Hackers across EMEA are warming up for the FIFA World Cup. As all eyes turn to the pitch, they’ll be booting up the botnets ready to take on the excitable businesses who are increasingly giving away the ball on app protection and data security.
The EU General Data Protection Regulation (GDPR) – the cyberspace equivalent of the omnipresent Video Assisted Referee – will also be making its presence felt this Summer. The penalty for a breach is 2% to 4% of global turnover or €10 to 20 million, whichever is the bigger hit. The GDPR supervisory body can also flash the proverbial red card by immediately suspending all data processing if the risk to an EU citizen’s privacy is deemed unacceptable.
According to the Ponemon Institute’s 12th annual Cost of Data Breach study, the global average cost of a data breach currently stands at $3.62 million. The ongoing reputational costs are harder to quantify, so it’s not worth being sent off over compliance complacency. Like any competition, every company must now train hard and be ready to take a stand against cybercrime with the goal of protecting data.
Bots take to the field
Football is a game of two halves, and so too is the Internet. Recent research by F5 Labs suggests that half of the Internet’s traffic comes from bots, 30% of which are malicious. Most bots search for vulnerabilities, scrape websites or participate in DDoS attacks. They can speed up password-guessing to break into online accounts, mine cryptocurrency such as Bitcoin, and attack anything requiring a large network of computers.
Most botnet based attacks are designed for disruption and exploitation. Typical attacks include the creation of Spam email relays and Denial of Service (DoS) activities designed to prevent access to websites. Another concern flagged by F5 Labs is the inexorable rise of Thingbots: botnets which are built exclusively from IoT devices and are fast becoming the cyberweapon delivery system of choice for today’s attackers due to their poor security and ease of compromise.
Year over year (2016-2017), F5 Labs found that Telnet brute force attacks against IoT devices rose 249%. Moving ahead, IoT’s destructive arsenal is set to explode in scale. Gartner recently reported that there are 8.4 billion IoT devices in use and the number is expected to grow to 20.4 billion by 2020. Botnet risks rise significantly when moving to multi-cloud environments as many businesses are now doing out of operational necessity. In particular, many cloud consumers assume that security is inherently better in the cloud and do not realise the same vulnerabilities that plagued them in their datacentre are just as present in the cloud.
Tackling advanced app security
A threat defence is only effective if it safeguards sensitive data. Visibility is fundamental to understanding normal application behaviour, detecting anomalous traffic and being able to report data breaches to the relevant data protection authorities. Visibility means having insight into all traffic that passes between users and applications. It is essential that security systems understand the application, the protocols and can see into encrypted traffic. Context is equally important and the key to understanding the characteristics of an application’s environment, including behavioural insights that enable rapid adaptation where required. Incisive visibility and context are crucial to informing decision-makers, which means that robust security controls can be implemented to protect your apps and data.One of the best first lines of defence in the game is a web application firewall (WAF). The 2018 State of Application Delivery (SOAD) report revealed that 98% of F5’s surveyed customers protect at least some part of their application portfolio with a WAF. More than 40% protect half or more of their apps.
However, not all WAFs are capable of safeguarding against the full scope of today’s hyperactive threat spectrum. This is where Advanced WAF (AWAF) solutions are more effective. Capable of supporting a variety of consumption and licensing models, including a per-app basis, as well as perpetual, subscription, and utility billing options, AWAFs provide a new level of flexibility in both the cloud and the data centre. Important benefits include facilitating better collaboration between SecOps, DevOps, and NetOps teams to deploy app protection services in any environment.
Crucially, AWAFs provide powerful defensive capabilities against malicious bots going beyond signatures and reputation to block evolving automated attacks, prevent account takeovers (with encryption at the application layer), and protect apps from DoS attacks (using machine learning and behavioural analytics for high accuracy). AWAFs also provide comprehensive protection from mobile attacks through an Anti-Bot Mobile SDK rich security services, including application whitelisting (i.e. index of approved software), secure cookie validation, and advanced app hardening.
Blowing the whistle on cybercrime
Organisations need to prove they are responsible data custodians. Security and transparency are now essential attributes for customer service. It’s time to blow the whistle on cybercrime.
Investing in integrated security solutions protects what matters: your applications. The net result is that data are protected, the business upholds compliance standards and your customers remain enthusiastic, loyal fans – a world class winning combination.
Get your passwords in shape
New Year’s resolutions should extend to getting password protection sorted out, writes Carey van Vlaanderen, CEO at ESET Southern Africa.
Many of us have entered the new year with a boat load of New Year’s resolutions. Doing more exercise, fixing unhealthy eating habits and saving more money are all highly respectable goals, but could it be that they don’t go far enough in an era with countless apps and sites that scream for letting them help you reach your personal goals.
Now, you may want to add a few weightier and yet effortless habits on top of those well-worn choices. Here are a handful of tips for ‘exercises’ that will go good for your cyber-fitness.
I won’t pass up on stubborn passwords
Passwords have a bad rap, and deservedly so: they suffer from weaknesses, both in terms of security and convenience, that make them a less-than-ideal method of authentication. However, much of what the internet offers is independent on your singing up for this or that online service, and the available form of authentication almost universally happens to the username/password combination.
As the keys that open online accounts (not to speak of many devices), passwords are often rightly thought of as the first – alas, often only – line of defence that protects your virtual and real assets from intruders. However, passwords don’t offer much in the way of protection unless, in the first place, they’re strong and unique to each device and account.
But what constitutes a strong password? A passphrase! Done right, typical passphrases are generally both more secure and more user-friendly than typical passwords. The longer the passphrase and the more words it packs the better, with seven words providing for a solid start. With each extra character (not to mention words), the number of possible combinations rises exponentially, which makes simple brute-force password-cracking attacks far less likely to succeed, if not well-nigh impossible (assuming, of course, that the service in question does not impose limitations on password input length – something that is, sadly, far too common).
Click here to read about making secure passwords by not using dictionary words, using two-factor authentication, and how biometrics are coming to
Code Week prepares 2.3m young Africans for future
By SUNIL GENESS, Director Government Relations & CSR, Global Digital Government, at SAP Africa.
On January 6th, 2019, news broke of South African President Cyril Ramaphosa’s plans to announce a new approach to education in his second State of the Nation address, including:
- A universal roll-out of tablets for all pupils in the country’s 23 700 primary and secondary schools
- Computer coding and robotics classes for the foundation-phase pupils from grade 1-3 and the
- Digitisation of the entire curriculum, , including textbooks, workbooks and all teacher support material.
With this, the President has shown South Africa’s response to a global challenge: equipping our youth with the skills they’ll need to survive and thrive in the 21st century digital economy.
Africa’s working-age population will increase to 600 million in 2030 from a base of 370 million in 2010.
In South Africa, unemployment stands at 26.7 percent, but is much more pronounced among youths: 52.2 percent of the country’s 15-24-year-olds are looking for work.
As an organisation deeply invested in South Africa and its future, SAP has developed and implemented a range of initiatives aimed at fostering digital skills development among the country’s youth, including:
AFRICA CODE WEEK
Since its launch in 2015, Africa Code Week has introduced more than 4 million African youth to basic coding.
In 2018, more than 2.3 million youth across 37 countries took part in Africa Code Week.
The digital skills development initiative’s focus on building local capacity for sustainable learning resulted in close to 23 000 teachers being trained in the run-up to the October 2018 events.
Vital to the success of Africa Code Week is the close support it receives from a broad spectrum of public and private sector institutions, including UNESCO YouthMobile, Google, the German Federal Ministry for Economic Cooperation and Development (BMZ), the Cape Town Science Centre, the Camden Education Trust, 28 African governments, over 130 implementing partners and 120 ambassadors across the continent.
SAP’s efforts to drive digital skills development on the African continent forms part of a broader organisational commitment to the UN Sustainable Development Goals, specifically Goal 4 (“Ensure quality and inclusive education for all”)
A core component of Africa Code Week is to encourage female participation in STEM-related skills development activities: in 2018, more than 46% of all Africa Code Week participants were female.
According to Africa Code Week Global Coordinator Sunil Geness, female representation in STEM-related fields among African businesses currently stands at 30%, “requiring powerful public-private partnerships to start turning the tide and creating more equitable opportunities for African youth to contribute to the continent’s economic development and success”.
Click here to read more about the Skills for Africa graduate training programme, and about the LEGO League.