Digital technology continues to transform the world of business by exposing organisations to a multitude of opportunities and threats. It is, therefore, not surprising that cybercrime continues to escalate rapidly, says GRAHAM CROOCK, Director of IT Audit, Risk and Cyber Lab at BDO South Africa.
Ranking as the second-most reported crime in South Africa. Corporate breaches in the headlines are turning hackers into the new super rogues, as these dedicated, organised, and well-financed cyber criminals bombard organisations through alternating attack tools and paths.
This trend has established cybercrime as a growing industry, which has accelerated in the last five years complete with automated tools, customer support, and guarantees for product effectiveness. The commoditisation of new attacks and automated tools has culminated in even the most amateur hacker being able to effectively deliver professional-level threats into a targeted organisation.
Complexity is the major cause of today’s cybersecurity problem, owing to extreme intricacy and solutions being costly. Data is extremely multifaceted, extensive and difficult to manage in a timeous way. This begs the question: How to manage the involvedness at a reasonable cost?
A common but often mis-understood and over relied on solution is the implementation of firewalls. However, the major pitfalls of this so-called “trusted” solution is that firewall configuration is often not aligned with changing cybersecurity policies. In short, the rate of change with regard to cyber-related risk is accelerating rapidly, increasing the security gaps organisations contend with, and leaving them more exposed than ever before.
Keeping pace with new attack techniques, and effectively defending against advanced threats, is perhaps the biggest challenge facing security teams today in a world of cyber threats. Therefore, architecting a cybersecurity solution that dynamically adapts to ongoing change is crucial. This, however, is expensive and for many organisations, unaffordable.
Consideration must be given to the underlying key themes affecting the management of cybersecurity in South Africa today, these include the following:
- Monetisation of malware (Ransomware),
- Imposition of collateral damage,
- Changes in attackers’ mindsets to shift their efforts to the direct attack of applications,
- Political pressure attempting to de-couple privacy and security attempts, and
- Implementation of faster and wider reaching infrastructure, which is not supported by skilled security experts due to the current “brain drain” associated with unprecedented levels of immigration of trained and skilled engineers and technicians who chase “real money” as opposed to the weakening Rand.
It’s no wonder that cyber security professionals keep asking: “What can we do to protect ourselves and our customers from these new found criminals ?”
As a security professional in today’s business space, we need to enable a productive work environment while providing all of the controls needed to protect the integrity and ownership of the organisation’s data as well as that of the business’s clients or customers.
To achieve appropriate levels of security is not quick nor easy, but rather complex and extremely specialised, thus requiring extensive planning, design and architecture. Therefore, the precautions that businesses who wish to survive and achieve true cyber readiness will have to take incorporate include:
· Treat security breaches as “when” and not “if” situations
· Invest meaningfully in people processes and technology
· Put cyber, network security and survival in the business context
· Stop deployment of and reliance on “end point fix solutions”
· Practice resilience scenarios and Business Continuity Plans (BCP)
· Understand the attack lifecycle and plan accordingly
· Ensure that you have an active education programme in place to ensure your staff understand the threats and are trained to react appropriately to an attack
It takes time and substantial management, as well as executive involvement, to strengthen your company’s defenses against cybersecurity risks. The ten most important cyber risks companies should be considering are:
- Failure to identify cyber risks and implement basic cybersecurity controls
- Failure by executives to identify and understand what generates corporate cybersecurity risks
- Lack of a cybersecurity policy
- Confusing compliance with cybersecurity
- Failure to recognise the importance of social engineering and the risks associated with the human factor
- Bring your own device policy (BYOD) and the cloud
- Lack of adequate funding, talent, training and implementation of inappropriate resources
- Insufficient information security training
- Lack of a business continuity and data recovery plan
- Failure to identify, accept and understand the rate at which cyber risks are evolving (polymorphic risk)
A few years ago, the concept of cyberattacks in the context of constantly moving targets was considered impossible, but now, the future is here and this is, for all businesses the new reality.
Effective governance and management are two critical elements for implementing effective cybersecurity. In moving to your next cybersecurity solution, a key goal must be to simplify security management wherever possible. Survival will be achieved through cyber-readiness!
Cyber criminals constantly innovate their threat tactics to breach organisations and make off with valuable data. As cybercrime evolves, we see increased innovation in the hacking tools and techniques used to evade known security mechanisms.
In the past few years, we have consistently noticed more advanced and targeted attacks where hackers spend ample time investigating their targets and tailoring their attack methodology. The attacks are becoming more sophisticated and are comprising multiple layers and techniques, each outsourced to specialty groups, ensuring zero-day effects.
Hackers are achieving this by making sure nothing remains constant. Each stage of the attack changes by leveraging morphing techniques, such as dynamic DNS, fresh URLs for command and control (CnC), self-destruct tools, and more. These tools are available on the Web and are easy to access as “freeware”. Yesterday’s zero-day code has already been developed, packaged and is available to cyber criminals for use in secondary campaigns.
It is crucial to understand the economies of hacking and to accept that these attackers recycle many of the same attack components. In fact, as many as 90% of these so-called “new” attacks can be prevented simply by appropriately using existing security technologies as part of an end-to-end cybersecurity plan.
Attackers typically use the most proven forms of attacks because they work, knowing that organisations are often several steps behind in patching up their systems and updating their defenses against the latest attack methods.
Boards need to have appropriate composition with cyber ready professionals, capable of demanding and positioning oversight for effective cyber readiness. It takes time and involvement to strengthen your company’s defenses against cyber security risks, but this process can help your organisation maintain shareholder value and even achieve new performance peaks.
CES: So long, and thanks for all the beer!
Last week, the Las Vegas expo showed off its fun side with state-of-the-art technologies for enjoying beer, writes BRYAN TURNER
From craft beer-making machines to robots that pour beer, CES had more beer than usual in Las Vegas last week. And even free beer if you found the right stand. Stampede’s saloon-style booth offered beer to visitors who tried out its latest drones, virtual reality, and other gaming products. No beer tech, though.
Here are some of the beer technologies that stood out:
LG HomeBrew – Craft beer made at home
LG’s HomeBrew craft beer-making machine, debuted at CES 2019, brings the brewing process home thanks to single-use capsules, a self-cleaning feature, and an algorithm optimised for fermentation.
Like a Nespresso coffee machine, the beer maker uses capsules, which contain malt, yeast, hop oil and flavouring. At the press of a button, LG HomeBrew automates the whole procedure from fermentation and carbonation to ageing. A companion app lets users check HomeBrew’s status at any time during the process, from their handsets.
The beer machine not only offers a simple way to make craft
Designed with discerning beer lovers in mind, HomeBrew allows for in-home production of batches of more than 4 litres of beer in a variety of styles. The following five distinctive, flavoured beers are available now:
- Hoppy American IPA
- Golden American Pale Ale
- Full-bodied English Stout
- Zesty Belgian-style Witbier
- Dry Czech Pilsner
The only catch? It takes about two weeks to make, depending on the beer type.
“LG HomeBrew is the culmination of years of home appliance and water purification technologies that we’ve developed over the decades,” said Dan Song, president of LG Electronics Home Appliance & Air Solutions Company. “Homebrewing has grown at an explosive pace, but there are still many beer lovers who haven’t taken the jump because of the barriers to entry, like complexity, and these are the consumers we think will be attracted to LG HomeBrew.”
Click here to read about the party speaker that holds beer and robots that pour beer.
CES: Alienware gets Legend-ary
At CES in Las Vegas last week, Dell’s Alienware released a family of high-end, thin, light, and affordable machines for both amateur and professional gamers – and a new identity.
Alienware marked CES 2019 as a brand milestone with the debut of a new design identity, Alienware Legend. It aims to set a new bar of excellence for what gamers want most – performance and function. Alienware says it evaluated multiple concepts and chose one that was the biggest and boldest departure from its current look.
Alienware Legend, says the company, stays true to the brand’s core design tenets, taking cues from its deep roots in sci-fi culture and its early industrial designs, to distinguish the brand from the rest of the industry. The new Legend design is optimised with cutting-edge thermal cooling technology to achieve and sustain overclocking power, improved AlienFX lighting, and ultra-thin screen borders. It also unveiled a new “three-knuckle hinge” design that reduces the overall dimension while creating a stronger assembly, all combining to yield a better gaming experience.
“We’re excited to come to this year’s CES with some truly groundbreaking products, next-gen software and strategic partnerships that will bring more people to experience PC gaming and advance the industry,” said Frank Azor, vice president and general manager of Alienware. “The legend design answers the call for more and better from our gaming community, and the new G Series laptops will make PC gaming even more accessible to those looking for high-performance gaming at a cost they can appreciate.”
Click here to read about Alienware Legend in action with the Area-51m and m-series laptops