DOROS HADJIZENONOS, Country Manager of Check Point South Africa, gives his security predictions for the coming year.
A year in cybersecurity can seem like an eternity. But despite the rapid changes, many things remain constant. Check Point’s top three predicted security threats for 2015 were the rapid growth in unknown malware, in mobile threats, and in critical vulnerabilities in commonly used platforms (Android, iOS and others). These were fully realised, and are likely to remain a significant threat. The cat-and-mouse game that has typified cybersecurity in recent years continues, with hackers constantly finding new ways in which to attack networks – as this year’s high-profile breaches at Anthem, Experian, Carphone Warehouse, Ashley Madison and TalkTalk showed.
Like most IT security professionals, I really want my predictions not to come true: I would prefer organisations didn’t get hacked or breached. But by anticipating the next wave of threats, we hope to help businesses stay on top of the evolving tactics and exploits that criminals will use to target them. So here are ten IT security threats and trends that I expect we will see during 2016.
‘Sniper’ and ‘shotgun’ malware
We believe that larger breaches in 2016 will be the result of custom-designed malware designed to get past the defences of specific organisations, such as the attack on US retailer Target. While generic, broad-brush attacks will continue to threaten individual users and small enterprises, hackers will raise their game when attacking larger organisations with more sophisticated security postures. They will use deeper, more sophisticated phishing and other social engineering tricks to gain access to the data that they want.
Moving to mobile
Mobile attacks continue to increase as mobile devices become more commonplace in the workplace, offering hackers direct and potentially lucrative access to personal and corporate data. Our 2015 Security Report found that 42% of organisations had suffered mobile security incidents which cost more than $250,000 to remediate, and 82% expected incidents to rise. This year has also seen several high-profile mobile vulnerabilities emerge, including Certifigate on hundreds of millions of Android devices and XcodeGhost, the first major malware infection targeting non-jailbroken iOS devices. We expect to find more major mobile vulnerabilities in the next year.
In the ongoing battle between hackers and security professionals, attackers are increasingly deploying more sophisticated, custom variants of existing malware and zero-days that can bypass traditional sandboxing technology. These new attack vectors require more proactive and advanced solutions that catch evasive malware. CPU-level sandboxing is able to identify the most dangerous threats in their infancy before they can evade detection and infect networks.
Attacks on critical infrastructure
In December 2014, a steel mill in Germany was hit by hackers who accessed the plant’s production network and caused ‘massive’ damage. Also, the US Department of Homeland Security that ‘Havex’ Trojan infections had compromised industrial control systems in over 1,000 energy companies across Europe and North America. Attacks on public utilities and key industrial processes will continue, using malware to target the SCADA systems that control those processes. And as control systems become increasingly connected, this will extend the potential attack surface – which will require better protection.
IoT and smart devices
The Internet of Things is still emerging and is unlikely to make a big impact in 2016. Nevertheless organisations need to think about how they can protect smart devices and prepare themselves for wider adoption of the IoT. The key questions users need to ask is ‘where is my data going?’ and ‘what would happen if someone gets hold of this data?’ A year ago, we discovered a flaw in SOHO routers worldwide that could allow hackers to hijack the router to launch attacks on any devices connected to it – and we will see more of these vulnerabilities in connected devices.
You wear it well
Wearables like smartwatches are making their way into the enterprise, bringing with them new security risks and challenges. There are a number of security concerns about data that is held on smartwatches, or that wearables could even be used by hackers to capture video and audio via mobile remote access Trojans, so organisations that permit these devices need to ensure that they are protected with encryption and strong passwords.
Trains, planes and automobiles
2015 saw the emergence of car hacking, in which the vehicle’s software is hijacked to take control of it. In July, Fiat Chrysler recalled 1.4 million Jeep Cherokee vehicles in the US after security researchers found that they could be hacked via the connected entertainment system. With modern cars featuring more gadgetry and connected systems than ever before, we need to apply protection to these in-car systems – and the same applies to the complex systems in passenger aeroplanes, trains and other forms of public transport.
Real security for virtual environments
Virtualisation has been adopted rapidly in the enterprise over recent years, whether it’s through SDN, NFV or cloud computing. Virtualised environments are complex and create new network layers, and it’s only now that we are seeing a real understanding of how to secure these environments. As organisations move to virtualised environments, security needs to be designed in from the outset to deliver effective protection.
New environments, new threats
2015 has seen the launch of a number of new operating systems, such as Windows 10 and iOS 9. The bulk of enterprise attacks in recent years have been on Windows 7, since adoption of Windows 8 was relatively low, but with Windows 10 experiencing a high uptake driven by the free download available, cyber-criminals will turn their attention to trying to exploit these new operating systems where updates are more frequent and users are less familiar with the environment.
Security consolidation – keep it simple!
To protect against multifaceted threats, security professionals are likely to increase their reliance on centralised security management solutions. With large enterprises having a plethora of different security products on their network, consolidation offers a way of reducing both complexity and cost. Having many point products and solutions quickly becomes unmanageable and can actually impede, rather than improve security, so consolidating security provides an effective way to cut complexity and make for easier management, so that new threats don’t get lost in the gaps between systems.
Building Africa’s Century
The 4th industrial revolution will be on the agenda of this week’s Gartner IT Symposium in Cape Town. Doug Woolley, GM of Dell Technologies South Africa, ponders its meaning for Africa
Is this Africa’s Century, as President Cyril Ramaphosa said at the recent WEF on Africa gathering? I believe so. The event made solid headway in charting a course forward for African-centric solutions to our challenges.
Technology featured often in discussions and the 4th Industrial Revolution was a central theme. Many of the outcomes also tied to a more connected digital world. But those are the broad strokes. What happens next?
An important avenue can be found in all the individual investments made inside societies, such as broadband. The spread of connectivity is in part due to telecommunications firms being mandated by the Government to reach rural and under-serviced communities. But the major momentum behind broadband stems from demand. From individuals to enterprises, a hungry broadband market has helped South Africa become much more connected.
This paradigm applies to other technology investments as well. All of them add up to support the ideas and advancements that were discussed at WEF on Africa. The need for better services and performance through technology stokes the Fourth Industrial Revolution’s engine. Every network, every datacentre, every smartphone is a piece of the puzzle that will create Africa’s Century.
We are further along the curve than most people realise. If I can judge a country’s potential based on how digitally mature its organisations are, then South Africa is not in bad shape. Earlier this year, the annual Dell Technologies Digital Transformation Index ranked South Africa in the top ten, ahead of most developed nations. The investments made by the Public and Private sectors are taking root.
It may not make headlines, but all these individual ambitions pointing in the same direction are building the change we all want to see.
This brings me to the Gartner IT Symposium Xpo, the business-technology event taking place at the Cape Town International Convention Centre from 16 to 18 September. If WEF on Africa challenged for solutions at a high level, then the Gartner Symposium is where those individual investments come into play.
The nitty-gritty of the 4IR era will be on the Symposium agenda. Research by World Wide Worx on the uptake of 4IR technologies among South African enterprises will be presented tomorrow (Tuesday) by one of the company’s data analysts, Bryan Turner.
I also anticipate discussions about multi-cloud. Cloud has grown tremendously as African organisations saw the progress that came with investing in it, connectivity and data – the core ingredients of the 4IR era. Now they are looking ahead to what can be done next: that multi-cloud is on the agenda shows how Africa’s technology capability is growing.
Unified workspaces will be another good conversation topic. What happens in the office doesn’t stay in the office. Our technology habits follow us home and, more often, our home habits follow us to the ofﬁce. This makes perfect sense, because 4IR is primarily about people being empowered by technology. Our workplace technology habits are microcosms of our overall use of technology.
Multi-cloud is the ‘infrastructure’ of the 4IR conversation and the workplace is where these technologies deliver some of their value. Considerable buzz is growing around unified workspaces, which make office environments more manageable and secure while reshaping them to fit the needs of modern employees.
Stop by the Dell Technologies stand and see how we’re helping create that momentum with multi-cloud, unified workspaces and through many other channels, including skills development and supporting SMMEs to grow.
How do we create Africa’s Century? Through those individual investments that collectively stoke the engines of our country and continent. It’s not just for the big players: 4IR can provide for every organisation regardless of size. Those investments are investments in the future of Africa.
PayPal pictures how the future will be won – or lost
By AAYUSH SINGHANIA, director of Commercial Operations for PayPal Cross-Border Trade Markets
There’s no doubt that technology has already re-shaped the way the world thinks about buying and selling. Who would have thought twenty years ago that people would be shopping on their phones?
Despite the huge changes to the shopping experience in recent years, it’s important to understand that we are only part-way through this journey. We are in the midst of the fourth industrial revolution, and as technologies continue to advance, and we as a society adapt our behaviours, new opportunities and risks will present themselves to merchants of all sizes.
Here is where I see the future of commerce being won and lost, as we continue on this technology journey:
Meeting ever-increasing demand for personalised experiences
We’ve already witnessed the transition of commerce from brick and mortar to the web, and then from the web to mobile. The next phase of internet-connected devices will make commerce even more contextual whereby anything you can interact with can be a platform for commerce. Imagine being able to point your phone at your best friend’s shoes, and almost instantly they are in your shopping cart, ready to be delivered to your home?
Mobile has already made shopping an “all the time” activity and has given us a taste of what it’s like to have hyper-personalised experiences. While a consumer walking into a retail store is limited by physical space, the online world offers an unlimited shelf for merchants to deliver tailored customer experiences. Looking ahead, innovations in artificial intelligence and machine learning hold great promise to further deliver on this hyper-personalisation, by being able to learn about who a consumer really is as a person and their individual preferences.
As a result of this evolution, customers have moved from being surprised and delighted by personalised experiences to expect them in every context. Many customers, for example, now get frustrated when they receive advertisements for products that they’ve already bought, or have no interest in. This shift has made it critical for merchants to avoid delivering homogenous experiences to shoppers who demand personalised interactions across all contexts. In doing so, it’s important that merchants find a balance between personalising their offerings and ensuring consumers don’t feel their privacy is being invaded. Shoppers want to feel like a brand understands them, but isn’t stalking them, particularly in the wake of several high-profile data breaches.
Closing the consumer fulfilment gap to deliver seamless experiences
With new advancements in technology comes the ability to create seamless customer experiences that narrow the gap between customer desire and fulfilment. Gone are the days where shoppers decided to purchase an item and they were happy to wait a week to receive it – for many, two-day shipping still isn’t quick enough. The invention of the internet meant people could shop from home, and recently we’ve seen this evolve further where consumers prefer to shop on-the-go via mobile.
The big question is, what’s next? We’re already seeing the growth of commerce through technologies like AI-enabled voice assistants and virtual reality, so it’s critical that merchants keep pace with innovations that enable them to close the gap between desire and purchase in a delightful way.
At the end of the day, businesses need to remember that the act of filling up a cart and the process of checking out is not the fun part of making a purchase – these are points of friction – and technology is the answer to removing these frustrations for customers.
Managing customer reactions to technology disruption
Every tech disruption in its early days delivers excitement, fear, anxiety and doubt – not necessarily in that order. We all go through a phase of tech humanisation, because technology grows as we do – and we help shape the development of new solutions.
Technology has been used for good and bad, and technology that causes eye-raising experiences at the start will generally normalise in time. Remember the first video cameras on phones? As people learned how to use the technology, content got posted that shouldn’t have. Everything from the telephone, to radio and the television all caused concern and were initially criticised when first introduced to the public, but with time they’ve become part of our everyday lives. As technology evolves, companies learn from it, and the acceptance and humanisation of technology will take place for both consumers and merchants as new innovations are applied to the world of commerce.
Merchants need to have a mindset that’s focused on being a customer champion, while recognising that customers need to adapt to new technologies in their own time. To do this, businesses must leverage technology to build the right features that aren’t intrusive, but geared towards helping people, and respect the customer’s choice to turn technology on or off.
Technology innovation will continue to re-shape commerce in the years ahead, with the potential to deliver new growth opportunities for merchants, and offering customers more choice, convenience, value and instant gratification. In a broader sense, these innovations can also help promote employment by breaking down traditional barriers to buying and selling. For merchants, the opportunities will arise, they just have to know how to take advantage of them in the right way.