Cyber security used to be all about prevention, but as breaches become a matter of when rather than if, the new watchword is resilience, writes ARTHUR GOLDSTUCK.
There was a time when all one needed to keep computers safe was up-to-date anti-virus software. Then the hackers upgraded their armoury and we needed firewalls for both networks and personal computers. Finally, cyber criminals developed an all-out assault, in which thousands of compromised computers would be roped in as “bots” to mass-attack a target. Known as a Distributed Denial-of-Service or DDoS attack, it has taken down even the mightiest technology champions like Facebook and Google.
As a result, for some years now, information security has been seen as an arms race between the hackers and the defenders. The latter have never been willing to acknowledge that the hackers tend to have the upper hand, but this reality is slowly beginning to dawn on them.
So, while up-to-date information security tools and defences remain critical, they can no longer define security strategy.
“People are realising there’s no silver bullet, no one technology that will help them clamp down on cyber threats,” says Heino Gevers, Customer Experience Manager at Mimecast South Africa, specialists in email protection and management. “The answer is not to use more technology, but to develop something called cyber resilience.”
This refers only partly to the ability to withstand attacks. Primarily, it deals with now one responds when an attack does take place, as well as what processes are in place to protect customer information, how these processes are documented, and whether the company has a strategy for evolving its responses.
Right now, for example, many companies are struggling to get to grips with the Protection of Personal Information (POPI) Act, which has been signed into law, but is not yet active due to provisions that have not yet been met. A key element of POPI is a requirement to disclose any security breaches that may have compromised customer information.
Last year, the Ster-Kinekor website suffered a major breach that resulted in millions of user names and passwords being exposed. The company was not obliged to report it, and it only came to light as a result of being given as a case study during a global cyber security conference.
Under POPI, not only would a company be obliged to disclose such a breach, but it would also have to explain what measures had been in place to protect its customers, and how it was addressing the consequences. In effect, POPI compliance would be a key step towards cyber resilience.
“Companies have to ask themselves the question: what have they done today to try to understand POPI and the new cyber laws, and what it means for their business,” says Gevers.
“A lot of it speaks to how you put measures in place, how you document those measures when there is a breach, and about the processes and people components. It’s not a nice-to-have: it’s going to be mandatory.”
Once a company start unpacking these demands, he says, it gets to the core of new cyber security demands.
“Firstly, there is no silver bullet. Secondly, a defensive strategy should evolve to a resilience strategy, ie instead of only trying to prevent it, know what to do when it happens and be able to answer the question: did you do everything in your power to protect customers, users and data?”
The concept can be extended to individuals as well. Everyone should have a plan in place for when things go wrong. For example, if a virus infects your computer or smartphone, or you are conned into downloading software that locks you out of your computer, do you have a backup somewhere? Can you log into Microsoft OneDrive or GoogleDrive and get access to the latest versions of all your documents?
If you don’t have that kind of online backup, are you backing up onto an external hard drive or even USB flash drive? Are you able to change the password on your online bank account or social media network at a moment’s notice?
If none of that has even occurred to you, then you are not even close to cyber resilience. But with that checklist in hand, you can begin the process.
For companies, entire departments exist to take that responsibility off the hands of individuals, but every employee should be involved in the process.
“Cyber resilience is best deacribed as a famework consisting of five pillars,” says Gevers. “It makes it simple for organisations to understand where to start and to refine these pillars.”
The five pillars of cyber resilience can be summed up as:
- Preparing and identifying what information is being processed in an organisation and ientifying what systems interact with that information. It should then be classified according to confidential company information, confidential customer information, or public knowledge.
- Reasonable protection of the organisation, which includes having a clear understanding of the comapany’s information security needs.
- Swift detection of a breach, on the understanding that, as Gevers put it, “the sooner you can detect a breach, the better you can mitigate financial damage”.
- Swift reponse, which includes having a business continuity plan in place, and transparent communication with all stakeholders. “How do I repsond to inernal staff, and who owns that communication? It all has to be approved in advance,” says Gevers. “Don’t deal with the issue in isolation or sweep it under the carpet.”
- How you recover is possibly the most critical pillar. “Most organisations don’t have a plan to restore operations. Most restore from a backup. They need to acknowledge that ransomware and other threats are evolving, so you cant recover in the way you did in past, if the criminals still have your intellectual property.”
Huawei Mate 20 unveils ‘higher intelligence’
The new Mate 20 series, launching in South Africa today, includes a 7.2″ handset, and promises improved AI.
Huawei Consumer Business Group today launches the Huawei Mate 20 Series in South Africa.
The phones are powered by Huawei’s densest and highest performing system on chip (SoC) to date, the Kirin 980. Manufactured with the 7nm process, incorporating the Cortex-A76-based CPU and Mali-G76 GPU, the SoC offers improved performance and, according to Huawei, “an unprecedented smooth user experience”.
The new 40W Huawei SuperCharge, 15W Huawei Wireless Quick Charge, and large batteries work in tandem to provide users with improved battery life. A Matrix Camera System includes a Leica Ultra Wide Angle Lens that lets users see both wider and closer, with a new macro distance capability. The camera system adopts a Four-Point Design that gives the device a distinct visual identity.
The Mate 20 Series is available in 6.53-inch, 6.39-inch and 7.2-inch sizes, across four devices: Huawei Mate 20, Mate 20 Pro, Mate 20 X and Porsche Design Huawei Mate 20 RS. They ship with the customisable Android P-based EMUI 9 operating system.
“Smartphones are an important entrance to the digital world,” said Richard Yu, CEO of Huawei Consumer BG, at the global launch in London last week. “The Huawei Mate 20 Series is designed to be the best ‘mate’ of consumers, accompanying and empowering them to enjoy a richer, more fulfilled life with their higher intelligence, unparalleled battery lives and powerful camera performance.”
The SoC fits 6.9 billion transistors within a die the size of a fingernail. Compared to Kirin 970, the latest chipset is equipped with a CPU that is claimed to be 75 percent more powerful, a GPU that is 46 percent more powerful and an NPU (neural processing unit) that is 226 percent more powerful. The efficiency of the components has also been elevated: the CPU is claimed to be 58 percent more efficient, the GPU 178 percent more efficient, and the NPU 182 percent more efficient. The Kirin 980 is the world’s first commercial SoC to use the Cortex-A76-based cores.
Huawei has designed a three-tier architecture that consists of two ultra-large cores, two large cores and four small cores. This allows the CPU to allocate the optimal amount of resources to heavy, medium and light tasks for greater efficiency, improving the performance of the SoC while enhancing battery life. The Kirin 980 is also the industry’s first SoC to be equipped with Dual-NPU, giving it higher On-Device AI processing capability to support AI applications.
Read more about the Mate 20 Pro’s connectivity, battery and camera on the next page.
How Quantum computing will change … everything?
Research labs, government agencies (NASA) and tech giants like Microsoft, IBM and Google are all focused on developing quantum theories first put forward in the 1970s. What’s more, a growing start-up quantum computing ecosystem is attracting hundreds of millions of investor dollars. Given this scenario, Forrester believes it is time for IT leaders to pay attention.
“We expect CIOs in life sciences, energy, defence, and manufacturing to see a deluge of hype from vendors and the media in the coming months,” says Forrester’s Brian Hopkins, VP, principal analyst serving CIOs and lead author of a report: A First Look at Quantum Computing. “Financial services, supply-chain, and healthcare firms will feel some of this as well. We see a market emerging, media interest on the rise, and client interest trickling in. It’s time for CIOs to take notice.”
The Forrester report gives some practical applications for quantum computing which helps contextualise its potential:
- Security could massively benefit from quantum computing. Factoring very large integers could break RSA-encrypted data, but could also be used to protect systems against malicious attempts.
- Supply chain managers could use quantum computing to gather and act on price information using minute-by-minute fluctuations in supply and demand
- Robotics engineers could determine the best parameters to use in deep-learning models that recognise and react to objects in computer vision
- Quantum computing could be used to discover revolutionary new molecules making use of the petabytes of data that studies are now producing. This would significantly benefit many organisations in the material and life sciences verticals – particularly those trying to create more cost-effective electric car batteries which still depend on expensive and rare materials.
Continue reading to find out how Quantum computing differs.