The tech firm says its is the first secure data exchange in Africa.

In the wake of the recent Experian cyberattack, the team at Cape Town-based technology firm Omnisient says their secure data exchange platform can reduce the risk of interception by hackers.

As more South Africans work from home, shop online and the economy shifts to digital channels, the threat of cyberattacks has become a growing reality.

FNB, Standard Bank, and African Bank warned their customers in August to be vigilant after it was found that some clients were among victims of a data breach at one of the world’s top credit bureaus, Experian.

The hack exposed some personal information of as many as 24-million South Africans and nearly 800,000 businesses, the SA Banking Risk Centre (Sabric), a non-profit organisation set up by major lenders to combat bank-related organised crime, said in a statement recently.

Founded by technology veterans Jon Jacobson, Matt Mckie, and Anton Grutzmacher, Omnisient says its is the first and now the only secure data exchange in Africa.

In an interview, Jacobson told Business Day that their technology allows companies to exchange information through digital tokens that are encrypted. In essence, the business allows its clients to buy, sell, and exchange data without the risk of hackers stealing that information in transit.

Jacobson, who is also CEO of Omnisient, is a software engineer and businessman with over 25 years of experience in designing and automating software platforms.

Using their algorithm, he says Omnisient protects data by first anonymising it, a process whereby names and identities are unlinked from attributes such as tastes, preferences, or purchasing history, for example, then encrypting through tokens for transfer. These tokens are only reconstructed or “resurrected” into a readable form when they reach the receiver’s premises. That means even if such a token is intercepted as the information travels between entities, it cannot be read, Jacobson said. The system is also said to be in line with laws that prohibit certain data from leaving a company’s premises. The risk then, for the whole process, is a bad actor on the customer’s premises as opposed to the actual technology, he said.

Omnisient recently closed a round of investment, which attracted backing from Nedbank, Investec, and Compass, a Mauritian-based venture capital firm, for an undisclosed sum.

Jacobson said this was significant because financial services operators such as banks are highly regulated in the local market, as in many other countries. Backing from these players positions the business better as it gives potential clients confidence in the company’s abilities. That good standing has already begun to open doors, said Jacobson.

The firm is aiming to raise about R80m more in the coming year, which will be used to scale the business, particularly outside SA.

Because of its technology, Omnisient doesn’t have competitors in the local market, Jacobson says. In the rest of the world, the story is a bit different: Data Republic, an Australian start-up specialising in data collaboration, is a competitor.

With countries worldwide taking the lead from the EU’s General Data Protection Regulation (GDPR) laws, including SA, whose Protection of Personal Information Act (POPI) came into effect at the start of July, Jacobson says they see opportunity in the rest of Africa. Countries such as Nigeria and Kenya are starting to roll out their own legislation, so companies will be looking for ways to comply, which is where Omnisient comes in.

Locally, the enforcement of POPI is likely to be a big driver for growth in their business. Businesses now have until July 2021 to comply with the laws which could result in fines of up to R10m if a company is found to be at fault in the case of a breach.

FNB executive Christoph Nieuwoudt says cyberattacks can vary in severity, but reputational damage remains the biggest risk for companies that don’t have the right security measures. Being transparent with customers and investing in data protection is probably one of the best ways to ease anxiety, protect a company’s image and avoid hefty and unplanned costs, he says.

In addition to companies such as Omnisient developing data protection technology — and companies investing in these systems — Jacobson concludes that a large part of the collective fight will be down to how well the Information Regulator is able to enforce its new rules.

Published via Business Live on 13 September 2020.