The digital transformation of our lives and economies has led to great advances, but at the same time it has resulted in increased exposure to a range of threats and given rise to new vocabulary such as shadow IT, phishing, ransomware and botnets, writes TINUS JANSE VAN RENSBURG, Cisco Regional Manager of Security Africa region
The digital transformation of our lives and economies has led to great advances in communication and productivity, but it has also created a great dependency on Internet connectivity across industries and individuals. This has resulted in increased exposure to a range of threats and given rise to new vocabulary such as shadow IT, phishing, ransomware and botnets.
The Fourth Industrial Revolution has radically improved lives, but has also created a new set of challenges that come with the ubiquity of networks; starting with their protection. Technology is ingrained in every aspect of today’s economy with many core assets now digital in nature, and susceptible to attack. While conventional wars saw planes, ships and tanks controlled by pilots, sailors and soldiers, today’s agents of destruction include laptops, mobiles and an Internet connection. The virtual ‘theatre of war’ now includes elusive forces capable of violating companies, governments and individuals with an array of digital weapons that can be automated to amplify the impact. Today, a few strokes on a keyboard can destroy an individual’s reputation, affect stock prices, and even the fate of nations.
The scale of the challenge is sobering. Every day over 20 billion cyber-threats (almost three for every man, woman and child on the planet) are blocked by Cisco. Last year, the global incidents of distributed denial-of-service attacks (which inundate network servers with junk Web traffic), jumped by 172%. This is expected to more than double to 3.1 million attacks by 2021. What these statistics do not provide, however, is the increasing levels of sophistication used by online perpetrators and sophisticated syndicates that make stealing data, disrupting networks and extorting money their business.
Today’s Allied Forces
Fortunately, forces are aligning to protect citizens, companies and governments from elements that aim to undermine the so-called ‘free world’ of the 21st Century. The Allied Forces of today are members of the private and public sector who are coming together to fight a ‘silent war’ against an enemy that is often faceless and operating from a borderless territory. While wars have typically been based on gaining or protecting territories and resources, the cyber war of the present is about maintaining and protecting the digital circulatory system of the global economy, and in some cases, the integrity of political systems.
For example, earlier this year two technology giants – IBM and Cisco –announced an agreement to work together in a number of areas, including ‘threat intelligence’. Apart from integrating various security products and services, the two companies have agreed to share their expertise in order to better detect and mitigate threats, as well as creating integrated security tools offering automated threat responses with greater speed and agility. Such a coordinated response is necessary given that 65% of organisations are using up to 50 different security products, with many of these organisations migrating security infrastructure to public and private cloud providers.
Apart from software and hardware companies collaborating, we are also seeing new organisations and forums being created to share information such as the Internet Watch Foundation, and the Cyber Threat Alliance. The scourge of cyber-threats has caused cybersecurity experts from diverse organisations in the ICT industry to work together in good faith to improve the broader defense capabilities.
‘Art of War’
In these days of digital warfare and the potential for digital infiltrations to spread quickly, being responsive is paramount. Fortunately, with more organisations collaborating and new technologies being applied, (such as machine learning), response rates to digital threats have improved dramatically. For example, between November 2015 and May 2017, Cisco decreased its median time to detection from just over 39 hours to about 3.5 hours. Beyond detecting threats and responding, today’s Allied Forces are pre-emptively blocking online incursions. For example, on a daily basis, the global threat intelligence company Talos inspects over 600 billion email samples and collects in excess of one billion malware samples.
Given the scale of cyber threats, it is essential to automate the detection and handling of threats and to secure ‘peripherals’ such as mobile devices. Using Artificial Intelligence, one new countermeasure is a technology called Cognitive Threat Analytics (CTA). Developed by Cisco, CTA continuously learns from the massive amounts of data it analyses, making it possible to identify threats and distinguishing them from normal online traffic, thereby offering a ‘smart defense’ against malicious network behaviors at a scale and speed unmatched by humans. Another advancement that was introduced in February this year, is the first Secure Internet Gateway (SIG) in the cloud. Designed to address the inherent security risks in an increasingly mobile workforce, it protects employees – whether they are on or off the corporate network – providing a ‘safety net’ that covers 100% of mobile traffic, without the need to install hardware and or manually update software.
|The day-to-day activities of all countries in the modern economy are part of a hyper-connected, global system. As a result, all individuals, companies and countries are potential targets for organisations with nefarious intentions. Being ‘battle ready’ is critical. This entails education, training, equipment, technology and specialised services to protect against digital attacks. It also demands a coordinated and collaborative defence across industry, government and society as part of taking a proactive stance to safeguard digital communication systems.
Security is everyone’s concern and protecting ourselves can no longer be conducted in isolation. With this is mind, it is useful to ponder the timeless words of Sun Tzu – the 500 B.C. Chinese philosopher and military strategist and author of The Art of War:
“The art of war teaches us to rely not on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.”
Password managers don’t protect you from hackers
Using a password manager to protect yourself online? Research reveals serious weaknesses…
Top password manager products have fundamental flaws that expose the data they are designed to protect, rendering them no more secure than saving passwords in a text file, according to a new study by researchers at Independent Security Evaluators (ISE).
“100 percent of the products that ISE analyzed failed to provide the security to safeguard a user’s passwords as advertised,” says ISE CEO Stephen Bono. “Although password managers provide some utility for storing login/passwords and limit password reuse, these applications are a vulnerable target for the mass collection of this data through malicious hacking campaigns.”
In the new report titled “Under the Hood of Secrets Management,” ISE researchers revealed serious weaknesses with top password managers: 1Password, Dashlane, KeePass and LastPass. ISE examined the underlying functionality of these products on Windows 10 to understand how users’ secrets are stored even when the password manager is locked. More than 60 million individuals 93,000 businesses worldwide rely on password managers. Click here for a copy of the report.
Password managers are marketed as a solution to eliminate the security risks of storing passwords or secrets for applications and browsers in plain text documents. Having previously examined these and other password managers, ISE researchers expected an improved level of security standards preventing malicious credential extraction. Instead ISE found just the opposite.
Click here to read the findings from the report.
MWC: Next generation of inflight connectivity to be unveiled
Next week at Mobile World Congress, the Seamless Air Alliance will reveal progress on its mission towards enabling the next generation of inflight connectivity. This follows a significant start for the Alliance, which has seen membership increase five-fold since the first meeting in June of last year. The Alliance has a new research laboratory setup and continues progress through its three working groups, writing specifications for the technology, requirements, and operations.
These developments represent a huge leap towards the goal of making connectivity as easy and enjoyable in the skies as it is on the ground. Appearing as part of the Airbus stand (Hall 6, stand 6G34), the Seamless Air Alliance will reveal specification topics that have been completed and published to its membership.
“The passenger experience with inflight connectivity remains one of the great technology challenges. From Day One we have been determined to deliver on our mission to bring industries and technologies together to make the inflight internet experience simple to access and a delight to use,” said the Alliance’s Chief Executive Officer, Jack Mandala.
“I have been tremendously encouraged by the enthusiastic and committed response we have seen and the widening areas of expertise we can call upon as more and more companies and organisations continue to join us,” he added.
Announced during MWC 2018, the Seamless Air Alliance has since grown to twenty-three membercompanies with more than one-hundred key personnel from across the membership participating in its three working groups, with numbers continuing to increase.
The Seamless Air Alliance was created by founding members Airbus, Airtel, Delta Air Lines, OneWeb and Sprint, and quickly joined by Air France KLM, Aeromexico, and GOL Linhas Aereas Inteligentes and global technology leaders including Astronics, Collins Aerospace, Comtech, Cyient, iDirect, Inmarsat, Intelsat, Latecoere, Nokia, and Panasonic.
Today, the Alliance is pleased to announce five additional new members: Adaptive Channel, Etihad Airways, GlobalReach Technology, Safran, and SITAONAIR.
“We are extremely pleased to have these companies join and be a part of the companies driving the next generation of connectivity.” said Mr Mandala.
The Seamless Air Alliance will enable travelers boarding any flight, on any airline, anywhere in the world, to use their own devices to automatically connect to the Internet with no complicated login process nor paywall to scramble over.
The Alliance is also announcing the release of a new research study on the economic benefit of standardization on the inflight connectivity market at Mobile World Congress. This report is available for download at https://www.seamlessalliance.com/publications/
The Alliance is moving rapidly towards an expected demonstration of the technology later in 2019 and anticipates massive interest in Barcelona from the whole communications eco-system.