing to triple their concessional lending capacity as a result.
The Third being, actions at home. According to Georgieva “a crisis is an opportunity for transformational domestic reforms that increase domestic revenue, improve public services, and strengthen governance. For instance, digitalization can improve tax administration and revenue collection, and the quality of public spending. And with radical transparency, Africa can tap into new sources of finance – such as carbon offsets.
There is ample scope for countries to encourage private investment, including in social and physical infrastructure. New IMF research, published today, highlights that domestic and international investors could provide at least 3 percent of GDP per yearof additional financing by the end of this decade.”
Reforms of international taxation can also support Africa’s growth. For a long time, the IMF has been in favor of minimum corporate tax rates to reduce the race to the bottom and tax avoidance. And they strongly support an international agreement on digital tax, something France has been a leading voice for. It is important to secure fair distribution of tax revenues, so they can contribute to closing Africa’s financial gap.
Georgieva called on to each and every one to step up. Reminding the attendees that from history they are all familiar with what a shock of this magnitude can do if not countered forcefully and effectively.
De Beers’ Group, the world’s number one diamond producer by value, this week attributed the downfall of its sales for the fourth cycle week to the second wave of the Covid-19 variant (B.1.617.2) which was first discovered in India.
Diamond trading conditions have been hit by the Covid-19 crisis in India which is a major cutting and polishing centre for the world’s diamond trade.
The outbreak of the new variant has led to a humanitarian crisis with 280, 284 fatalities of the disease reported.
The London headquartered company said the sales in its fourth cycle fell to $380m (about P4.1 billion) down from $450m (about P4.8 billion) in the third cycle though it was higher than the fifth cycles of last year when the group shifted only $56m (P600 million).
De Beers emphasized that they continued to implement a more flexible approach to rough diamond sales during the fourth sales cycle of 2021, with the Sight event extended beyond its normal week-long duration.
The De Beers group Chief Executive Officer (CEO), Bruce Cleaver said the company continues to see robust demand for diamond jewellery in the key US and China consumer markets.
“However, the scale of the second wave of Covid-19 in India, where the majority of the world’s diamonds are cut and polished, has led to reduced midstream capacity and subsequently lower rough diamond demand, during what is already a seasonally slower time of year for midstream purchases,” said Cleaver.
Meanwhile Botswana health officials have confirmed the new Covid-19 variant in Botswana. The Ministry of Health and Wellness -through a press statement- informed members of the public that the variant (B.1.617), was confirmed in Botswana on 13th May 2021.
According to Christopher Nyanga, spokesperson at the Ministry, this followed a case investigation within Greater Gaborone, involving people of Indian origin who arrived in the country on the 24th April 2021.
Moreover the World Health Organization (WHO) recently announced that the Indian Covid-19 variant was a global concern, with some data suggesting that the variant has “increased transmissibility” compared with other strains.
The India variant (B.1.617.2) – is one of four mutated versions of the coronavirus which has been designated as being “of concern” by transitional public health bodies, with others first being identified in Kent, South Africa and Brazil.
Nevertheless when speaking at Bank of America Global Metals and Mining conference, Anglo American Chief Executive Officer, Mark Cutifani said the company portfolio is increasingly tilted towards future enabling products and those that need to decarbonise energy and transport in order to meet consumers’ needs – from home appliances, electronics and infrastructure, to food and luxury goods.
“We see material opportunity for Anglo American to continue to set itself apart in terms of the performance of our diversified business, further enhanced through sector-leading 25% volume growth over the next four years, led by copper and the platinum group metals,” said Cutifani.
“Most importantly, as the supplier of such critical materials, it is the duty of our industry to ensure that in everything we do, we act responsibly and deliver enduring value for our full breadth of stakeholders, including our planet.”