Digital technology continues to transform the world of business by exposing organisations to a multitude of opportunities and threats. It is, therefore, not surprising that cybercrime continues to escalate rapidly, says GRAHAM CROOCK, Director of IT Audit, Risk and Cyber Lab at BDO South Africa.
Ranking as the second-most reported crime in South Africa. Corporate breaches in the headlines are turning hackers into the new super rogues, as these dedicated, organised, and well-financed cyber criminals bombard organisations through alternating attack tools and paths.
This trend has established cybercrime as a growing industry, which has accelerated in the last five years complete with automated tools, customer support, and guarantees for product effectiveness. The commoditisation of new attacks and automated tools has culminated in even the most amateur hacker being able to effectively deliver professional-level threats into a targeted organisation.
Complexity is the major cause of today’s cybersecurity problem, owing to extreme intricacy and solutions being costly. Data is extremely multifaceted, extensive and difficult to manage in a timeous way. This begs the question: How to manage the involvedness at a reasonable cost?
A common but often mis-understood and over relied on solution is the implementation of firewalls. However, the major pitfalls of this so-called “trusted” solution is that firewall configuration is often not aligned with changing cybersecurity policies. In short, the rate of change with regard to cyber-related risk is accelerating rapidly, increasing the security gaps organisations contend with, and leaving them more exposed than ever before.
Keeping pace with new attack techniques, and effectively defending against advanced threats, is perhaps the biggest challenge facing security teams today in a world of cyber threats. Therefore, architecting a cybersecurity solution that dynamically adapts to ongoing change is crucial. This, however, is expensive and for many organisations, unaffordable.
Consideration must be given to the underlying key themes affecting the management of cybersecurity in South Africa today, these include the following:
- Monetisation of malware (Ransomware),
- Imposition of collateral damage,
- Changes in attackers’ mindsets to shift their efforts to the direct attack of applications,
- Political pressure attempting to de-couple privacy and security attempts, and
- Implementation of faster and wider reaching infrastructure, which is not supported by skilled security experts due to the current “brain drain” associated with unprecedented levels of immigration of trained and skilled engineers and technicians who chase “real money” as opposed to the weakening Rand.
It’s no wonder that cyber security professionals keep asking: “What can we do to protect ourselves and our customers from these new found criminals ?”
As a security professional in today’s business space, we need to enable a productive work environment while providing all of the controls needed to protect the integrity and ownership of the organisation’s data as well as that of the business’s clients or customers.
To achieve appropriate levels of security is not quick nor easy, but rather complex and extremely specialised, thus requiring extensive planning, design and architecture. Therefore, the precautions that businesses who wish to survive and achieve true cyber readiness will have to take incorporate include:
· Treat security breaches as “when” and not “if” situations
· Invest meaningfully in people processes and technology
· Put cyber, network security and survival in the business context
· Stop deployment of and reliance on “end point fix solutions”
· Practice resilience scenarios and Business Continuity Plans (BCP)
· Understand the attack lifecycle and plan accordingly
· Ensure that you have an active education programme in place to ensure your staff understand the threats and are trained to react appropriately to an attack
It takes time and substantial management, as well as executive involvement, to strengthen your company’s defenses against cybersecurity risks. The ten most important cyber risks companies should be considering are:
- Failure to identify cyber risks and implement basic cybersecurity controls
- Failure by executives to identify and understand what generates corporate cybersecurity risks
- Lack of a cybersecurity policy
- Confusing compliance with cybersecurity
- Failure to recognise the importance of social engineering and the risks associated with the human factor
- Bring your own device policy (BYOD) and the cloud
- Lack of adequate funding, talent, training and implementation of inappropriate resources
- Insufficient information security training
- Lack of a business continuity and data recovery plan
- Failure to identify, accept and understand the rate at which cyber risks are evolving (polymorphic risk)
A few years ago, the concept of cyberattacks in the context of constantly moving targets was considered impossible, but now, the future is here and this is, for all businesses the new reality.
Effective governance and management are two critical elements for implementing effective cybersecurity. In moving to your next cybersecurity solution, a key goal must be to simplify security management wherever possible. Survival will be achieved through cyber-readiness!
Cyber criminals constantly innovate their threat tactics to breach organisations and make off with valuable data. As cybercrime evolves, we see increased innovation in the hacking tools and techniques used to evade known security mechanisms.
In the past few years, we have consistently noticed more advanced and targeted attacks where hackers spend ample time investigating their targets and tailoring their attack methodology. The attacks are becoming more sophisticated and are comprising multiple layers and techniques, each outsourced to specialty groups, ensuring zero-day effects.
Hackers are achieving this by making sure nothing remains constant. Each stage of the attack changes by leveraging morphing techniques, such as dynamic DNS, fresh URLs for command and control (CnC), self-destruct tools, and more. These tools are available on the Web and are easy to access as “freeware”. Yesterday’s zero-day code has already been developed, packaged and is available to cyber criminals for use in secondary campaigns.
It is crucial to understand the economies of hacking and to accept that these attackers recycle many of the same attack components. In fact, as many as 90% of these so-called “new” attacks can be prevented simply by appropriately using existing security technologies as part of an end-to-end cybersecurity plan.
Attackers typically use the most proven forms of attacks because they work, knowing that organisations are often several steps behind in patching up their systems and updating their defenses against the latest attack methods.
Boards need to have appropriate composition with cyber ready professionals, capable of demanding and positioning oversight for effective cyber readiness. It takes time and involvement to strengthen your company’s defenses against cyber security risks, but this process can help your organisation maintain shareholder value and even achieve new performance peaks.
South Africans are searching in the dark, according to the latest Google Search trends.
With more 1 million search queries generated in the space of 76 hours, load-shedding was by far the top trending search on Google South Africa this week.
Valentine’s Day came a distant second.
After news emerged last Sunday of the impending stage 3 load shedding, South Africans had generated more than 1-million load-shedding search queries by the time Tuesday came around:
- “Loadshedding schedule” – generated more than 100k searches on Sunday
- “Load shedding schedule” – generated more than 100k searches on Sunday
- “Eskom load shedding” – generated more than 100k searches on Sunday
- “Load shedding Cape Town” – generated more than 50k searches on Sunday
- “Load shedding schedule” – generated more than 400k on Monday
- “Load shedding Johannesburg” – generated more than 20k searches on Monday
- “Load shedding schedule” – generated more than 200k search queries on Tuesday
Leading up to Valentine’s Day, South Africans generated close to 300k search queries related to the romantic festival, including searches for quotes and gift ideas:
- “Valentines Day” generated more than 100k search queries on Thursday
- “Happy Valentines Day Images” and “Valentines Day Images” generated more than 10k search queries each on Thursday, with “Happy Valentines Day 2019” generating more than 20k search queries on Wednesday
- “Valentines Day Specials 2019” generated more than 5k search queries on Thursday
- “Love quotes” generated more than 5k search queries on Thursday
- “Valentines Day quotes” generated more than 100k search queries and “Valentine messages” generated more than 50 000 search queries on Wednesday
Search trends information is gleaned from data collated by Google based on what South Africans have been searching for and asking Google. Google processes more than 40 000 search queries every second. This translates to more than a billion searches per day and 1.2 trillion searches per year worldwide. Live Google search trends data is available at https://www.google.co.za/trends/hottrends#pn=p40
Thanks to the growing popularity of video-on-demand services, there’s a new opportunity to help kickstart the careers of local filmmakers.
Numerous Hollywood blockbusters (District 9, Tomb Raider 2018, and The Avengers: Age of Ultron to name a few) have featured substantial shoots in Johannesburg and Cape Town. While providing great opportunities for SA’s production talent, aspiring writers and directors don’t get the same benefit.
So where can local creatives showcase their work? Broadcast TV isn’t a natural home for unknown short films, and while self-publishing platforms are readily available hosting options, it’s tough to get noticed and get traffic when competing with videos from across the planet.
But with the emergence of video-on-demand services into the mainstream, there’s now a solution. The African film school AFDA has teamed up with the streaming service Showmax to give local talent a much larger platform than ever before. From 18 February, eighteen of the best recent short films made by AFDA students from their Johannesburg, Cape Town, Durban and Port Elizabeth campuses will be live on Showmax. Drama, documentary, fantasy, and animation are all represented, in pieces running from under eight minutes to almost half-an-hour long. The full list of movies is included below.
Teresa Passchier, CEO of AFDA, said: “AFDA, Africa’s number-one school for the Creative Economy, is proud to kickstart this exciting and meaningful journey with Showmax and AFDA students, ensuring emerging young African filmmakers’ voices are heard and given a platform. It’s ground-breaking to share young, local, culturally relevant content on the same platform as Hollywood blockbusters. I am certain that this unique initiative will serve to boost and develop the African film industry and the careers of many young South African and African students alike.”
Included in the short films coming to Showmax are the award winners Junior and O-Puncha. Junior, directed by Bert Dijkstra, picked up the Audience Award in the Made in South Africa Competition at the shnit Worldwide Shortfilmfestival Awards 2017. O-Puncha, directed by Adam Hansen, won two awards at the 5th annual Eldorado Film Festival: Best Student Made Short, and Best Editing – Alexander La Cock.
Another celebrated film is Sicela Amanzi directed by Mlu Godola, which talks to the subject of water shortage. The film’s heroine Zoleka is a mild-mannered young woman forced to go to extreme lengths when a small community’s only source of water unexpectedly collapses. The power of films like this is they shine a light on critical topical issues in new ways.
Speaking about working with the film school, Candice Fangueiro, Head of Content for Showmax, said: “There’s
AFDA is an Academy Award-winning institution, founded in 1994, and the first and only African film school to win an Oscar – for the Best Foreign Student film in 2006, the postgraduate film Elalini, directed by Tristan Holmes.
The full list of AFDA short films coming to Showmax is as follows:
|Lullaby from the Crypt||Keenan Lott & Raven Davids||Animation|
|Ko Ga Cherenyane||Sibonokuhle Myataza||Documentary|
|Mallemeule||Jaco Van Bosch||Drama|
|Canal Street||Brodie Muirhead||Drama|
|On the Fence||Warrick Bews||Drama|
|The Righteous Few||Lindo Langa||Drama|
|Hlogoma Peak||Luke Ahrens||Drama|
|Frozen Flame||Cameron Heathman||Animation|
|Wolf||Brett van Dort||Fantasy|
|The Walk Home||Sisanda Dyantyi||Drama|
|Doreen||Luvuyo Equiano Nyawose||Drama|
|Sicela Amanzi||Mlu Godola||Drama|