• COVID-19

    • Government Sector Whitepaper
      Effective management of information systems and communications is critical for the success of the public sector.

      Mining Sector

      Increase productivity & build a culture of innovation

      Financial Sector

      Meet the challenges of disruption & cyber security

      Healthcare Sector

      Empower your patients & leverage data by deploying customised solutions

      Retail Sector

      Embrace the changing retail landscape & know your customer

      Government Sector

      Use digital transformation to grow the economy & build capacity

      Industries Overview >

    • Innovation Through Simply Navigating The Complex

      Specialized digital diagnostics, solutioning, consulting, development and maintenance across legacy and cloud-based systems.

      Digital Innovation Awards

      BCX Digital Innovation Awards 2021

      BCX Exa

      Innovation through simply navigating the complex

      Digital Transformation

      Intelligent systems upgrading


      Data that works for you


      Tools to streamline operations


      Strategies for efficient ICT


      Computing for today & the future


      Protection for your critical systems


      Processes & network foundations


      Connections within & without


      Partnerships moving business forward

      Solutions Overview >

    • Speak To An Expert
      We'll need just a few details from you, and one of our specialists will be in touch as soon as possible.

      Employee Entrance:

      1021 Lenchen Avenue North
      South Africa

      Contact Us:

      +27 (0) 11 266 5000

      Visitors Entrance:

      1266 South Road
      South Africa
Home > How to Safeguard Your Company Against a Cyber Attack

How to Safeguard Your Company Against a Cyber Attack

10 August, 2017

One in every 214 emails sent in South Africa last year was a spear-fishing attack. You need to keep improving your security to protect your business from these kinds of cyber-crimes.

The Hollywood Presbyterian Medical Centre and San Francisco Municipal Transport Agency were recently hit with ransomware attacks against their systems. The cyber criminals didn’t ask for an outrageous amount and didn’t steal data, but the potential was there.

The time that the systems were down is what caused the most damage, as patients’ and drivers lives were at risk. “Although the actual ransom can be a small amount for large organisations, in terms of downtime, reputational risk and top-line revenue, it can cause substantial damage to any business,” says Marc Sorel, one of the leaders of McKinsey’s Cyber Solutions.

As the world becomes more digitised, the cyber threat grows rapidly. Not only do businesses have to worry about data being stolen and the amount of the ransom, but because your business had to effectively close for a period of time, you’ve lost momentum. This can cause businesses to struggle to maintain competitiveness and speed of innovation.

“But needing to plan out cyber security in a way that doesn’t slowdown digitisation and innovation is difficult,” says Dayne Myers leader of McKinsey’s Cyber Solutions. Otherwise, although you’ve protected your business from a cyber-attack, you’ve left yourself open to become stagnant, uncompetitive and disrupted by yours or other industries.




Companies understand that just because cyber-attacks have been in the headlines, it doesn’t mean that criminal activity is suddenly more prominent. It’s something that is being more glaringly exposed, which is why businesses continue to focus on the analysis around potential threats.

You can use secure enterprise architecture to incorporate security measures into the design of your IT architecture, instead of adding it as an afterthought. Here are four principles you need to take into account when implementing secure enterprise architecture:

  1. Align your business domain with your security requirements

Your traditional IT architecture is structured along a business’ domain that are based on business processes. For example, in a retail business these domains would include the supply chain or store management, according to McKinsey.

On the other hand, an optimised IT architecture will reflect both business systems and the risk exposure of assets and systems in each domain. When your security is built into the architecture it becomes an integral part of it, instead of adding complexity.

You need to consider your cyber security as a business issue not specifically a technology issue.

“That’s generally not sufficient to understand and manage the risk,” says Dayne Myers. “We’ve been advising companies to make that leap to make it a business issue, and to look at the tech within the ecosystem of the business as a whole.”

  1. Build toward modularity

You need to be able to adjust one domain without it affecting the security level of other domains. This modular structure offers your business security throughout multiple sectors to ensure you reduce the amount of cyber-attacks that occur within a specific domain.

“Insider threats are growing and your adversaries have devised attack methods in which they penetrate a network in multiple small steps over a period of weeks or even months,” says McKinsey. There are two distinct advantages of dividing your network into security domains:

  1. It creates boarders inside your network where traffic can be monitored to prevent something from infiltrating into more than one domain.
  2. Anomalies within a bordered domain are easier to pinpoint and monitor compared to changes happening across the whole network.
  3. Isolate matching capabilities

You’ll need to group similar process activities at the same capability level. For example, by matching up customer management and account management, you can make your cyber security architecture manageable and secure.

“The capability level is used to assess the risk exposure of assets and processes and to specify adequate and consistent levels of security requirements,” according to McKinsey. This allows you to define security domains to create protection for assets that have similar risk exposure across the architecture.

  1. Integrate throughout the supply chain

By using defined security domains and mapping assets end-to-end, allows you to determine with your business partners what level of security is required at each cross-organisational information port. McKinsey reports that this also serves to reduce the number of point-to-point links and drives trading-partner integration through well-defined and more easily protected APIs.

Attention to detail is vital when negotiating supply-chain integration, and shouldn’t be considered an added layer of complexity. Cyber attackers will always look for the weakest link in the chain.

Businesses around the world are facing a growing variety of cyber threats, all of which could cause dire consequences even to the largest conglomerate. To build large walls around your business could seem like the right solution, however, according to McKinsey this could impede your innovation, functionality and lead to new vulnerabilities within your company.

Your business needs to instead implement a security approach that is aligned with your business strategy and supported by both your IT department and business leaders. This will allow your cyber security to become a part of your business instead of a security guard standing outside the premises. “Historically, security was the responsibility of many people part-time instead of a few people full-time,” says Marc Sorel.  “Cyber security just isn’t getting the attention that it needs and deserves, especially in things like upstream application development for the digital tools that the business wanted to create.”

Incorporating both your security and business strategy will offer you the added advantage of having your security processes growing and scaling with your business as your priorities change.




During your transformational journey you’ll need a clear vision of your target, a solid road map for getting there, and a culture change to support the adoption journey. Here are a few steps you need to take along your digital transformation:

  • Decide on a vision – Your architecture can only be developed alongside your business strategy, so you need direction to begin with.
  • Create a strategy – Start at the important, technically advanced areas and work out from there.
  • Encourage usage – Incorporate security adoption into your company culture to ensure usage






 We'll need just a few details from you, and one of our specialists will be in touch

Please read our Privacy Statement & Consent Clause to understand what happens to your personal information.