Connect with us

Featured

Botnets aim at World Cup

KEIRON SHEPHERD, Senior Security Specialist, F5 Networks, discusses why advanced application security is a match for today’s sophisticated cyber-attacks.

Published

on

Hackers across EMEA are warming up for the FIFA World Cup. As all eyes turn to the pitch, they’ll be booting up the botnets ready to take on the excitable businesses who are increasingly giving away the ball on app protection and data security.

The EU General Data Protection Regulation (GDPR) – the cyberspace equivalent of the omnipresent Video Assisted Referee – will also be making its presence felt this Summer. The penalty for a breach is 2% to 4% of global turnover or €10 to 20 million, whichever is the bigger hit. The GDPR supervisory body can also flash the proverbial red card by immediately suspending all data processing if the risk to an EU citizen’s privacy is deemed unacceptable.

According to the Ponemon Institute’s 12th annual Cost of Data Breach study, the global average cost of a data breach currently stands at $3.62 million. The ongoing reputational costs are harder to quantify, so it’s not worth being sent off over compliance complacency. Like any competition, every company must now train hard and be ready to take a stand against cybercrime with the goal of protecting data.

Bots take to the field

Football is a game of two halves, and so too is the Internet. Recent research by F5 Labs suggests that half of the Internet’s traffic comes from bots, 30% of which are malicious. Most bots search for vulnerabilities, scrape websites or participate in DDoS attacks. They can speed up password-guessing to break into online accounts, mine cryptocurrency such as Bitcoin, and attack anything requiring a large network of computers.

Most botnet based attacks are designed for disruption and exploitation. Typical attacks include the creation of Spam email relays and Denial of Service (DoS) activities designed to prevent access to websites. Another concern flagged by F5 Labs is the inexorable rise of Thingbots: botnets which are built exclusively from IoT devices and are fast becoming the cyberweapon delivery system of choice for today’s attackers due to their poor security and ease of compromise.

Year over year (2016-2017), F5 Labs found that Telnet brute force attacks against IoT devices rose 249%. Moving ahead, IoT’s destructive arsenal is set to explode in scale. Gartner recently reported that there are 8.4 billion IoT devices in use and the number is expected to grow to 20.4 billion by 2020. Botnet risks rise significantly when moving to multi-cloud environments as many businesses are now doing out of operational necessity. In particular, many cloud consumers assume that security is inherently better in the cloud and do not realise the same vulnerabilities that plagued them in their datacentre are just as present in the cloud.

Tackling advanced app security

A threat defence is only effective if it safeguards sensitive data. Visibility is fundamental to understanding normal application behaviour, detecting anomalous traffic and being able to report data breaches to the relevant data protection authorities. Visibility means having insight into all traffic that passes between users and applications. It is essential that security systems understand the application, the protocols and can see into encrypted traffic. Context is equally important and the key to understanding the characteristics of an application’s environment, including behavioural insights that enable rapid adaptation where required. Incisive visibility and context are crucial to informing decision-makers, which means that robust security controls can be implemented to protect your apps and data.One of the best first lines of defence in the game is a web application firewall (WAF). The 2018 State of Application Delivery (SOAD) report revealed that 98% of F5’s surveyed customers protect at least some part of their application portfolio with a WAF. More than 40% protect half or more of their apps.

However, not all WAFs are capable of safeguarding against the full scope of today’s hyperactive threat spectrum. This is where Advanced WAF (AWAF) solutions are more effective. Capable of supporting a variety of consumption and licensing models, including a per-app basis, as well as perpetual, subscription, and utility billing options, AWAFs provide a new level of flexibility in both the cloud and the data centre. Important benefits include facilitating better collaboration between SecOps, DevOps, and NetOps teams to deploy app protection services in any environment.

Crucially, AWAFs provide powerful defensive capabilities against malicious bots going beyond signatures and reputation to block evolving automated attacks, prevent account takeovers (with encryption at the application layer), and protect apps from DoS attacks (using machine learning and behavioural analytics for high accuracy). AWAFs also provide comprehensive protection from mobile attacks through an Anti-Bot Mobile SDK rich security services, including application whitelisting (i.e. index of approved software), secure cookie validation, and advanced app hardening.

Blowing the whistle on cybercrime

Organisations need to prove they are responsible data custodians. Security and transparency are now essential attributes for customer service. It’s time to blow the whistle on cybercrime.

Investing in integrated security solutions protects what matters: your applications. The net result is that data are protected, the business upholds compliance standards and your customers remain enthusiastic, loyal fans – a world class winning combination.

Featured

The future of the book… and of reading

Many fear that the days of the printed book are numbered. In truth, it is not so much the book that is evolving, but the very act of reading, argues ARTHUR GOLDSTUCK.

Published

on

Let’s talk about a revolutionary technology. One that has already changed the course of civilisation. It is also a dangerous technology, one that is spreading previously hidden knowledge among people who may misuse and abuse the technology in ways we cannot imagine.

Every one reading this is a link in a chain of this dangerous and subversive technology.

I’m talking, of course, about the printed book.

To understand how the book has changed society, though, we must also understand how the book has changed reading. That, in turn, will help us understand the future of the book.

Because the future of the book is in fact the future of reading.

Let’s go back to a time some may remember as their carefree youth. The year 400. 

(Go back in history with the links below.)

Next page:

Continue Reading

Featured

Wearables enter enterprise

Regardless of whether wearables lack the mobility or security capabilities to fully support the ways in which we now work – organisations remain keen and willing to unlock the potential such devices have, says RONALD RAVEL, Director B2B South Africa, Toshiba South Africa.

Published

on

The idea of integrating wearable technology into enterprise IT infrastructure is one which, while being mooted for several years now, has yet to take-off in earnest. The reasons behind previous false dawns vary. However, what is evident is that – regardless of whether wearables to date have lacked the mobility or security capabilities to fully support the ways in which we now work – organisations remain keen and willing to unlock the potential such devices have. According to ABI Research, global wearable device shipments will reach 154 million by 2021 – a significant jump from approximately 34 million in 2016.

This projected increase demonstrates a confidence amongst CIOs which perhaps betrays the lack of success in the market to date, but at the same time reflects a ripening of conditions which could make 2018 the year in which wearables finally take off in the enterprise. A maturing IoT market, advances in the development of Augmented Reality (AR), and the impending arrival of 5G – which is estimated to have a subscription base of half a billion by 2022 – are contributing factors which will drive the capabilities of wearable devices.

Perhaps the most significant catalyst behind wearables is the rise of Edge Computing. As the IoT market continues to thrive, so too must IT managers be able to securely and efficiently address the vast amounts of data generated by it. Edge Computing helps organisations to resolve this challenge, while at the same time enabling new methods of gathering, analysing and redistributing data and derived intelligence. Processing data at the edge reduces strain on the cloud so users can be more selective of the data they send to the network core. Such an approach also makes it easier for cyber-attacks to be identified at an early stage and restricted to a device at the edge. Data can then be scanned and encrypted before it is sent to the core.

As more and more wearable devices and applications are developed with business efficiency and enablement in mind, Edge Computing’s role will become increasingly valuable – helping organisations to achieve $2 trillion in extra benefits over the next five years, according to Equinix and IDC research.

Photo by Kathryn Bacher.

Where will wearables have an impact?

At the same time as these technological developments are aiding the rise of wearables, so too are CIOs across various sectors recognising how they can best use these devices to enhance mobile productivity within their organisation – another factor which is helping to solidify the market. In particular it is industries with a heavy reliance on frontline and field workers – such as logistics, manufacturing, warehousing and healthcare – which are adopting solutions like AR smart glasses. The use case for each is specific to the sector, or even the organisation itself, but this flexibility is often what makes such devices so appealing. While wearables for the more traditional office worker may offer a different but no more efficient way for workers to conduct every day tasks such as checking emails and answering phone calls, for frontline and field workers they are being tailored to meet their unique demands and enhance their ability to perform specific tasks.

Take for example boiler engineers conducting an annual service, who could potentially use AR smart glasses to overlay the schematics of the boiler to enable a hands-free view of service procedures – meaning that when a fault becomes a barrier to repair, the engineer is able to use collaboration software to call for assistance from a remote expert. Elsewhere, in the healthcare sector smart eyewear may support clinicians with hands-free identification of patient records, medical procedures and information on medicines and results.

Such examples demonstrate the immediate and diverse potential of wearables across different verticals. With enterprise IT infrastructure now in the position to embrace such technologies, it is this ability to deliver bespoke functionality to mobile workers which will be the catalyst for continued uptake throughout 2018 and beyond.

Continue Reading

Trending

Copyright © 2018 World Wide Worx