Connect with us

Featured

How SA business can get cyber-ready

Published

on

Digital technology continues to transform the world of business by exposing organisations to a multitude of opportunities and threats. It is, therefore, not surprising that cybercrime continues to escalate rapidly, says GRAHAM CROOCK, Director of IT Audit, Risk and Cyber Lab at BDO South Africa.

Ranking as the second-most reported crime in South Africa. Corporate breaches in the headlines are turning hackers into the new super rogues, as these dedicated, organised, and well-financed cyber criminals bombard organisations through alternating attack tools and paths.

This trend has established cybercrime as a growing industry, which has accelerated in the last five years complete with automated tools, customer support, and guarantees for product effectiveness. The commoditisation of new attacks and automated tools has culminated in even the most amateur hacker being able to effectively deliver professional-level threats into a targeted organisation.

Complexity is the major cause of today’s cybersecurity problem, owing to extreme intricacy and solutions being costly. Data is extremely multifaceted, extensive and difficult to manage in a timeous way. This begs the question: How to manage the involvedness at a reasonable cost?

A common but often mis-understood and over relied on solution is the implementation of firewalls. However, the major pitfalls of this so-called “trusted” solution is that firewall configuration is often not aligned with changing cybersecurity policies. In short, the rate of change with regard to cyber-related risk is accelerating rapidly, increasing the security gaps organisations contend with, and leaving them more exposed than ever before.

Keeping pace with new attack techniques, and effectively defending against advanced threats, is perhaps the biggest challenge facing security teams today in a world of cyber threats. Therefore, architecting a cybersecurity solution that dynamically adapts to ongoing change is crucial. This, however, is expensive and for many organisations, unaffordable.

Consideration must be given to the underlying key themes affecting the management of cybersecurity in South Africa today, these include the following:

  • Monetisation of malware (Ransomware),
  • Imposition of collateral damage,
  • Changes in attackers’ mindsets to shift their efforts to the direct attack of applications,
  • Political pressure attempting to de-couple privacy and security attempts, and
  • Implementation of faster and wider reaching infrastructure, which is not supported by skilled security experts due to the current “brain drain” associated with unprecedented levels of immigration of trained and skilled engineers and technicians who chase “real money” as opposed to the weakening Rand.

It’s no wonder that cyber security professionals keep asking: “What can we do to protect ourselves and our customers from these new found criminals ?”

As a security professional in today’s business space, we need to enable a productive work environment while providing all of the controls needed to protect the integrity and ownership of the  organisation’s data as well as that of the business’s clients or customers.

To achieve appropriate levels of security is not quick nor easy, but rather complex and extremely specialised, thus requiring extensive planning, design and architecture. Therefore, the precautions that businesses who wish to survive and achieve true cyber readiness will have to take incorporate include:

 

·         Treat security breaches as “when” and not “if” situations

·         Invest meaningfully in people processes and technology

·         Put cyber, network security and survival in the business context

·         Stop deployment of and reliance on “end point fix solutions”

·         Practice resilience scenarios and Business Continuity Plans (BCP)

·         Understand the attack lifecycle and plan accordingly

·         Ensure that you have an active education programme in place to ensure your staff understand the threats and are trained to react appropriately to an attack

It takes time and substantial management, as well as executive involvement, to strengthen your company’s defenses against cybersecurity risks. The ten most important cyber risks companies should be considering are:

  1. Failure to identify cyber risks and implement basic cybersecurity controls
  2. Failure by executives to identify and understand what generates corporate cybersecurity risks
  3. Lack of a cybersecurity policy
  4. Confusing compliance with cybersecurity
  5. Failure to recognise the importance of social engineering and the risks associated with the  human factor
  6. Bring your own device policy (BYOD) and the cloud
  7. Lack of adequate funding, talent, training and implementation of inappropriate resources
  8. Insufficient information security training
  9. Lack of a business continuity and data recovery plan
  10. Failure to identify, accept and understand the rate at which cyber risks are evolving (polymorphic risk)

 

A few years ago, the concept of cyberattacks in the context of constantly moving targets was considered impossible, but now, the future is here and this is, for all businesses the new reality.

Effective governance and management are two critical elements for implementing effective cybersecurity. In moving to your next cybersecurity solution, a key goal must be to simplify security management wherever possible. Survival will be achieved through cyber-readiness!

Cyber criminals constantly innovate their threat tactics to breach organisations and make off with valuable data. As cybercrime evolves, we see increased innovation in the hacking tools and techniques used to evade known security mechanisms.

In the past few years, we have consistently noticed more advanced and targeted attacks where hackers spend ample time investigating their targets and tailoring their attack methodology. The attacks are becoming more sophisticated and are comprising multiple layers and techniques, each outsourced to specialty groups, ensuring zero-day effects.

Hackers are achieving this by making sure nothing remains constant. Each stage of the attack changes by leveraging morphing techniques, such as dynamic DNS, fresh URLs for command and control (CnC), self-destruct tools, and more. These tools are available on the Web and are easy to access as “freeware”. Yesterday’s zero-day code has already been developed, packaged and is available to cyber criminals for use in secondary campaigns.

It is crucial to understand the economies of hacking and to accept that these attackers recycle many of the same attack components. In fact, as many as 90% of these so-called “new” attacks can be prevented simply by appropriately using existing security technologies as part of an end-to-end cybersecurity plan.

Attackers typically use the most proven forms of attacks because they work, knowing that organisations are often several steps behind in patching up their systems and updating their defenses against the latest attack methods.

Boards need to have appropriate composition with cyber ready professionals, capable of demanding and positioning oversight for effective cyber readiness. It takes time and involvement to strengthen your company’s defenses against cyber security risks, but this process can help your organisation maintain shareholder value and even achieve new performance peaks.

Featured

AppDate: DStv jumps on music bandwagon

In this week’s AppDate, SEAN BACHER highlights DStv’s JOOX, Cisco’s Security Connector, Diski Skills, Namola and Exhibid.

Published

on

DStv JOOX

DStv is now offering JOOX, a music streaming service owned by China’s Tencent, to DStv Premium, Compact Plus and Compact customers.

In addition to streaming local and international artists, JOOX allows one to switch to karaoke mode and learn the lyrics as well as create and share playlists. Users can add up to four friends or family to the service free of charge.

DStv Family, Access and EasyView customers can also log in to the free JOOX service directly through JOOX App, but will be unable to add additional friends and won’t be able to listen to add-free music.

Platform: Access the JOOX service directly from the services menu on DStv or download the JOOX app for an iOS or Android phone.

Expect to pay: A free download.

Stockists: Visit the store linked to your device.

 

Cisco Security Connector

With all the malware, viruses and trojans doing the rounds, it is difficult for users and enterprises to ensure that they don’t become targets. Cisco, in collaboration with Apple, has brought out its Cisco Security Connector to protect users. The app is designed to give enterprises and users overall visibility and control over their network activity on iOS devices. It does this by ensuring compliance of mobile users and their enterprise-owned iOS devices during incident investigations, by identifying what happened, who it affected, and the risk of the exposure. It also protects iPhone and iPad users from accessing malicious sites on the Internet, whether on the corporate network, public Wi-Fi, or cellular networks. In turn, it prevents any viruses from entering a company’s network.

Platform: iPhones and iPads running iOS 11.3 or later

Expect to pay: A free download

Stockists: Visit the Apple App Store for downloading instructions.

 

Diski Skills

The Goethe-Institut, in co-operation with augmented reality specialists Something Else Design Agency, has created a new card game which celebrates South African freestyle football culture, and brings it alive through augmented reality. Diski Skills is quick card game, set in a South African street football scenario, showing popular tricks such as the Shibobo, Tsamaya or Scara Turn. Each trick is rated in categories of attack, defence and swag – one wins the game by challenging an opponent strategically with the trick at hand. Through augmented reality, the cards come alive. Move a smartphone over a card and watch as the trick appears on the screen in a slow motion video. An educational value is added as players can study the tricks and learn more about the idea behind it.

 

The game will be launched on 27 October 2018 at the Goethe-Institut.

For more information visit: www.goethe.de

 

Namola

With  recent news of kidnappings on the rise, a lot more thought is going into keeping children safe. Would your child know what to do in an emergency? Have you actually asked them?

Namola, supported by Dialdirect Insurance, is a free mobile safety app. Namola’s simple interface makes it an ideal way for children to learn how to get help in an emergency. All they need to do is activate the app and push a button to get help that they need, even when their parents are not around.

Parents need to install the app on their child’s phone, hold down the request assistance button, program emergency numbers that will automatically be dialled when the emergency button is pushed, and teach their children how and when to use the app.

Platform: Android and iOS

Expect to pay: A free download.

Stockists: Visit the store linked to your device.

 

Exhibid

Exhibid could be thought of as Tinder, but for for art lovers. The interface looks very similar to the popular mobile dating app, in that users swipe left for a painting that doesn’t appeal to them, or swipe right for something they like. Once an art piece is liked by swiping right, one can start bidding or make an offer on it. The bid is automatically sent to the artist. Should he or she accept the offer, the buyer makes a payment through the app’s secure payment gateway and the two are put in contact to make arrangements for delivery.

Platform: Android and iOS

Expect to pay: A free download.

Stockists: Visit the store linked to your device.

Continue Reading

Featured

New kind of business school

At a recent meeting, ALLON RAIZ, founder and CEO of Raizcorp, realised that in order for today’s youth to become entrepreneurs, teachers, the curriculum and the parents need continually expose them to entrepreneurial thinking from a young age.

Published

on

Several years ago, I found myself in a meeting with my business partner and two of my staff members. In front of us was a client who was sharing some of the frustrations in his business. At the end of the meeting, my partner and I were extremely excited about the prospect of two massive opportunities we had both independently identified while listening to the client. My two staff members, on the other hand, completely missed them. This led me to wonder what it was in my own and my partner’s backgrounds that allowed us to so easily spot opportunities while my two staff members remained oblivious … I realised that the difference was that my partner and I both had an early exposure to entrepreneurship while they didn’t.

Not long afterwards, I was delivering a lecture about how Raizcorp grows and develops small businesses at Oxford University’s Said Business School in my role as their Entrepreneur-in-Residence. I mentioned the above incident and spoke about my intention of going into children’s education with a view to providing an entrepreneurial perspective.

One of the professors in attendance asked me if I’d ever heard of a piece of research by Henrich R Greve called Who wants to be an entrepreneur? The deviant roots of entrepreneurship. It’s a pretty unfortunate title but a fascinating piece of research nonetheless. It highlights how certain contexts in childhood result in a much a higher probability of becoming an entrepreneur. For example, kids who participate in solo sports such as tennis or athletics are more likely to become entrepreneurs than children who play team sports like soccer and cricket. Conversely, your mother’s participation in the parent-teacher association has a negative correlation to you becoming an entrepreneur. I spent the rest of the afternoon in the professor’s office discussing other research papers that unequivocally proved that context during your childhood has a massive influence on whether or not you will follow the entrepreneurial route.

Another member of the lecture audience was a double-PhD from the USA who was completing her MBA at Oxford. After the lecture, she approached me and volunteered to help build a framework to incorporate entrepreneurship in the school curriculum without interfering with the formal requirements of the CAPS curriculum.

She spent nine months in South Africa working with me to build out a practical framework. The next phase of the plan was to find the right school at which to embark upon this journey. In December 2015, Raizcorp purchased Radley Private School and we began our entrepreneurial education adventure in earnest in 2016.

At the centre of the Radley philosophy is that the school (the physical building), the teachers, the curriculum and the parents are the “marinade” in which the kids need to soak in order to be continuously exposed to entrepreneurial thinking from a young age. The aim was that if, in future, the kids found themselves sitting in a boardroom with me and my partner, they too would be able to identify the opportunities that we did.

A big shift this year has been the launch of our Entrepreneurial Educator Guide (EEG) programme where we have been training our Radley teachers (whom we call guides) to understand entrepreneurship, business language, business concepts, financial documents and the like. (The EEG training makes use of Raizcorp’s internationally accredited entrepreneurial learning and guiding methodologies.) We have also employed a full-time staff member to ensure that these concepts are imbedded into all lesson plans and classroom activities.

Through my network at Raizcorp, I have been pleasantly surprised by the massive support we’re receiving from prominent entrepreneurs and businesses who want to participate in our Radley Exposure programme, where we take our kids of all ages on visits to different types of businesses so they can understand the difference between retail, wholesale, manufacturing, logistics and so on. Prominent businesspeople have put up their hands to come to the school and tell their stories of hard work, resilience and perseverance. This ties in beautifully with the 17 entrepreneurial concepts that we are instilling into our Radley learners (such as opposite eyes, lateral thinking and opposable mind), while never compromising on our quality academic offering.

As parents, we’ve all heard the terrible statistics about the probability of our kids finding jobs in the future. At Radley, we’re working hard to ensure that our kids have a legitimate and lucrative alternative to finding traditional employment and that is to become an entrepreneur. Radley is all about producing job creators and not job seekers!

To enrol your child or find out more about the school, please visit www.radley.co.za.

Continue Reading

Trending

Copyright © 2018 World Wide Worx