The new decade is still in its infancy and already we have heard news of potential malware attacks on major banks in the sub-Saharan Africa region. These alleged attacks are thought to be the work of a Russian hacking group named ‘Silence’. While it seems that South African banks have been unaffected to date – according to the South African Banking Risk Information Centre (SABRIC) – this news is certainly consistent with the significant trend towards the monetisation of cyberattacks – there is real money to be made in working to breach the cyber defences of businesses, both big and small. And thus, there is no surprise that throughout 2019, organisations across all industries globally were targeted by cyberattackers.
This holds true whether we are talking about information being stolen for illegal gains, IT systems being hacked and shut down until a ransom demand is paid, or operational technology (OT) systems and critical infrastructure being damaged or shut down for geopolitical purposes. And so it is unlikely that attacks are going to slow down during 2020, says Stefan van de Giessen, general manager for cybersecurity at value-added distributor Networks Unlimited Africa.
“No industry or organisation is immune from attack, with top targets during 2019 including governments, the financial services industry, manufacturers, retailers and consumer goods, and infrastructure providers,” he says. “Based on this, we advise implementing a next-generation security solution that should include various, complementary products. It’s good practice to start securing the edge of the networks, thereafter moving to business critical services and solutions, and then covering other attack vectors such as internal segmentation.
“We recommend adopting a phased approach in order to develop a layered security posture – this assists with controlling costs as well as the complexity of management involved. So once the baseline has been established, IT security can then look at how to protect against unknown threats, enable the encryption of your data, and deploy decoys in your network to lure away hackers.”
According to Van de Giessen, important security issues to consider for 2020 include end point security, network visibility, deception-based technology, the rise of the managed service provider, the convergence of the IT/OT space, the local IT skills shortage, and the issue of compliance with regulation.
He broke down each issue:
End point security: Investing in a next-gen firewall (NGFW) and antivirus (NGAV) technology with endpoint detection and response (EDR) capabilities, as well as a secure e-mail solution, is critical in securing against the most prevalent attacks.
Better network visibility: This allows you to more closely monitor network traffic for malicious behaviour and potential threats. For example, you can better detect when someone gains unauthorised access to the network, thereby allowing security measures to respond quickly. The use of user and entity behavioural analytics (UBEA), software that analyses user activity data from logs, network traffic and endpoints, and correlates this data with threat intelligence, allows you to identify activities or behaviours that are likely to indicate a malicious presence in your environment.
Deception-based technology: Deception-based technology works hand-in-glove with better network visibility: The solution creates a decoy setting that simulates the actual environment by deploying a decoy virtual machine (VM) into the existing network, with attractive decoys, credential lures, ransomware bait and data deceptions. This allows early and accurate detection to track lateral movement and credential theft.
The rise of the managed service security provider (MSSP): The move to MSSPs is a growing trend, allowing IT security teams to outsource the management of certain aspects of security and to solve issues such as a lack of skills or resources. He offers this warning, however: “From a compliance point of view, it is still the organisation’s responsibility to know which products are being used to protect its data – using the services of an MSSP doesn’t relieve an organisation of responsibility for its own data.”
The convergence of the IT/OT space: The convergence of the information technology and operational technology (IT/OT) space has become a new challenge globally in recent years. “Hackers have started targeting the OT network, which previously was not necessarily linked to an IT network, to bring down critical infrastructure and manufacturing plants, for example.
“The rise in the Industrial Internet of Things (IIoT) has not necessarily come with adequate and/or appropriate cybersecurity. The IIoT allows tools and machinery of all types to be connected to the internet, bringing major benefits such as better monitoring and increased visibility, but also risks to the business that, by and large, simply did not exist a decade or so ago. A recent study by the IBM Institute for Business Value (IBM IBV) showed that industrial companies are not doing enough to protect their plants from being hacked.”
The IT brain drain in South Africa: “While there are many new products available to us, we are losing too many skilled IT people who are leaving our shores. According to a report in mid-2019, based on a survey of 110 companies, including JSE-listed organisations as well as large multinational groups operating in Africa, information and communications technology specialists and engineers remain the most difficult to recruit. In security, there are three vectors that are important in security, namely time, product and skills, and skills are severely lacking in our markets across Africa.”
Compliance with regulation: “South Africa is behind the curve with data regulation compliance when we compare ourselves to the European Union’s General Data Protection Regulation (GDPR), which has already been in force for over a year, as well as compliance legislation in other SADEC countries and also West Africa.
“South Africa’s Personal Protection of Information Act (POPIA), which is similar to the EU’s GDPR, has not yet been implemented, and it was signed into law in November 2013. POPIA will enable businesses to regulate how information is organised, stored, secured and discarded. The Act aims to protect consumers from having their money and identity stolen as well as keep their private information private. The time delay in implementing POPIA is not helpful for businesses and for our IT systems, which will eventually need to be compliant.”
He says that, considering all of these factors, it becomes clear that security is not a single-product solution.
“Customers need a multi-product approach so that they can defend themselves both proactively and reactively. Today’s security teams must acknowledge the threats posed by all attack vectors, and work proactively on preventing them.”
IoT sensors are anything from doctor to canary in mines
Industrial IoT is changing the shape of the mining industry and the intelligence of the devices that drive it
The Internet of Things (IoT) has become many things in the mining industry. A canary that uses sensors to monitor underground air quality, a medic that monitors healthcare, a security guard that’s constantly on guard, and underground mobile vehicle control. It has evolved from the simple connectivity of essential sensors to devices into an ecosystem of indispensable tools and solutions that redefine how mining manages people, productivity and compliance. According to Karien Bornheim, CEO of Footprint Africa Business Solutions (FABS), IoT offers an integrated business solution that can deliver long-term, strategic benefits to the mining industry.
“To fully harness the business potential of IoT, the mining sector has to understand precisely how it can add value,” she adds. “IoT needs to be implemented across the entire value chain in order to deliver fully optimised, relevant and turnkey operational solutions. It doesn’t matter how large the project is, or how complex, what matters is that it is done in line with business strategy and with a clear focus.”
Over the past few years, mining organisations have deployed emerging technologies to help bolster flagging profits, manage increasingly weighty compliance requirements, and reduce overheads. These technologies are finding a foothold in an industry that faces far more complexities around employee wellbeing and safety than many others, and that juggles numerous moving parts to achieve output and performance on a par with competitive standards. Already, these technologies have allowed mines to fundamentally change worker safety protocols and improve working conditions. They have also provided mining companies with the ability to embed solutions into legacy platforms, allowing for sensors and IoT to pull them into a connected net that delivers results.
“The key to achieving results with any IoT or technology project is to partner with service providers, not just shove solutions into identified gaps,” says Bornheim. “You need to start in the conceptual stage and move through the pre-feasibility and bankable feasibility stages before you start the implementation. Work with trained and qualified chemical, metallurgical, mechanical, electrical, instrumentation and structural engineers that form a team led by a qualified engineering lead with experience in project management. This is the only way to ensure that every aspect of the project is aligned with the industry and its highly demanding specifications.”
Mining not only has complexities in compliance and health and safety, but the market has become saturated, difficult and mercurial. For organisations to thrive, they must find new revenue streams and innovate the ways in which they do business. This is where the data delivered by IoT sensors and devices can really transform the bottom line. If translated, analysed and used correctly, the data can provide insights that allow for the executive to make informed decisions about sites, investment and potential.
“The cross-pollination of different data sets from across different sites can help shift dynamics in plant operation and maintenance, in the execution of specific tasks, and so much more,” says Bornheim. “In addition, with sensors and connected devices and systems, mining operations can be managed intelligently to ensure the best results from equipment and people.”
The connection of the physical world to the digital is not new. Many of the applications currently being used or presented to the mining industry are not new either. What’s new is how these solutions are being implemented and the ways in which they are defined. It’s more than sticking on sensors. It’s using these sensors to streamline business across buildings, roads, vehicles, equipment, and sites. These sensors and the ways in which they are used or where they are installed can be customised to suit specific business requirements.
“With qualified electronic engineers and software experts, you can design a vast array of solutions to meet the real needs of your business,” says Bornheim. “Our engineers can programme, create, migrate and integrate embedded IoT solutions for microcontrollers, sensors, and processors. They can also develop intuitive dashboards and human-machine interfaces for IoT and machine-to-machine (M2M) devices to manage the input and output of a wide range of functionalities.”
The benefits of IoT lie in its ubiquity. It can be used in tandem with artificial intelligence or machine learning systems to enhance analytics, improve the automation of basic processes and monitor systems and equipment for faults. It can be used alongside M2M applications to enhance the results and the outcomes of the systems and their roles. And it can be used to improve collaboration and communication between man, machine and mine.
“You can use IoT platforms to visualise mission-critical data for device monitoring, remote control, alerts, security management, health and safety and healthcare,” concludes Bornheim. “The sky is genuinely the limit, especially now that the cost of sensors has come down and the intelligence of solutions and applications has gone up. From real-time insights to hands-on security and safety alerts to data that changes business direction and focus, IoT brings a myriad of benefits to the table.”
Oracle leads in clash of
Three e-commerce platforms have been awarded “gold medals” for leading the way in customer experience. SoftwareReviews, a division of Info-Tech Research Group, named Oracle Commerce Cloud the leader in its 2020 eCommerce Data Quadrant Awards, followed by Shopify Plus and IBM Digital Commerce. The awards are based on user reviews.
The three vendors received the following citations:
- Oracle Commerce Cloud ranked highest among software users, earning the number-one spot in many of the product feature section areas, shining brightest in reporting and analytics, predictive recommendations, order management, and integrated search.
- Shopify Plus performed consistently well according to users, taking the number-one spot for catalogue management, shopping cart management and ease of customisation.
- IBM Digital Commerce did exceptionally well in business value created, quality of features, and vendor support.
The SoftwareReviews Data Quadrant differentiates itself with insightful survey questions, backed by 22 years of research in IT. The study involves gathering intelligence on user satisfaction with both product features and experience with the vendor. When distilled, the customer’s experience is shaped by both the software interface and relationship with the vendor. Evaluating enterprise software along these two dimensions provides a comprehensive understanding of the product in its entirety and helps identify vendors that can deliver on both for the complete software experience.
“Our recent Data Quadrant in e-commerce solutions provides a compelling snapshot of the most popular enterprise-ready players, and can help you make an informed, data-driven selection of an e-commerce platform that will exceed your expectations,” says Ben Dickie, research director at Info-Tech Research Group.
“Having a dedicated e-commerce platform is where the rubber hits the road in transacting with your customers through digital channels. These platforms provide an indispensable array of features, from product catalog and cart management to payment processing to detailed transaction analytics.”