Cyber security used to be all about prevention, but as breaches become a matter of when rather than if, the new watchword is resilience, writes ARTHUR GOLDSTUCK.
There was a time when all one needed to keep computers safe was up-to-date anti-virus software. Then the hackers upgraded their armoury and we needed firewalls for both networks and personal computers. Finally, cyber criminals developed an all-out assault, in which thousands of compromised computers would be roped in as “bots” to mass-attack a target. Known as a Distributed Denial-of-Service or DDoS attack, it has taken down even the mightiest technology champions like Facebook and Google.
As a result, for some years now, information security has been seen as an arms race between the hackers and the defenders. The latter have never been willing to acknowledge that the hackers tend to have the upper hand, but this reality is slowly beginning to dawn on them.
So, while up-to-date information security tools and defences remain critical, they can no longer define security strategy.
“People are realising there’s no silver bullet, no one technology that will help them clamp down on cyber threats,” says Heino Gevers, Customer Experience Manager at Mimecast South Africa, specialists in email protection and management. “The answer is not to use more technology, but to develop something called cyber resilience.”
This refers only partly to the ability to withstand attacks. Primarily, it deals with now one responds when an attack does take place, as well as what processes are in place to protect customer information, how these processes are documented, and whether the company has a strategy for evolving its responses.
Right now, for example, many companies are struggling to get to grips with the Protection of Personal Information (POPI) Act, which has been signed into law, but is not yet active due to provisions that have not yet been met. A key element of POPI is a requirement to disclose any security breaches that may have compromised customer information.
Last year, the Ster-Kinekor website suffered a major breach that resulted in millions of user names and passwords being exposed. The company was not obliged to report it, and it only came to light as a result of being given as a case study during a global cyber security conference.
Under POPI, not only would a company be obliged to disclose such a breach, but it would also have to explain what measures had been in place to protect its customers, and how it was addressing the consequences. In effect, POPI compliance would be a key step towards cyber resilience.
“Companies have to ask themselves the question: what have they done today to try to understand POPI and the new cyber laws, and what it means for their business,” says Gevers.
“A lot of it speaks to how you put measures in place, how you document those measures when there is a breach, and about the processes and people components. It’s not a nice-to-have: it’s going to be mandatory.”
Once a company start unpacking these demands, he says, it gets to the core of new cyber security demands.
“Firstly, there is no silver bullet. Secondly, a defensive strategy should evolve to a resilience strategy, ie instead of only trying to prevent it, know what to do when it happens and be able to answer the question: did you do everything in your power to protect customers, users and data?”
The concept can be extended to individuals as well. Everyone should have a plan in place for when things go wrong. For example, if a virus infects your computer or smartphone, or you are conned into downloading software that locks you out of your computer, do you have a backup somewhere? Can you log into Microsoft OneDrive or GoogleDrive and get access to the latest versions of all your documents?
If you don’t have that kind of online backup, are you backing up onto an external hard drive or even USB flash drive? Are you able to change the password on your online bank account or social media network at a moment’s notice?
If none of that has even occurred to you, then you are not even close to cyber resilience. But with that checklist in hand, you can begin the process.
For companies, entire departments exist to take that responsibility off the hands of individuals, but every employee should be involved in the process.
“Cyber resilience is best deacribed as a famework consisting of five pillars,” says Gevers. “It makes it simple for organisations to understand where to start and to refine these pillars.”
The five pillars of cyber resilience can be summed up as:
- Preparing and identifying what information is being processed in an organisation and ientifying what systems interact with that information. It should then be classified according to confidential company information, confidential customer information, or public knowledge.
- Reasonable protection of the organisation, which includes having a clear understanding of the comapany’s information security needs.
- Swift detection of a breach, on the understanding that, as Gevers put it, “the sooner you can detect a breach, the better you can mitigate financial damage”.
- Swift reponse, which includes having a business continuity plan in place, and transparent communication with all stakeholders. “How do I repsond to inernal staff, and who owns that communication? It all has to be approved in advance,” says Gevers. “Don’t deal with the issue in isolation or sweep it under the carpet.”
- How you recover is possibly the most critical pillar. “Most organisations don’t have a plan to restore operations. Most restore from a backup. They need to acknowledge that ransomware and other threats are evolving, so you cant recover in the way you did in past, if the criminals still have your intellectual property.”
Android Go puts reliable smartphones in budget pockets
Nokia, Vodacom and Huawei have all launched entry-level smartphones running the Android Go edition, and all deliver a smooth experience, writes BRYAN TURNER.
Three new and notable Android Go smartphones have recently hit the market, namely the Nokia 1, the Vodafone Smart Kicka 4 and the Huawei Y3 (2018). These phones run one of the most basic versions of Android while still delivering a fairly smooth user experience.
Historically, consumers purchasing smartphones in the budget bracket would have a hit-and-miss experience with processing speed, smoothness of user interface, and app stability. The Google-supported Android Go edition operating system optimises the user experience by stripping out non-important visual effects to speed up the phone. Thish allows for more memory to be used by apps.
Google also ensures that all smartphones running Android Go will receive feature and security updates as they are released by Google. This is a major selling point for these smartphones, as users of this smartphone will always be running the latest software, with virtually no manufacturer bloatware.
Vodafone Smart Kicka 4
At the lowest entry-level, the Vodafone Smart Kicka 4 performs well as a communicator for emails and WhatsApp messages. The 4” screen represents a step up for entry-level Android phones, which were previously standardised at 3.5”.
The display is bright and very responsive, while the limited screen real estate leaves the navigation keys off the screen as touch buttons. It uses 3G connectivity, which might seem like an outdated technology, but is good enough to stream SD videos and music. Vodacom has also thrown in some data gifts if the smartphone is activated before the end of September 2018.
Its camera functionalities might be a slight let down for the aspirant Instagrammer, with a 2MP rear flash camera and a 0.3MP selfie snapper. Speed wise, the keyboard pops up quickly, which is a huge improvement from the Smart Kicka 3. However, this phone will not play well with graphics-intensive games.
Next up is the Nokia 1, which adds a much better 5MP camera, improved battery life and a bigger 4.5” screen. It supports LTE, which allows this smartphone to download and upload at the speed of flagships. It also sports the Nokia brand name, which many consumers trust.
Although the front camera is 2MP, the quality is extremely grainy, even with good lighting. This disqualifies this smartphone for the social media selfie snapper, but the 5MP rear camera will work for the landscape and portrait photographer.
The screen also redeems this smartphone, providing a display which represents colours truly and has great viewing angles. Xpress-on back covers allows the use of interchangeable, multi-coloured back covers, which has proven to be a successful sales point for mid-range smartphones in the past.
Huawei Y3 (2018)
The most capable of the Android Go edition competitors, the Huawei Y3 (2018) packs an even bigger screen at 5”, as well as an improved 8MP rear camera and HD video recording. The screen is the brightest and most vibrant of the three smartphones, but seems to be calibrated to show colours a little more saturated than they actually are.
Nevertheless, the camera outperforms the other smartphones with good colour replication and great selfie capabilities via the 2MP front camera – far superior to the Nokia 1 despite the same spec. LTE also comes standard with this smartphone and Vodacom throws in 4G/LTE data goodies until the end of September 2018. The battery, however, is not removable and may only be replaced by a warranty technician.
Comparing the 3
All three smartphones have removable back covers, which provide access to the battery, SIM card and SD card slots. The smartphones have Micro USB ports on the bottom with headphone jacks on the top. The built-in speakers all performed well, with the Y3 (2018) housing an exceptionally loud built-in speaker.
Although all at different price points, all three phones remain similar in performance and speed. The differentiators are apparent in the components, like camera quality and screen quality. It would be fair to rank the quality of the camera and battery life by respective market prices. The Vodafone Smart Kicka 4 performed well, for its R399 retail price. The Nokia 1, on the other hand, lags quite a bit in features when compared to the Huawei Y3 (2018), bwith oth retailing at R999.
SA gets digital archive
As the world entered the centenary of Nelson Mandela’s birth on Mandela Day, 18 July 2018, South Africa celebrated the launch of a digital living archive.
The southafrica.co.za site carries content about the country’s collective heritage in South Africa’s eleven official languages.
Designed as a nation building, educational and brand promotion web based tool, the free-to-view platform features award-winning photographic and written content by leading South African photographers, authors, academics and photojournalists.
The emphasis is on quality, credible, factual content that celebrates a collective heritage in terms of the following: Cultural Heritage; Natural Heritage; Education; History; Agriculture; Industry; Mining; and Travel.
At the same time as reflecting on the nation’s history, southafrica.co.za celebrates South Africa’s natural, cultural and economic assets so that the youth can learn about their nation in their home language.
Southafrica.co.za Founder and CEO Hans Gerrizen conceptualised southafrica.co.za as a means for youth and communities from outlying areas to benefit from the digital age in terms of the web tool’s empowering educational component.
“We can only stand to deepen our collective experience of democracy and become a more forward planning nation if we know facts about our nation’s past and present in everyone’s home language,” he says.
Southafrica.co.za, with sister company Siyabona Africa, is the organiser and sponsor of the Mandela: 100 Moments photographic exhibition that runs until 30 September at Cape Town’s V&A Waterfront-based Nelson Mandela Gateway to Robben Island. The 3-month exhibition, which runs daily from 08h00 until 15h00, is showcasing one hundred iconic Nelson Mandela images taken by veteran South African photojournalist and self-taught lensman Peter Magubane.