Digital technology continues to transform the world of business by exposing organisations to a multitude of opportunities and threats. It is, therefore, not surprising that cybercrime continues to escalate rapidly, says GRAHAM CROOCK, Director of IT Audit, Risk and Cyber Lab at BDO South Africa.
Ranking as the second-most reported crime in South Africa. Corporate breaches in the headlines are turning hackers into the new super rogues, as these dedicated, organised, and well-financed cyber criminals bombard organisations through alternating attack tools and paths.
This trend has established cybercrime as a growing industry, which has accelerated in the last five years complete with automated tools, customer support, and guarantees for product effectiveness. The commoditisation of new attacks and automated tools has culminated in even the most amateur hacker being able to effectively deliver professional-level threats into a targeted organisation.
Complexity is the major cause of today’s cybersecurity problem, owing to extreme intricacy and solutions being costly. Data is extremely multifaceted, extensive and difficult to manage in a timeous way. This begs the question: How to manage the involvedness at a reasonable cost?
A common but often mis-understood and over relied on solution is the implementation of firewalls. However, the major pitfalls of this so-called “trusted” solution is that firewall configuration is often not aligned with changing cybersecurity policies. In short, the rate of change with regard to cyber-related risk is accelerating rapidly, increasing the security gaps organisations contend with, and leaving them more exposed than ever before.
Keeping pace with new attack techniques, and effectively defending against advanced threats, is perhaps the biggest challenge facing security teams today in a world of cyber threats. Therefore, architecting a cybersecurity solution that dynamically adapts to ongoing change is crucial. This, however, is expensive and for many organisations, unaffordable.
Consideration must be given to the underlying key themes affecting the management of cybersecurity in South Africa today, these include the following:
- Monetisation of malware (Ransomware),
- Imposition of collateral damage,
- Changes in attackers’ mindsets to shift their efforts to the direct attack of applications,
- Political pressure attempting to de-couple privacy and security attempts, and
- Implementation of faster and wider reaching infrastructure, which is not supported by skilled security experts due to the current “brain drain” associated with unprecedented levels of immigration of trained and skilled engineers and technicians who chase “real money” as opposed to the weakening Rand.
It’s no wonder that cyber security professionals keep asking: “What can we do to protect ourselves and our customers from these new found criminals ?”
As a security professional in today’s business space, we need to enable a productive work environment while providing all of the controls needed to protect the integrity and ownership of the organisation’s data as well as that of the business’s clients or customers.
To achieve appropriate levels of security is not quick nor easy, but rather complex and extremely specialised, thus requiring extensive planning, design and architecture. Therefore, the precautions that businesses who wish to survive and achieve true cyber readiness will have to take incorporate include:
· Treat security breaches as “when” and not “if” situations
· Invest meaningfully in people processes and technology
· Put cyber, network security and survival in the business context
· Stop deployment of and reliance on “end point fix solutions”
· Practice resilience scenarios and Business Continuity Plans (BCP)
· Understand the attack lifecycle and plan accordingly
· Ensure that you have an active education programme in place to ensure your staff understand the threats and are trained to react appropriately to an attack
It takes time and substantial management, as well as executive involvement, to strengthen your company’s defenses against cybersecurity risks. The ten most important cyber risks companies should be considering are:
- Failure to identify cyber risks and implement basic cybersecurity controls
- Failure by executives to identify and understand what generates corporate cybersecurity risks
- Lack of a cybersecurity policy
- Confusing compliance with cybersecurity
- Failure to recognise the importance of social engineering and the risks associated with the human factor
- Bring your own device policy (BYOD) and the cloud
- Lack of adequate funding, talent, training and implementation of inappropriate resources
- Insufficient information security training
- Lack of a business continuity and data recovery plan
- Failure to identify, accept and understand the rate at which cyber risks are evolving (polymorphic risk)
A few years ago, the concept of cyberattacks in the context of constantly moving targets was considered impossible, but now, the future is here and this is, for all businesses the new reality.
Effective governance and management are two critical elements for implementing effective cybersecurity. In moving to your next cybersecurity solution, a key goal must be to simplify security management wherever possible. Survival will be achieved through cyber-readiness!
Cyber criminals constantly innovate their threat tactics to breach organisations and make off with valuable data. As cybercrime evolves, we see increased innovation in the hacking tools and techniques used to evade known security mechanisms.
In the past few years, we have consistently noticed more advanced and targeted attacks where hackers spend ample time investigating their targets and tailoring their attack methodology. The attacks are becoming more sophisticated and are comprising multiple layers and techniques, each outsourced to specialty groups, ensuring zero-day effects.
Hackers are achieving this by making sure nothing remains constant. Each stage of the attack changes by leveraging morphing techniques, such as dynamic DNS, fresh URLs for command and control (CnC), self-destruct tools, and more. These tools are available on the Web and are easy to access as “freeware”. Yesterday’s zero-day code has already been developed, packaged and is available to cyber criminals for use in secondary campaigns.
It is crucial to understand the economies of hacking and to accept that these attackers recycle many of the same attack components. In fact, as many as 90% of these so-called “new” attacks can be prevented simply by appropriately using existing security technologies as part of an end-to-end cybersecurity plan.
Attackers typically use the most proven forms of attacks because they work, knowing that organisations are often several steps behind in patching up their systems and updating their defenses against the latest attack methods.
Boards need to have appropriate composition with cyber ready professionals, capable of demanding and positioning oversight for effective cyber readiness. It takes time and involvement to strengthen your company’s defenses against cyber security risks, but this process can help your organisation maintain shareholder value and even achieve new performance peaks.
Rain, Telkom Mobile, lead in affordable data
A new report by the telecoms regulator in South Africa reveal the true consumer champions in mobile data costs
The latest bi-annual tariff analysis report produced by the Independent Communications Authority of South Africa (ICASA) reveals that Telkom Mobile data costs for bundles are two-thirds lower than those of Vodacom and MTN. On the other hand, Rain is half the price again of Telkom.
The report focuses on the 163 tariff notifications lodged with ICASA during the period 1 July 2018 to 31 December 2018.
“It seeks to ensure that there is retail price transparency within the electronic communications sector, the purpose of which is to enable consumers to make an informed choice, in terms of tariff plan preferences and/or preferred service providers based on their different offerings,” said Icasa.
ICASA says it observed the competitiveness between licensees in terms of the number of promotions that were on offer in the market, with 31 promotions launched during the period.
The report shows that MTN and Vodacom charge the same prices for a 1GB and a 3GB data bundle at R149 and R299 respectively. On the other hand, Telkom Mobile charges (for similar-sized data bundles) R100 (1GB) and R201 (3GB). Cell C discontinued its 1GB bundle, which was replaced with a 1.5GB bundle offered at the same price as the replaced 1GB data bundle at R149.
Rain’s “One Plan Package” prepaid mobile data offering of R50 for a 1GB bundle remains the most affordable when compared to the offers from other MNOs (Mobile Network Operators) and MVNOs (Mobile Virtual Network Operators).
“This development should have a positive impact on customers’ pockets as they are paying less compared to similar data bundles and increases choice,” said Icasa.
The report also revealed that the cost of out-of-bundle data had halved at both MTN and Vodacom, from 99c per Megabyte a year ago to 49c per Megabyte in the first quarter of this year. This was still two thirds more expensive than Telkom Mobile, which has charged 29c per Megabyte throughout this period (see graph below).
Meanwhile, from having positioned itself as consumer champion in recent years, Cell C has fallen on hard times, image-wise: it is by far the most expensive mobile network for out-of-bundle data, at R1.10 per Megabyte. Its prices have not budged in the past year.
The report highlights the disparities between the haves and have-nots in the dramatically plummeting cost of data per Megabyte as one buys bigger and bigger bundles on a 30-day basis (see graph below).
For 20 Gigabyte bundles, all mobile operators are in effect charging 4c per Megabyte. Only at that level do costs come in at under Rain’s standard tariffs regardless of use.
Qualcomm wins 5G as Apple and Intel cave in
A flurry of announcements from three major tech players ushered in a new mobile chip landscape, wrItes ARTHUR GOLDSTUCK
Last week’s shock announcement by Intel that it was canning its 5G modem business leaves the American market wide open to Qualcomm, in the wake of the latter winning a bruising patent war with Apple.
Intel Corporation announced its intention to “exit the 5G smartphone modem business and complete an assessment of the opportunities for 4G and 5G modems in PCs, internet of things devices and other data-centric devices”.
Intel said it would also continue to invest in its 5G network infrastructure business, sharpening its focus on a market expected to be dominated by Huawei, Nokia and Ericsson.
Intel said it would continue to meet current customer commitments for its existing 4G smartphone modem product line, but did not expect to launch 5G modem products in the smartphone space, including those originally planned for launches in 2020. In other words, it would no longer be supplying chips for iPhones and iPads in competition with Qualcomm.
“We are very excited about the opportunity in 5G and the ‘cloudification’ of the network, but in the smartphone modem business it has become apparent that there is no clear path to profitability and positive returns,” said Intel CEO Bob Swan. “5G continues to be a strategic priority across Intel, and our team has developed a valuable portfolio of wireless products and intellectual property. We are assessing our options to realise the value we have created, including the opportunities in a wide variety of data-centric platforms and devices in a 5G world.”
The news came immediately after Qualcomm and Apple issued a joint announced of an agreement to dismiss all litigation between the two companies worldwide. The settlement includes a payment from Apple to Qualcomm, along with a six-year license agreement, and a multiyear chipset supply agreement.
Apple had previously accused Qualcomm of abusing its dominant position in modem chips for smartphones and charging excessive license fees. It ordered its contract manufacturers, first, to stop paying Qualcomm for the chips, and then to stop using the chips altogether, turning instead to Intel.
With Apple paying up and Intel pulling out, Qualcomm is suddenly in the pound seats. It shares hit their highest levels in five years after the announcements.
Qualcomm said in a statement: “As we lead the world to 5G, we envision this next big change in cellular technology spurring a new era of intelligent, connected devices and enabling new opportunities in connected cars, remote delivery of health care services, and the IoT — including smart cities, smart homes, and wearables. Qualcomm Incorporated includes our licensing business, QTL, and the vast majority of our patent portfolio.”
Meanwhile, Strategy Analytics released a report on the same day that showed Ericsson, Huawei and Nokia will lead the market in core 5G infrastructure, namely Radio Access Network (RAN) equipment, by 2023 as the 5G market takes off. Huawei is expected to have the edge as a result of the vast scale of the early 5G market in China and its long term steady investment in R&D. According to a report entitled “Comparison and 2023 5G Global Market Potential for leading 5G RAN Vendors – Ericsson, Huawei and Nokia”, two outliers, Samsung and ZTE, are expected to expand their global presence alongside emerging vendors as competition heats up.