Connect with us

Featured

Botnets aim at World Cup

KEIRON SHEPHERD, Senior Security Specialist, F5 Networks, discusses why advanced application security is a match for today’s sophisticated cyber-attacks.

Published

on

Hackers across EMEA are warming up for the FIFA World Cup. As all eyes turn to the pitch, they’ll be booting up the botnets ready to take on the excitable businesses who are increasingly giving away the ball on app protection and data security.

The EU General Data Protection Regulation (GDPR) – the cyberspace equivalent of the omnipresent Video Assisted Referee – will also be making its presence felt this Summer. The penalty for a breach is 2% to 4% of global turnover or €10 to 20 million, whichever is the bigger hit. The GDPR supervisory body can also flash the proverbial red card by immediately suspending all data processing if the risk to an EU citizen’s privacy is deemed unacceptable.

According to the Ponemon Institute’s 12th annual Cost of Data Breach study, the global average cost of a data breach currently stands at $3.62 million. The ongoing reputational costs are harder to quantify, so it’s not worth being sent off over compliance complacency. Like any competition, every company must now train hard and be ready to take a stand against cybercrime with the goal of protecting data.

Bots take to the field

Football is a game of two halves, and so too is the Internet. Recent research by F5 Labs suggests that half of the Internet’s traffic comes from bots, 30% of which are malicious. Most bots search for vulnerabilities, scrape websites or participate in DDoS attacks. They can speed up password-guessing to break into online accounts, mine cryptocurrency such as Bitcoin, and attack anything requiring a large network of computers.

Most botnet based attacks are designed for disruption and exploitation. Typical attacks include the creation of Spam email relays and Denial of Service (DoS) activities designed to prevent access to websites. Another concern flagged by F5 Labs is the inexorable rise of Thingbots: botnets which are built exclusively from IoT devices and are fast becoming the cyberweapon delivery system of choice for today’s attackers due to their poor security and ease of compromise.

Year over year (2016-2017), F5 Labs found that Telnet brute force attacks against IoT devices rose 249%. Moving ahead, IoT’s destructive arsenal is set to explode in scale. Gartner recently reported that there are 8.4 billion IoT devices in use and the number is expected to grow to 20.4 billion by 2020. Botnet risks rise significantly when moving to multi-cloud environments as many businesses are now doing out of operational necessity. In particular, many cloud consumers assume that security is inherently better in the cloud and do not realise the same vulnerabilities that plagued them in their datacentre are just as present in the cloud.

Tackling advanced app security

A threat defence is only effective if it safeguards sensitive data. Visibility is fundamental to understanding normal application behaviour, detecting anomalous traffic and being able to report data breaches to the relevant data protection authorities. Visibility means having insight into all traffic that passes between users and applications. It is essential that security systems understand the application, the protocols and can see into encrypted traffic. Context is equally important and the key to understanding the characteristics of an application’s environment, including behavioural insights that enable rapid adaptation where required. Incisive visibility and context are crucial to informing decision-makers, which means that robust security controls can be implemented to protect your apps and data.One of the best first lines of defence in the game is a web application firewall (WAF). The 2018 State of Application Delivery (SOAD) report revealed that 98% of F5’s surveyed customers protect at least some part of their application portfolio with a WAF. More than 40% protect half or more of their apps.

However, not all WAFs are capable of safeguarding against the full scope of today’s hyperactive threat spectrum. This is where Advanced WAF (AWAF) solutions are more effective. Capable of supporting a variety of consumption and licensing models, including a per-app basis, as well as perpetual, subscription, and utility billing options, AWAFs provide a new level of flexibility in both the cloud and the data centre. Important benefits include facilitating better collaboration between SecOps, DevOps, and NetOps teams to deploy app protection services in any environment.

Crucially, AWAFs provide powerful defensive capabilities against malicious bots going beyond signatures and reputation to block evolving automated attacks, prevent account takeovers (with encryption at the application layer), and protect apps from DoS attacks (using machine learning and behavioural analytics for high accuracy). AWAFs also provide comprehensive protection from mobile attacks through an Anti-Bot Mobile SDK rich security services, including application whitelisting (i.e. index of approved software), secure cookie validation, and advanced app hardening.

Blowing the whistle on cybercrime

Organisations need to prove they are responsible data custodians. Security and transparency are now essential attributes for customer service. It’s time to blow the whistle on cybercrime.

Investing in integrated security solutions protects what matters: your applications. The net result is that data are protected, the business upholds compliance standards and your customers remain enthusiastic, loyal fans – a world class winning combination.

Featured

Three words transform addresses

From roaming Airbnbs in Mongolia to the positioning of emergency locations, what3words is flipping addressing on its head, writes BRYAN TURNER.

Published

on

A collective of nomads in Mongolia wanted to offer a taste of their way of living on Airbnb. They had one problem: they regularly pack their houses up and take everything to another location. 

This was until Airbnb started accepting what3words as a form of address. The service has mapped the world, including the oceans, into 3 meter x 3 meter blocks. Each of these blocks is represented by three dictionary words.

“Traditional addressing systems are not fit for purpose,” says Lyndsey Duff, South African country manager of what3words, speaking to gadget this week. “Addresses don’t cater to everyone. This represents tens of thousands of people who cannot talk about where they live. This restricts their ability to get e-commerce deliveries, and becomes life-threatening when they need to request emergency services.”

There are numerous examples in South Africa. For instance, just outside Durban, Kennedy Road is represented by one street on Google Maps, but looking at a satellite view reveals many more unmapped houses.

“Not having an address is a massive barrier to economic prosperity,” says Duff. “If you think about FICA and RICA in South Africa, trying to open a bank account or obtaining a SIM card becomes very difficult. Even registering a birth without an address becomes problematic. 

“This also opens people up to fraudulent actors and makes their lives a lot more difficult than it needs to be. The UN estimates that four billion people don’t have formal addresses. Four billion people don’t have an accurate, reliable way to talk about where they live.”

Even those who have addresses may sometimes have issues with being found.

“There are 7 Joubert Streets in Johannesburg,” says Duff. “Repeated street names are not only a problem in South Africa, but around the world. There are 14 Church Streets in London, there are 365 Juárez Streets in Mexico City. This makes it really difficult to represent where you are, and makes it very difficult for those who are unfamiliar with the area to find where they need to be.

“Office parks and complexes can be difficult to navigate, especially when you need to get to a specific building and Google Maps only knows the centre of the office park. Someone could tell you, quite confidently ‘I’m in Block C’, but this doesn’t help someone who’s never been there before.”

But aren’t co-ordinates enough?

“Co-ordinates are the best way for one machine to talk to another machine about positioning. But how many people know there are three different types of co-ordinates? Remembering three words is a lot more convenient than remembering 16 digits. It’s also less likely that you’ll swap two numbers around to end up an hour north of Pretoria when you’re supposed to be in Johannesburg CBD.”

Who’s going to use it?

what3words began operations in South Africa in 2017, and is now accepted across a number of platforms, including the iStore, for deliveries. It is also used by the Automobile Association of South Africa to help locate its members needing roadside assistance. Zulzi now allows customers to get groceries delivered within one hour to their what3words address, and The Platter’s Wine Guide has listed the 3-word address for over 700 wineries in its 2019 guide. 

Mercedes Benz has even integrated what3words into its navigation system to assist drivers in getting to unmapped roads.

Download the what3words app for free for both iOS and Android, or by browser, and check your exact address even while offline. 

Continue Reading

Featured

Robots will be cobots, not competitors

Published

on

Modern efficiency technologies in the workplace are often the source of stress and anxiety as they have now reached a level where they are able to take over some of the work previously done by people. This leads to a natural fear that jobs and livelihood are at risk.

One of the more topical of these technologies is robotic process automation (RPA). It is often positioned as the holy grail of internal optimisation and is a prime candidate for entrenching these job risk fears.

The RPA rhetoric is all about how it, and similar technologies can improve the bottom line by reducing headcount and doing tasks faster than people. IT departments then bring these technologies in and impose them on workers, exacerbating this fear that robots will take our jobs.

But there is another way to approach the optimisation challenge.

This same technology can be introduced to individual employees, and they can be taught how to train their own personal robot or collaborate with a and one, this allows them to choose what gets automated.

This changes the rhetoric from “The robots are coming to take our jobs” to “My time is so valued that the organisation has hired me a personal assistant”. I like to term this use of the technology ‘co-bots’.

Programming the co-bot is easy as RPA robots can often be taught by a simple “drag-and-drop” process and employees don’t have to be coders.

These automation processes are very good at repetitive tasks where there is a clear and predictable outcome, a type of work often dreaded by knowledge workers.

Recently, a team at Dimension Data needed to move 8000 video files from one place to another. This mundane task required that files were individually downloaded and then uploaded elsewhere. It would have taken a human a month and a half of full-time work, but it took half an hour to program a bot to carry out this process.

As employers, we need to consider how much of our workforce is doing mundane repetitive work.

Travel recons, leave recons, bonus calculations are not core to the employee’s job and not core to the business either. They are more likely to leave a knowledge worker feeling frustrated rather than fulfilled.

Outsourcing this type of work to co-bots, could help alleviate this frustration, while at the same time, freeing up the individual’s time focus on strategic, creative and valuable tasks.

The increasing use of co-bots in the workplace does lead to some interesting scenarios, as they work alongside humans and become more independent.

Recently, Dimension Data rolled out a bot to assist with client contract renewals. The bot was required to run a report in our ERP solution, reformat the report, and upload it back into our sales pipeline management tool.

In order to access these platforms, the bot required a standard user account for the platforms, which meant it needed an active directory account. Our active directory account is linked to our HR system which meant a new employee record needed to be created in our HR system – effectively creating a new employee.

As expected, the bot performed wonderfully, but it was also automatically enrolled in our induction programme, causing some consternation when it didn’t arrive on the scheduled day.

There can also be cultural challenges with RPA co-bots, in that they are not programmed to manage social nuances, but rather to carry out work efficiently. The same system ran into trouble because some of the people dealing with it via email didn’t know it was a bot and found it to be quite abrupt and impersonal. For example, “How are you today?” was met with silence.

I like to compare a co-bot in the workplace to an intern or a fresh graduate. They are enthusiastic, with endless energy, and will take on all the mundane tasks. However, you shouldn’t leave them unmonitored for too long, as they will probably break something due to inexperience.

Very often, business leaders build robotic business use cases on where they see value rather than where the individual employee could see value.

Automation take-up can suffer when too few people are involved in the rollout and when employees sense it is being imposed upon them. But by involving every business unit and function in the process, with each one able to define their own journeys, more employees will embrace it as it makes their own lives easier. 

In a recent Gartner study of companies using artificial intelligence and robotics, 16 percent of companies reported job decreases, while a surprising 26 percent reported an increase in jobs as a result of their efforts.

The advent of the motor car is a good parallel to this. Henry Ford’s model T car put a lot of farriers and street cleaners out of business, but instead, now we have mechanics, panel beaters, auto electricians and car washers.

While it is true that these disruptive technologies could take over several tasks currently assigned to unskilled labour, for me, that simply highlights our responsibility as companies to encourage the continuous personal development of our people.

By giving employees an automation tool and encouraging them to find uses for it, we can start them on a journey to find their niche in this new digital economy.

As unskilled vacancies are replaced by skilled vacancies, It is up to us as a society to ensure our people are making the same transition and are able to fill the new roles required of them .

It’s a daunting future, but an exciting one, with the potential to positively impact all of us.

Continue Reading

Trending

Copyright © 2019 World Wide Worx