Combating cybercrime cannot be done with technology alone, but requires a service model that prioritises intelligence, sharing and using technology to support this, says VENIAMIN LEVTSOV, Vice President, Enterprise Business, Kaspersky Lab.
There is a change in the corporate IT Security industry. Many believe it is driven by the ever-changing threat landscape and the urgency a business experiences during a targeted attack.
However, many companies become a victim of a successful cyberattack these days – and not because of some major breakthrough on the cybercriminal front. In fact, it’s the quantity, not quality of threats that is growing; and this, together with the complexity of corporate infrastructure as well as the lack of security intelligence, which makes businesses vulnerable. As a result, addressing these challenges requires a major perception change by both businesses and security vendors. We believe that technology alone is not able to solve all corporate IT security troubles. What is required is a service model that prioritises intelligence sharing, and uses technology to support this.
Kaspersky Lab rolled out its first security products for businesses more than 15 years ago. That era was the golden age of traditional threat prevention products. Highly sophisticated campaigns like Stuxnet or The Equation did exist back then, but they remained invisible at the time, and it was possible to detect and block the majority of old-school malicious programmes. Despite all of this, a one-size-fits-all solution never existed in our industry. Every now and then we had to deal with a new attack, we had to adjust the various peculiarities of how our products interacted with corporate infrastructure, and we had to change our protection accordingly.
Eventually, the customisation of technology for businesses evolved into consulting on security strategy. Companies were happy if they were able to purchase a security solution to solve all their troubles, but that was no longer enough. Every day businesses face new challenges: mobility, cloud services and infrastructure, and social engineering, to name a few. New technologies like legal apps, for example, can now become part of complex multicomponent attack – and the traditional endpoint security approach does not work for this at all.
Our customers came to us and asked for a solution. But is it even possible to solve every corporate security challenge with new technology? Is there a definitive solution to prevent an employer from opening a suspicious e-mail attachment? Could we address, even with the most sophisticated know-how, all vulnerabilities in hardware and software, taking into account the numerous possible combinations? Two years ago we understood the need to find a way to deliver this intelligence to our clients in an actionable form.
Security is best understood as a process, and every company out there deals with four distinct, universal phases of it. Threat prevention is the better understood phase, and is mostly covered by technology: you have to block each and every one of the generic threats that are emerging at a rate of 310,000 a day.
Detection of sophisticated and targeted attacks is more complex: it requires advanced tools and expertise, but more importantly, this requires time to identify the indicators of attack, spot an incident, investigate it and mitigate the threat. The latter is covered by threat response, where the unique skills of forensic experts are needed the most.
Finally, the prediction of future attacks, and understanding the attack surface, defines the long-term strategic defense capabilities of a company. This is done through running penetration testing and other kinds of security assessment. We have found that non-IT tools – like security awareness campaigns delivered in a game format – can be more influential on employees than security policies or annoying wall posters.
Today a security officer and his team has to pursue all four phases simultaneously and each requires a unique set of skills. Mitigating the future threats means regular security assessment, training employees on general security hygiene, and the analysis of current and future attack methods. Detection is all about identifying anomalies in a regular corporate workflow, covering web, e-mail, network traffic and observing corporate user behaviour. Response is all about localising the incident and closing the initial attack vector.
It’s painstakingly hard to develop this kind of expertise in-house. It’s expensive too, and most times only larger enterprises can afford it. Another serious issue faces businesses that invest in an advanced training programme for their internal security experts. Experts are just people, and it’s natural for them to start looking around for a better job offer if training has increased their market value. There is no universal tactic to keep experts inside a company, other than to continuously raise their salaries. In these circumstances it seems much more reasonable to use an external service from a professional IT security consultant or global player. As a security vendor, we have grown a network of experts around the world with all the necessary skills. The question is how we share this expertise with our clients.
The service model is the only viable solution here. The service model prioritises the real problems of a company and applies the most appropriate measures to solve it. Our services start with online and on premise training programmes for employees and IT specialists, mostly based on the knowledge gathered in our virus lab and emergency response teams in digital forensic and malware analysis. In fact, we let some external frameworks to leave the lab room and start serving our customers. Predicting future attacks means knowing how other companies were hacked, and this is covered by extensive and actionable threat reports. The detection of targeted assaults, and the prevention of dangerous widespread attacks requires a technology and expertise-as-a-service, often a combination of both.
The service model is always focused on solving one security challenge at a time, in a form that is understandable for businesses. On the high level it’s just someone taking responsibility for solving a problem and assuming all corresponding risks. This is a complex model, but we believe it’s the only solution that actually works. The good old approach – when a security vendor could just ship a product license key though the channel and return in a year for renewal – is disappearing very fast.
Empowering a partner network
The model raises questions about how you can share your vast, but not infinite, expert resources with all of your customers around the world, whilst keeping up with response time commitments. Our business has always relied on our partner network and that’s not going to change. It’s not possible to save the world by yourself. We share our expertise with our partners, who in turn gain more capabilities to help their clients. This is especially important for incident response: often this service requires a specialist to start collecting crucial data on premise as fast as possible. Without partners operating locally in every country this would be impossible. The role of a service vendor here is to provide a general investigation framework and tool set.
Although we are taking a step towards the security services area, we are staying in the vendor camp. We still perceive our main role as the producer of effective software solutions, which become the tools for our partners to provide their own services across the globe.
We also see huge potential in delivering the Threat Intelligence to Managed Security Service Providers. This could be useful in different forms including threat data feeds, customer specific reports or notifications about suspicious criminal activity targeting a customer’s IT assets. This model is capable of protecting smaller businesses, who also frequently become victims of targeted attacks, during attempts to infiltrate larger companies.
Thanks to efforts from the industry and our customer demands, in the future we will find ourselves in a much more protected environment, where all flavours of security intelligence are easily accessible. After all, cybersecurity is not about computer algorithms fighting each other. On the other side there are people with malicious intent, tools and knowledge. To protect businesses from them, it is essential to have the right combination of experienced external and internal people, together with a high level of trust, shared intelligence and reliable technology.
South Africans are searching in the dark, according to the latest Google Search trends.
With more 1 million search queries generated in the space of 76 hours, load-shedding was by far the top trending search on Google South Africa this week.
Valentine’s Day came a distant second.
After news emerged last Sunday of the impending stage 3 load shedding, South Africans had generated more than 1-million load-shedding search queries by the time Tuesday came around:
- “Loadshedding schedule” – generated more than 100k searches on Sunday
- “Load shedding schedule” – generated more than 100k searches on Sunday
- “Eskom load shedding” – generated more than 100k searches on Sunday
- “Load shedding Cape Town” – generated more than 50k searches on Sunday
- “Load shedding schedule” – generated more than 400k on Monday
- “Load shedding Johannesburg” – generated more than 20k searches on Monday
- “Load shedding schedule” – generated more than 200k search queries on Tuesday
Leading up to Valentine’s Day, South Africans generated close to 300k search queries related to the romantic festival, including searches for quotes and gift ideas:
- “Valentines Day” generated more than 100k search queries on Thursday
- “Happy Valentines Day Images” and “Valentines Day Images” generated more than 10k search queries each on Thursday, with “Happy Valentines Day 2019” generating more than 20k search queries on Wednesday
- “Valentines Day Specials 2019” generated more than 5k search queries on Thursday
- “Love quotes” generated more than 5k search queries on Thursday
- “Valentines Day quotes” generated more than 100k search queries and “Valentine messages” generated more than 50 000 search queries on Wednesday
Search trends information is gleaned from data collated by Google based on what South Africans have been searching for and asking Google. Google processes more than 40 000 search queries every second. This translates to more than a billion searches per day and 1.2 trillion searches per year worldwide. Live Google search trends data is available at https://www.google.co.za/trends/hottrends#pn=p40
Thanks to the growing popularity of video-on-demand services, there’s a new opportunity to help kickstart the careers of local filmmakers.
Numerous Hollywood blockbusters (District 9, Tomb Raider 2018, and The Avengers: Age of Ultron to name a few) have featured substantial shoots in Johannesburg and Cape Town. While providing great opportunities for SA’s production talent, aspiring writers and directors don’t get the same benefit.
So where can local creatives showcase their work? Broadcast TV isn’t a natural home for unknown short films, and while self-publishing platforms are readily available hosting options, it’s tough to get noticed and get traffic when competing with videos from across the planet.
But with the emergence of video-on-demand services into the mainstream, there’s now a solution. The African film school AFDA has teamed up with the streaming service Showmax to give local talent a much larger platform than ever before. From 18 February, eighteen of the best recent short films made by AFDA students from their Johannesburg, Cape Town, Durban and Port Elizabeth campuses will be live on Showmax. Drama, documentary, fantasy, and animation are all represented, in pieces running from under eight minutes to almost half-an-hour long. The full list of movies is included below.
Teresa Passchier, CEO of AFDA, said: “AFDA, Africa’s number-one school for the Creative Economy, is proud to kickstart this exciting and meaningful journey with Showmax and AFDA students, ensuring emerging young African filmmakers’ voices are heard and given a platform. It’s ground-breaking to share young, local, culturally relevant content on the same platform as Hollywood blockbusters. I am certain that this unique initiative will serve to boost and develop the African film industry and the careers of many young South African and African students alike.”
Included in the short films coming to Showmax are the award winners Junior and O-Puncha. Junior, directed by Bert Dijkstra, picked up the Audience Award in the Made in South Africa Competition at the shnit Worldwide Shortfilmfestival Awards 2017. O-Puncha, directed by Adam Hansen, won two awards at the 5th annual Eldorado Film Festival: Best Student Made Short, and Best Editing – Alexander La Cock.
Another celebrated film is Sicela Amanzi directed by Mlu Godola, which talks to the subject of water shortage. The film’s heroine Zoleka is a mild-mannered young woman forced to go to extreme lengths when a small community’s only source of water unexpectedly collapses. The power of films like this is they shine a light on critical topical issues in new ways.
Speaking about working with the film school, Candice Fangueiro, Head of Content for Showmax, said: “There’s
AFDA is an Academy Award-winning institution, founded in 1994, and the first and only African film school to win an Oscar – for the Best Foreign Student film in 2006, the postgraduate film Elalini, directed by Tristan Holmes.
The full list of AFDA short films coming to Showmax is as follows:
|Lullaby from the Crypt||Keenan Lott & Raven Davids||Animation|
|Ko Ga Cherenyane||Sibonokuhle Myataza||Documentary|
|Mallemeule||Jaco Van Bosch||Drama|
|Canal Street||Brodie Muirhead||Drama|
|On the Fence||Warrick Bews||Drama|
|The Righteous Few||Lindo Langa||Drama|
|Hlogoma Peak||Luke Ahrens||Drama|
|Frozen Flame||Cameron Heathman||Animation|
|Wolf||Brett van Dort||Fantasy|
|The Walk Home||Sisanda Dyantyi||Drama|
|Doreen||Luvuyo Equiano Nyawose||Drama|
|Sicela Amanzi||Mlu Godola||Drama|