Hackers across EMEA are warming up for the FIFA World Cup. As all eyes turn to the pitch, they’ll be booting up the botnets ready to take on the excitable businesses who are increasingly giving away the ball on app protection and data security.
The EU General Data Protection Regulation (GDPR) – the cyberspace equivalent of the omnipresent Video Assisted Referee – will also be making its presence felt this Summer. The penalty for a breach is 2% to 4% of global turnover or €10 to 20 million, whichever is the bigger hit. The GDPR supervisory body can also flash the proverbial red card by immediately suspending all data processing if the risk to an EU citizen’s privacy is deemed unacceptable.
According to the Ponemon Institute’s 12th annual Cost of Data Breach study, the global average cost of a data breach currently stands at $3.62 million. The ongoing reputational costs are harder to quantify, so it’s not worth being sent off over compliance complacency. Like any competition, every company must now train hard and be ready to take a stand against cybercrime with the goal of protecting data.
Bots take to the field
Football is a game of two halves, and so too is the Internet. Recent research by F5 Labs suggests that half of the Internet’s traffic comes from bots, 30% of which are malicious. Most bots search for vulnerabilities, scrape websites or participate in DDoS attacks. They can speed up password-guessing to break into online accounts, mine cryptocurrency such as Bitcoin, and attack anything requiring a large network of computers.
Most botnet based attacks are designed for disruption and exploitation. Typical attacks include the creation of Spam email relays and Denial of Service (DoS) activities designed to prevent access to websites. Another concern flagged by F5 Labs is the inexorable rise of Thingbots: botnets which are built exclusively from IoT devices and are fast becoming the cyberweapon delivery system of choice for today’s attackers due to their poor security and ease of compromise.
Year over year (2016-2017), F5 Labs found that Telnet brute force attacks against IoT devices rose 249%. Moving ahead, IoT’s destructive arsenal is set to explode in scale. Gartner recently reported that there are 8.4 billion IoT devices in use and the number is expected to grow to 20.4 billion by 2020. Botnet risks rise significantly when moving to multi-cloud environments as many businesses are now doing out of operational necessity. In particular, many cloud consumers assume that security is inherently better in the cloud and do not realise the same vulnerabilities that plagued them in their datacentre are just as present in the cloud.
Tackling advanced app security
A threat defence is only effective if it safeguards sensitive data. Visibility is fundamental to understanding normal application behaviour, detecting anomalous traffic and being able to report data breaches to the relevant data protection authorities. Visibility means having insight into all traffic that passes between users and applications. It is essential that security systems understand the application, the protocols and can see into encrypted traffic. Context is equally important and the key to understanding the characteristics of an application’s environment, including behavioural insights that enable rapid adaptation where required. Incisive visibility and context are crucial to informing decision-makers, which means that robust security controls can be implemented to protect your apps and data.One of the best first lines of defence in the game is a web application firewall (WAF). The 2018 State of Application Delivery (SOAD) report revealed that 98% of F5’s surveyed customers protect at least some part of their application portfolio with a WAF. More than 40% protect half or more of their apps.
However, not all WAFs are capable of safeguarding against the full scope of today’s hyperactive threat spectrum. This is where Advanced WAF (AWAF) solutions are more effective. Capable of supporting a variety of consumption and licensing models, including a per-app basis, as well as perpetual, subscription, and utility billing options, AWAFs provide a new level of flexibility in both the cloud and the data centre. Important benefits include facilitating better collaboration between SecOps, DevOps, and NetOps teams to deploy app protection services in any environment.
Crucially, AWAFs provide powerful defensive capabilities against malicious bots going beyond signatures and reputation to block evolving automated attacks, prevent account takeovers (with encryption at the application layer), and protect apps from DoS attacks (using machine learning and behavioural analytics for high accuracy). AWAFs also provide comprehensive protection from mobile attacks through an Anti-Bot Mobile SDK rich security services, including application whitelisting (i.e. index of approved software), secure cookie validation, and advanced app hardening.
Blowing the whistle on cybercrime
Organisations need to prove they are responsible data custodians. Security and transparency are now essential attributes for customer service. It’s time to blow the whistle on cybercrime.
Investing in integrated security solutions protects what matters: your applications. The net result is that data are protected, the business upholds compliance standards and your customers remain enthusiastic, loyal fans – a world class winning combination.
Appdate: No wallet? No problem?
In his app roundup, SEAN BACHER highlights VodaPay Masterpass, Charge Running, South African App Integrator Directory, uKheshe Health and LocTransie.
Digital mobility is now a way of life and most are using smartphones to pay bills.
To meet this need Vodacom and Mastercard have launched VodaPay Masterpass, which enables Vodacom customers to load any bank card into a secure digital wallet, downloaded as an app on their smartphone. Once loaded, these cards and the secure credentials associated with them are safely stored, enabling customers to start transacting immediately without the hassle of entering card details each time they make a purchase.
Vodacom customers can buy prepaid data, airtime and SMS, or voice bundles, directly through the app. They can also select the Pay Bills menu option to settle their DStv accounts, pay a utility bill or take care of a traffic fine.
With the app’s Scan to Pay functionality, users can scan a QR code to pay for goods and services wherever Masterpass is accepted, including all SnapScan and Zapper merchants. Once a QR code is scanned, users select the card they wish to use, and enter their bank PIN number on their own device to complete the transaction.
Platform: Android and iOS
Expect to pay: A free download and users will not be charged for any transaction fees.
Most running apps track data like pace and distance and, in some cases play audio designed to motivate you, but don’t give you the push you get when you run with a friend. Charge Running is an app that lets you run alongside other runners, virtually, as well as giving live coaching to help you go the distance.
The app includes features such as:
· Unlimited access to live running classes and virtual races
· The ability to compete with runners anywhere in the world in real-time
· A live leaderboard that shows where you are in the pack to keep you pushing
· Live, personalised feedback from professional trainers
· Group chats with coaches and fellow runners throughout the run
· On-demand runs for times when you can’t join the live groups
· A choice of difficulty levels and race types
Platform: Android and iOS
Expect to pay: A free seven-day trial; thereafter R150 per month
Stockists: Visit the Charge Running site here for downloading instructions.
South African App Integrator Directory
The South African App Integrator Directory from Xero is designed to solve the complexity of choosing apps for small business owners.
The directory is now available in South Africa with six partners, including Realm Digital, Radical Cloud Solutions, Nimacc, Insights, Iridium Business Solutions and Creative CFO. According to Xero, these are all organisations with a proven track record of successfully integrating marketplace apps into Xero businesses. There are also currently over 700 apps in Xero’s App Marketplace worldwide, 21 of which are South African born.
As small businesses become more tech-savvy, they need to know exactly which apps to install on their devices and how the apps will help them. They also need to be able to install these apps from a trusted integrator so they know for what they are paying.
Platform: Any device with an up-to-date Internet browser.
Expect to pay: A one month trial version is offered, after which the App Integrator ranges from R125 to R245 per month, depending on the company’s needs.
Stockists: Visit Xero here for downloading instructions.
Click here to read about uKheshe Health and LocTransie.
Prize offered for drone films
DJI and SkyPixel, the world’s most popular aerial photography community, have announced the first short film contest inviting users to submit cinematic stories shot with camera and gimbal products. The 2019 SkyPixel Short Film Contest will accept entries until 14 October 2019. It welcomes submissions from all creators, ranging from hobbyists to social media users and professional videographers. around the globe.
The 2019 SkyPixel Short Film Contest consists of three storytelling categories—‘Big Moments Start Small,’ ‘Make Your Move’ and ‘Adventure Starts With You.’ There is no restriction on the type or brand of equipment participants use, and they can submit as many videos as they wish.
A total of 100 winners can win a range of prizes totaling $48,600 USD in categories including Recommended Films, Best Editing, Best Story, Nominated Entries, People’s Choice Prize as well as This Week’s Most Popular, sponsored by the partner SanDisk and WD brand from Western Digital Corp. This year’s Best Short Video winners will each receive the new Ronin-SC Pro Combo, Osmo Action as well as WD 2TB My Passport Wireless SSD.
Winning entries will also be showcased on the SkyPixel website as well as to DJI’s millions of fans and followers across its social media platforms.
“DJI has redefined how people capture stable video for all of life’s moments. The compact size, portability and powerful imaging system of our Osmo and Ronin series have also made it possible for anyone to take their creativity and inspirations to the next level,” said Basile David, Director of Brand and Content Partnerships at DJI. “With this contest, we hope to encourage more people to embrace and share their own creative way of storytelling.”
Since 2014, the SkyPixel online community has attracted 16 million professional aerial photographers and content creators from more than 140 countries, growing into the largest aerial photography community today. Over the past five years, SkyPixel has received over 150,000 submissions, becoming a go-to platform for original aerial masterpieces and extraordinary footage powered by other gimbal products focusing on various themes.
Details of the 2019 SkyPixel Short Film Contest
The short film contest consists of three categories:
Big Moments Start Small: Create a video showcasing the small, lightweight design of your camera device and your best cinematic scenes. Users are recommended to include at least 10 seconds of behind-the-scenes clips of their product such as DJI Osmo Pocket or other devices.
Make Your Move: Create a video showcasing the stabilized footage from your device. Users are recommended to include at least 10 seconds of behind-the-scenes clips of their product such as DJI Osmo Series or other devices.
Adventure Starts With You: Create a short, cinematic narrative film to showcase your creative skills and visual effects. Users are recommended to include at least 10 seconds of behind-the-scenes clips of their product such as DJI Ronin Series or other devices.
*Video submissions should not be longer than three minutes in length.
Submission Start Date: August 15, 2019, 2:00 AM (EST)
Submission End Date: October 14, 2019, 2:00 AM (EST)
Award Announcement: October 31, 2019