Wolfpack Information Risk

The Wolf Howl November 2023 Edition – Guarding Against Black Friday Scams: Essential Tips for a Secure Shopping Season / Incident Management Webinar

Wolfpack Information Risk provides specialist information and cyber threat consulting, training, awareness and incident support services to African governments and organisations.

Mission: We are passionate defenders of communities, companies, and countries against cyber threats.

Vision: Wolfpack will be the catalyst that drives the greatest positive cybersecurity impact on the African continent.


Greetings Cyberwolves

As the excitement of the holiday season draws near, so does the Black Friday shopping frenzy when shopping deals are plentiful. Amidst the rush for bargains, cybercriminals seize the opportunity to prey on unsuspecting shoppers through elaborate scams and fraudulent schemes. At Wolfpack, we believe that staying informed and vigilant is key to enjoying a secure shopping experience during these bustling few months.

Black Friday is a magnet for cyber scams, ranging from phishing emails and fake websites to counterfeit products and malicious software. Our mission is to provide cutting-edge cybersecurity solutions and empower you with knowledge that safeguards your online presence.

In this newsletter, we aim to equip you with essential tips to fortify your defences and navigate the Black Friday shopping spree and upcoming Christmas shopping safely:

Assess and Evaluate Websites: Stick to reputable and well-known online retailers. Verify website URLs for authenticity, check for HTTPS encryption, and look out for misspellings or suspicious domains.

Beware of Phishing: Exercise caution with unsolicited emails, messages, or pop-ups offering unbelievable deals. Avoid clicking on suspicious links or providing personal information. 

Secure Payments: Opt for secure payment methods. Avoid using public Wi-Fi for transactions, and consider using payment platforms that offer buyer protection.

Update Security Software: Ensure your devices have the latest security updates and antivirus software installed to prevent malware attacks. 

Stay Informed: Keep abreast of the latest scams and cyber threats. Follow reputable cybersecurity sources for updates and tips on staying safe online. 

With these tips, you can confidently navigate the Black Friday and upcoming Christmas shopping landscape, minimising risks and maximising your joy in finding great deals.

Stay tuned for more tips and insights from Wolfpack to make this silly season rewarding and secure.

Yours Securely

We would like to invite you to register for the Incident Management Webinar on the 7th of December 2023 from 09:00 to 10:00

Register here! 

The final webinar in the series will focus on Incident Management, cybercrime incident trends, cybercrime attempts and the impact of cybercrime in South Africa. 

Experts from Synack will join our host, Craig Rosewarne, as they deep dive into Incident Management and discuss – Enabling a Resilient Security Posture with Strategic Security Testing!

By registering for this final webinar in the 2023 series, you will be granted access to the full 2023 SA Information Security Thermometer report.  Once you sign into the platform go to the report section.

The pending Joint Standard on Cybersecurity and Cyber Resilience Requirements released by the Financial Sector Conduct Authority (FSCA) and the South African Reserve Bank (SARB) / Prudential Authority requires compliance by December 2024.

Some customers need assistance to comply with these requirements, as using manual systems and Excel templates is time-consuming and diverts cybersecurity staff from other duties. This is a new requirement, in addition to other auditing and compliance requirements increasing staff workloads.

To ensure that their institutions comply with the Cybersecurity and Cyber Resilience Requirements Joint Standard, governing bodies must act in accordance with their risk appetite, nature, size, and complexity:

  • Work with senior management to establish a sound and robust cybersecurity strategy and framework.
  • Make management responsible for collaborating with other stakeholders to ensure cyber resilience.
  • Clearly define roles and responsibilities for security in their contracts and Service Level Agreements with third-party service providers.

Security and Risk Managers have the following challenges:

  • Manual collection of data for internal and third-party assessments is costly and time-consuming.
  • Reporting lacks business context, making it difficult for the board and business stakeholders to understand the impact and urgency of security risks fully.
  • Lack of effective tools to create multiple risk treatment options and what-if scenarios

Wolfpack has assessed the standard and created a new service offering to help customers fully address the Joint Standard requirements in time.

Our solution comprises a platform and consulting services, including best-of-breed tooling and remediation assistance. Wolfpack is well-positioned to assist as we have proven Industry experience in the banking and financial services sectors. We have extensive breadth and depth of cybersecurity expertise experience for the cyber risk management domain:

GRC: ISO27 x Assessment & Implementation Experience, Cyber Risk Assessments (ISO 27005 & custom frameworks).

Technical Cyber Defence: NIST CSF, CIS v8 Assessments, Threat Modelling, Incident Readiness Reviews, Incident Response Support.

Cloud Security Architecture and Operations: Cloud Security Reviews, Cloud Incident Response.

Vulnerability Management: Continuous Vulnerability Management, Vulnerability Prioritisation Tooling and Process Design.

Cyber Risk Quantification.

Incident Response Competencies.

The pending Joint Standard on Cybersecurity and Cyber Resilience Requirements released by FSCA and SARB (Prudential Authority) seeks to achieve the following:

  • Set minimum standards for sound practices and processes for cybersecurity and cyber resilience.
  • Ensure financial institutions implement processes and have tools and technology to prepare, respond to, and recover from cyberattacks.

The Joint Standard has the following features:

  • Coverage: includes both the cybersecurity and the broader cyber resilience domains.
  • Applicability: banks and other financial institutions (insurance, market infrastructure companies, etc.).
  • Proportionate Implementation: risk appetite, nature, size and complexity of institution will drive implementation parameters.

The analysis will focus on the core disciplines, business context, technology context, governance, risk, and compliance.

The Joint Standard applies to the following types of Financial Institutions: 

  • Banks, branches and controlling companies governed by the Banks Act.
  • Mutual banks and controlling companies governed by the Mutual Bank Act.
  • Insurers and controlling companies governed by the Insurance Act.
  • Investment managers governed by the Collective Investment Scheme Act.
  • Market infrastructures governed by the Financial Markets Act.
  • Discretionary FSPs governed by Chapter II of the Notice on Codes of Conduct for Administrative and Discretionary FSPs.
  • Administrative FSPs governed by Chapter I of the Notice on Codes of Conduct for Administrative and Discretionary FSPs.
  • Pension funds registered under the Pension Funds Act.
  • OTC derivative providers governed by the Financial Markets Act Regulations.
  • Registered credit rating agencies.

The Joint Standard has the following objectives:

Governance: Explicit responsibility assignment for cyber risk governance/oversight and ‘separation of concerns’ with operational management teams.

Cybersecurity Strategy and Framework: Formally defined and approved by the governing body and with requirements to facilitate tracking and reporting cyber risk metrics.

Cybersecurity and Resilience Fundamentals: Core controls covering, IAM, Data Security, AppSec and other control domains.

Cybersecurity Hygiene: More ‘prescriptive’ guidance for some core controls.

Contact us to discuss the details of our approach, costing model and important features of our service to assist with compliance to the Joint Standard. Please email info@wolfpackrisk.com for further information.

Cape Talk’s Lester Kiewit examines how WhatsApp accounts are being hijacked for ransom.

Wolfpack’s Leon Hannibal shares his  tips and insights.

Two of the country’s largest consumer credit reporting agencies, TransUnion and Experian, may have been hit by a fresh data hack, potentially exposing South Africans’ financial and personal data.

The Industrial and Commercial Bank of China’s (ICBC) U.S. arm was hit by a ransomware attack that disrupted trades in the U.S. Treasury market on Thursday, the latest in a string of victims ransom-demanding hackers have claimed this year.

The Adventures of CISO Ed & Co attempts to highlight the everyday frustrations, heroism, and insights of CISOs and infosec teams while bringing some fun to the serious business of cybersecurity. We hope CISO Ed & Co. brings a grin as you  go about your day. Compliments of Balbix

Let us help you understand online store scams #protectioninthepack #onlinestorescams #blackfriday

The cyber landscape is evolving. Just as solutions enhance and technology adapts, so do cybercriminals and their stash of tools.

Arctic Wolf Labs has been following every threat actor move closely over the course of the year and based on the insights and data collected by our solutions, have gathered five core predictions that trace the development of several trends and anticipate which ones are poised to take significant steps forward in the year ahead. 

Download the full report to see the rest of our predictions, insights, and guidance for organisations as 2024 approaches, or register for the webinar on the 12th of December 2023. 

Building cyber resilience: Why cyber resilience must be a boardroom priority.  Ziyasiza Insights and conversations with thought leaders. In collaboration with Wolfpack Information Risk.

In October, we introduced you to The Cybercrime Operational Behaviour Response Alliance (COBRA). These cyber investigators wish to bridge the gap between cyber investigators and victims of cybercrime and provide a community service to assist victims of cybercrime in understanding how the incident took place, how to secure themselves from future attacks and obtain possible justice through their case being investigated by trained investigators instead of simply feeling helpless and not doing anything about the incident. Each case investigated generates actionable intelligence and statistics that will make a difference in the fight against cybercrime in SA. 

If you have been a victim of cybercrime, you may submit your scams, information and cases for investigation to osint@wolfpackrisk.com

Please share this newsletter if you have benefited from the content.

We look forward to hearing from you.

Scroll to Top