DOROS HADJIZENONOS, Country Manager of Check Point South Africa, gives his security predictions for the coming year.
A year in cybersecurity can seem like an eternity. But despite the rapid changes, many things remain constant. Check Point’s top three predicted security threats for 2015 were the rapid growth in unknown malware, in mobile threats, and in critical vulnerabilities in commonly used platforms (Android, iOS and others). These were fully realised, and are likely to remain a significant threat. The cat-and-mouse game that has typified cybersecurity in recent years continues, with hackers constantly finding new ways in which to attack networks – as this year’s high-profile breaches at Anthem, Experian, Carphone Warehouse, Ashley Madison and TalkTalk showed.
Like most IT security professionals, I really want my predictions not to come true: I would prefer organisations didn’t get hacked or breached. But by anticipating the next wave of threats, we hope to help businesses stay on top of the evolving tactics and exploits that criminals will use to target them. So here are ten IT security threats and trends that I expect we will see during 2016.
‘Sniper’ and ‘shotgun’ malware
We believe that larger breaches in 2016 will be the result of custom-designed malware designed to get past the defences of specific organisations, such as the attack on US retailer Target. While generic, broad-brush attacks will continue to threaten individual users and small enterprises, hackers will raise their game when attacking larger organisations with more sophisticated security postures. They will use deeper, more sophisticated phishing and other social engineering tricks to gain access to the data that they want.
Moving to mobile
Mobile attacks continue to increase as mobile devices become more commonplace in the workplace, offering hackers direct and potentially lucrative access to personal and corporate data. Our 2015 Security Report found that 42% of organisations had suffered mobile security incidents which cost more than $250,000 to remediate, and 82% expected incidents to rise. This year has also seen several high-profile mobile vulnerabilities emerge, including Certifigate on hundreds of millions of Android devices and XcodeGhost, the first major malware infection targeting non-jailbroken iOS devices. We expect to find more major mobile vulnerabilities in the next year.
In the ongoing battle between hackers and security professionals, attackers are increasingly deploying more sophisticated, custom variants of existing malware and zero-days that can bypass traditional sandboxing technology. These new attack vectors require more proactive and advanced solutions that catch evasive malware. CPU-level sandboxing is able to identify the most dangerous threats in their infancy before they can evade detection and infect networks.
Attacks on critical infrastructure
In December 2014, a steel mill in Germany was hit by hackers who accessed the plant’s production network and caused ‘massive’ damage. Also, the US Department of Homeland Security that ‘Havex’ Trojan infections had compromised industrial control systems in over 1,000 energy companies across Europe and North America. Attacks on public utilities and key industrial processes will continue, using malware to target the SCADA systems that control those processes. And as control systems become increasingly connected, this will extend the potential attack surface – which will require better protection.
IoT and smart devices
The Internet of Things is still emerging and is unlikely to make a big impact in 2016. Nevertheless organisations need to think about how they can protect smart devices and prepare themselves for wider adoption of the IoT. The key questions users need to ask is ‘where is my data going?’ and ‘what would happen if someone gets hold of this data?’ A year ago, we discovered a flaw in SOHO routers worldwide that could allow hackers to hijack the router to launch attacks on any devices connected to it – and we will see more of these vulnerabilities in connected devices.
You wear it well
Wearables like smartwatches are making their way into the enterprise, bringing with them new security risks and challenges. There are a number of security concerns about data that is held on smartwatches, or that wearables could even be used by hackers to capture video and audio via mobile remote access Trojans, so organisations that permit these devices need to ensure that they are protected with encryption and strong passwords.
Trains, planes and automobiles
2015 saw the emergence of car hacking, in which the vehicle’s software is hijacked to take control of it. In July, Fiat Chrysler recalled 1.4 million Jeep Cherokee vehicles in the US after security researchers found that they could be hacked via the connected entertainment system. With modern cars featuring more gadgetry and connected systems than ever before, we need to apply protection to these in-car systems – and the same applies to the complex systems in passenger aeroplanes, trains and other forms of public transport.
Real security for virtual environments
Virtualisation has been adopted rapidly in the enterprise over recent years, whether it’s through SDN, NFV or cloud computing. Virtualised environments are complex and create new network layers, and it’s only now that we are seeing a real understanding of how to secure these environments. As organisations move to virtualised environments, security needs to be designed in from the outset to deliver effective protection.
New environments, new threats
2015 has seen the launch of a number of new operating systems, such as Windows 10 and iOS 9. The bulk of enterprise attacks in recent years have been on Windows 7, since adoption of Windows 8 was relatively low, but with Windows 10 experiencing a high uptake driven by the free download available, cyber-criminals will turn their attention to trying to exploit these new operating systems where updates are more frequent and users are less familiar with the environment.
Security consolidation – keep it simple!
To protect against multifaceted threats, security professionals are likely to increase their reliance on centralised security management solutions. With large enterprises having a plethora of different security products on their network, consolidation offers a way of reducing both complexity and cost. Having many point products and solutions quickly becomes unmanageable and can actually impede, rather than improve security, so consolidating security provides an effective way to cut complexity and make for easier management, so that new threats don’t get lost in the gaps between systems.
Rain, Telkom Mobile, lead in affordable data
A new report by the telecoms regulator in South Africa reveal the true consumer champions in mobile data costs
The latest bi-annual tariff analysis report produced by the Independent Communications Authority of South Africa (ICASA) reveals that Telkom Mobile data costs for bundles are two-thirds lower than those of Vodacom and MTN. On the other hand, Rain is half the price again of Telkom.
The report focuses on the 163 tariff notifications lodged with ICASA during the period 1 July 2018 to 31 December 2018.
“It seeks to ensure that there is retail price transparency within the electronic communications sector, the purpose of which is to enable consumers to make an informed choice, in terms of tariff plan preferences and/or preferred service providers based on their different offerings,” said Icasa.
ICASA says it observed the competitiveness between licensees in terms of the number of promotions that were on offer in the market, with 31 promotions launched during the period.
The report shows that MTN and Vodacom charge the same prices for a 1GB and a 3GB data bundle at R149 and R299 respectively. On the other hand, Telkom Mobile charges (for similar-sized data bundles) R100 (1GB) and R201 (3GB). Cell C discontinued its 1GB bundle, which was replaced with a 1.5GB bundle offered at the same price as the replaced 1GB data bundle at R149.
Rain’s “One Plan Package” prepaid mobile data offering of R50 for a 1GB bundle remains the most affordable when compared to the offers from other MNOs (Mobile Network Operators) and MVNOs (Mobile Virtual Network Operators).
“This development should have a positive impact on customers’ pockets as they are paying less compared to similar data bundles and increases choice,” said Icasa.
The report also revealed that the cost of out-of-bundle data had halved at both MTN and Vodacom, from 99c per Megabyte a year ago to 49c per Megabyte in the first quarter of this year. This was still two thirds more expensive than Telkom Mobile, which has charged 29c per Megabyte throughout this period (see graph below).
Meanwhile, from having positioned itself as consumer champion in recent years, Cell C has fallen on hard times, image-wise: it is by far the most expensive mobile network for out-of-bundle data, at R1.10 per Megabyte. Its prices have not budged in the past year.
The report highlights the disparities between the haves and have-nots in the dramatically plummeting cost of data per Megabyte as one buys bigger and bigger bundles on a 30-day basis (see graph below).
For 20 Gigabyte bundles, all mobile operators are in effect charging 4c per Megabyte. Only at that level do costs come in at under Rain’s standard tariffs regardless of use.
Qualcomm wins 5G as Apple and Intel cave in
A flurry of announcements from three major tech players ushered in a new mobile chip landscape, wrItes ARTHUR GOLDSTUCK
Last week’s shock announcement by Intel that it was canning its 5G modem business leaves the American market wide open to Qualcomm, in the wake of the latter winning a bruising patent war with Apple.
Intel Corporation announced its intention to “exit the 5G smartphone modem business and complete an assessment of the opportunities for 4G and 5G modems in PCs, internet of things devices and other data-centric devices”.
Intel said it would also continue to invest in its 5G network infrastructure business, sharpening its focus on a market expected to be dominated by Huawei, Nokia and Ericsson.
Intel said it would continue to meet current customer commitments for its existing 4G smartphone modem product line, but did not expect to launch 5G modem products in the smartphone space, including those originally planned for launches in 2020. In other words, it would no longer be supplying chips for iPhones and iPads in competition with Qualcomm.
“We are very excited about the opportunity in 5G and the ‘cloudification’ of the network, but in the smartphone modem business it has become apparent that there is no clear path to profitability and positive returns,” said Intel CEO Bob Swan. “5G continues to be a strategic priority across Intel, and our team has developed a valuable portfolio of wireless products and intellectual property. We are assessing our options to realise the value we have created, including the opportunities in a wide variety of data-centric platforms and devices in a 5G world.”
The news came immediately after Qualcomm and Apple issued a joint announced of an agreement to dismiss all litigation between the two companies worldwide. The settlement includes a payment from Apple to Qualcomm, along with a six-year license agreement, and a multiyear chipset supply agreement.
Apple had previously accused Qualcomm of abusing its dominant position in modem chips for smartphones and charging excessive license fees. It ordered its contract manufacturers, first, to stop paying Qualcomm for the chips, and then to stop using the chips altogether, turning instead to Intel.
With Apple paying up and Intel pulling out, Qualcomm is suddenly in the pound seats. It shares hit their highest levels in five years after the announcements.
Qualcomm said in a statement: “As we lead the world to 5G, we envision this next big change in cellular technology spurring a new era of intelligent, connected devices and enabling new opportunities in connected cars, remote delivery of health care services, and the IoT — including smart cities, smart homes, and wearables. Qualcomm Incorporated includes our licensing business, QTL, and the vast majority of our patent portfolio.”
Meanwhile, Strategy Analytics released a report on the same day that showed Ericsson, Huawei and Nokia will lead the market in core 5G infrastructure, namely Radio Access Network (RAN) equipment, by 2023 as the 5G market takes off. Huawei is expected to have the edge as a result of the vast scale of the early 5G market in China and its long term steady investment in R&D. According to a report entitled “Comparison and 2023 5G Global Market Potential for leading 5G RAN Vendors – Ericsson, Huawei and Nokia”, two outliers, Samsung and ZTE, are expected to expand their global presence alongside emerging vendors as competition heats up.