Cyber security used to be all about prevention, but as breaches become a matter of when rather than if, the new watchword is resilience, writes ARTHUR GOLDSTUCK.
There was a time when all one needed to keep computers safe was up-to-date anti-virus software. Then the hackers upgraded their armoury and we needed firewalls for both networks and personal computers. Finally, cyber criminals developed an all-out assault, in which thousands of compromised computers would be roped in as “bots” to mass-attack a target. Known as a Distributed Denial-of-Service or DDoS attack, it has taken down even the mightiest technology champions like Facebook and Google.
As a result, for some years now, information security has been seen as an arms race between the hackers and the defenders. The latter have never been willing to acknowledge that the hackers tend to have the upper hand, but this reality is slowly beginning to dawn on them.
So, while up-to-date information security tools and defences remain critical, they can no longer define security strategy.
“People are realising there’s no silver bullet, no one technology that will help them clamp down on cyber threats,” says Heino Gevers, Customer Experience Manager at Mimecast South Africa, specialists in email protection and management. “The answer is not to use more technology, but to develop something called cyber resilience.”
This refers only partly to the ability to withstand attacks. Primarily, it deals with now one responds when an attack does take place, as well as what processes are in place to protect customer information, how these processes are documented, and whether the company has a strategy for evolving its responses.
Right now, for example, many companies are struggling to get to grips with the Protection of Personal Information (POPI) Act, which has been signed into law, but is not yet active due to provisions that have not yet been met. A key element of POPI is a requirement to disclose any security breaches that may have compromised customer information.
Last year, the Ster-Kinekor website suffered a major breach that resulted in millions of user names and passwords being exposed. The company was not obliged to report it, and it only came to light as a result of being given as a case study during a global cyber security conference.
Under POPI, not only would a company be obliged to disclose such a breach, but it would also have to explain what measures had been in place to protect its customers, and how it was addressing the consequences. In effect, POPI compliance would be a key step towards cyber resilience.
“Companies have to ask themselves the question: what have they done today to try to understand POPI and the new cyber laws, and what it means for their business,” says Gevers.
“A lot of it speaks to how you put measures in place, how you document those measures when there is a breach, and about the processes and people components. It’s not a nice-to-have: it’s going to be mandatory.”
Once a company start unpacking these demands, he says, it gets to the core of new cyber security demands.
“Firstly, there is no silver bullet. Secondly, a defensive strategy should evolve to a resilience strategy, ie instead of only trying to prevent it, know what to do when it happens and be able to answer the question: did you do everything in your power to protect customers, users and data?”
The concept can be extended to individuals as well. Everyone should have a plan in place for when things go wrong. For example, if a virus infects your computer or smartphone, or you are conned into downloading software that locks you out of your computer, do you have a backup somewhere? Can you log into Microsoft OneDrive or GoogleDrive and get access to the latest versions of all your documents?
If you don’t have that kind of online backup, are you backing up onto an external hard drive or even USB flash drive? Are you able to change the password on your online bank account or social media network at a moment’s notice?
If none of that has even occurred to you, then you are not even close to cyber resilience. But with that checklist in hand, you can begin the process.
For companies, entire departments exist to take that responsibility off the hands of individuals, but every employee should be involved in the process.
“Cyber resilience is best deacribed as a famework consisting of five pillars,” says Gevers. “It makes it simple for organisations to understand where to start and to refine these pillars.”
The five pillars of cyber resilience can be summed up as:
- Preparing and identifying what information is being processed in an organisation and ientifying what systems interact with that information. It should then be classified according to confidential company information, confidential customer information, or public knowledge.
- Reasonable protection of the organisation, which includes having a clear understanding of the comapany’s information security needs.
- Swift detection of a breach, on the understanding that, as Gevers put it, “the sooner you can detect a breach, the better you can mitigate financial damage”.
- Swift reponse, which includes having a business continuity plan in place, and transparent communication with all stakeholders. “How do I repsond to inernal staff, and who owns that communication? It all has to be approved in advance,” says Gevers. “Don’t deal with the issue in isolation or sweep it under the carpet.”
- How you recover is possibly the most critical pillar. “Most organisations don’t have a plan to restore operations. Most restore from a backup. They need to acknowledge that ransomware and other threats are evolving, so you cant recover in the way you did in past, if the criminals still have your intellectual property.”
Earth 2050: memory chips for kids, telepathy for adults
An astonishing set of predictions for the next 30 years includes a major challenge to the privacy of our thoughts.
Buy 2050, most kids may be fitted with the latest memory boosting implants, and adults will have replaced mobile devices with direct connectivity through brain implants, powered by thought.
These are some of the more dramatic forecasts in Earth 2050, an award-winning, interactive multimedia project that accumulates predictions about social and technological developments for the upcoming 30 years. The aim is to identify global challenges for humanity and possible ways of solving these challenges. The website was launched in 2017 to mark Kaspersky Lab’s 20th birthday. It comprises a rich variety of predictions and future scenarios, covering a wide range of topics.
Recently a number of new contributions have been added to the site. Among them Lord Martin Rees, the UK’s Astronomer Royal, Professor at Cambridge University and former President of the Royal Society; investor and entrepreneur Steven Hoffman, Peter Tatchell, human rights campaigner, along withDmitry Galov, security researcher and Alexey Malanov, malware analyst at Kaspersky Lab.
The new visions for 2050 consider, among other things:
- The replacement of mobile devices with direct connectivity through brain implants, powered by thought – able to upload skills and knowledge in return – and the impact of this on individual consciousness and privacy of thought.
- The ability to transform all life at the genetic level through gene editing.
- The potential impact of mistakes made by advanced machine-learning systems/AI.
- The demise of current political systems and the rise of ‘citizen governments’, where ordinary people are co-opted to approve legislation.
- The end of the techno-industrial age as the world runs out of fossil fuels, leading to economic and environmental devastation.
- The end of industrial-scale meat production, as most people become vegan and meat is cultured from biopsies taken from living, outdoor reared livestock.
The hypothetical prediction for 2050 from Dmitry Galov, security researcher at Kaspersky Lab is as follows: “By 2050, our knowledge of how the brain works, and our ability to enhance or repair it is so advanced that being able to remember everything and learn new things at an outrageous speed has become commonplace. Most kids are fitted with the latest memory boosting implants to support their learning and this makes education easier than it has ever been.
“Brain damage as a result of head injury is easily repaired; memory loss is no longer a medical condition, and people suffering from mental illnesses, such as depression, are quickly cured. The technologies that underpin this have existed in some form since the late 2010s. Memory implants are in fact a natural progression from the connected deep brain stimulation implants of 2018.
“But every technology has another side – a dark side. In 2050, the medical, social and economic impact of memory boosting implants are significant, but they are also vulnerable to exploitation and cyber-abuse. New threats that have appeared in the last decade include the mass manipulation of groups through implanted or erased memories of political events or conflicts, and even the creation of ‘human botnets’.
“These botnets connect people’s brains into a network of agents controlled and operated by cybercriminals, without the knowledge of the victims themselves. Repurposed cyberthreats from previous decades are targeting the memories of world leaders for cyber-espionage, as well as those of celebrities, ordinary people and businesses with the aim of memory theft, deletion of or ‘locking’ of memories (for example, in return for a ransom).
“This landscape is only possible because, in the late 2010s when the technologies began to evolve, the potential future security vulnerabilities were not considered a priority, and the various players: healthcare, security, policy makers and more, didn’t come together to understand and address future risks.”
For more information and the full suite of inspirational and thought-provoking predictions, visit Earth 2050.
SAFTA awards get first streaming video nominees
The 2019 nominations for The South African Film and Television Awards (SAFTAs) were announced late last week, and for the first time in the 13-year history of the awards, a TV series produced for a video-on-demand service was in contention. The result was a surprise boost to streaming service Showmax.
The comedy series Tali’s Wedding Diary, which premiered in December 2017, represented a major step for the then two-year old streaming service. It was the debut Showmax Original, the first time Showmax ventured into producing its own content. The gamble paid off, with the show becoming the most watched of any series on its first day on Showmax, and now Tali’s Wedding Diary has been further recognised with seven SAFTA nominations, making it this year’s most nominated comedy.
“When we first floated the idea of Tali’s Wedding Diary, we joked about winning awards,” says Candice Fangueiro, Showmax’s head of content. “At that point, just getting our first Showmax Original off the ground was already a major challenge and it was more than we could hope for to actually hit it out of the park. I was stunned when I heard the news about the nominations – it’s amazing to be considered in the same company as these other shows and thanks to this we’re already seeing a fresh spike in Tali views.”
Tali’s Wedding Diary was also a first for co-creator and star Julia Anastasopoulos, who until then was best known as YouTube star SuzelleDIY. “I am so thrilled about the SAFTA nominations for Tali’s Wedding Diary,” says Julia, who is up for Best Actress – TV Comedy and Best Achievement in Scriptwriting – TV Comedy, along with her husband Ari Kruger and Daniel Zimbler.
“It was such a big and daunting step to create a full TV comedy series and intro a brand-new character. I really didn’t know how it would be received and am so happy to have received such positive feedback for the show and the Tali Babes character, along with the nominations. It feels so good to be recognised for something we poured our hearts into. None of it would have been possible, of course, without the incredible hard work and vision of my husband Ari and the incredible team, cast and crew that were part of the show. And a huge thank you to Showmax of course for making it all possible. Congratulations and best of luck to the entire team and to all the other nominees.”
Tali’s Wedding Diary is a mockumentary that follows Tali, a self-obsessed Joburg princess who’s moved to Cape Town and is planning her wedding to property-agent fiancé Darren (Anton Taylor). The series was inspired by Julia’s own wedding to Ari, her SuzelleDIY and Tali’s Wedding Diary co-creator, who is also up for Best Achievement In Directing – TV Comedy.
In addition to Julia and Ari’s nominations, Tali’s Wedding Diary is up for Best TV Comedy, Art Direction (Keren Setton), Cinematography (James Adey), and Editing (Richard Starkey). Winners will be announced on 2 March 2019 at Sun City Superbowl.
Following the success of Tali’s Wedding Diary, the second Showmax Original, The Girl From St Agnes, was released earlier this month. A third Showmax Original, Trippin With Skhumba, is slated for release at the end of February.
“With three Showmax Originals now under our belt and more on the way, we’d like to think this is the start of many more SAFTA nominations for shows from a streaming service,” concludes Candice.
South African content currently on Showmax has 110 nominations and includes the most nominated movie (Five Fingers With Marseilles), telenovela (The River), drama (Lockdown) and soap (Isibaya), with more SAFTA nominees scheduled for the coming months.