For one day a year (23rd November this year), retailers take advantage of consumers’ appetite to spend by offering “loss leader” deals, which they advertise broadly on email and social media. The purpose of these offers is to entice shoppers to retailers’ sites and stores and convince them to buy more than the too-good-to-be-true TV for R500. And cybercriminals know and take advantage of this.
There’s good news and bad news for Black Friday shoppers this year. The bad news is that cybercriminals are using new tactics that make it harder to spot fake deals. The good news is that with robust cybersecurity awareness training, an understanding of the new attack methods and sophisticated email security systems, consumers can protect their money and personal information, and businesses can better protect their sensitive data and systems.
Old dogs, new tricks
Black Friday is like Christmas for hackers. While you’re shopping for bargains, they’re shopping for your credentials, which they use to log into your Internet banking and other online accounts to steal your money. If cybercriminals have your login details, they can access your profile even on sites implementing good security practices. Criminals are hitting various online services with credentials in the hopes of a password and username being accepted as legitimate.
Black Friday grows every year in South Africa. Last year, sales increased by 2571% over 2016 as more retailers jumped on the bandwagon. This year will be even bigger, which means gullible and uninformed consumers – many of whom work for enterprises – are ripe for the picking. And chances are they aren’t aware of the new tactics being used against them.
Forget everything you know about cyber security
Ok, maybe not everything. But a lot of what we know about cybersecurity, and the tips and tricks that protected us in the past, no longer apply to some phishing attacks.
As we’ve already learnt, we’re often told to be suspicious of ridiculously cheap deals, but on Black Friday, ridiculously cheap is expected, so we’re not likely to question R500 TVs.
Another thing we’re told is to look for the green or black padlock on a website, or for the all-important ‘s’ in ‘https’ of the site’s URL. But we can’t even trust this anymore. That’s because cybercriminals can create or buy a real security certificate for their fake website in minutes. One site issued over 14,000 SSL certificates to “PayPal” sites – 99% of these were used for phishing fraud. So, while a fake website looks secure, it really isn’t.
So, what security advice is still valid?
- Look out for spelling errors in emails. While the days of phishing emails with dozens of grammatical errors are gone, many cybercriminals still deliberately include a few to filter out smart people and target those who are not paying attention
- Don’t click on links within emails. Enter the site’s address directly into your browser. If you can’t find the deal that was advertised in the email, warning bells should be ringing.
- Check the sender’s address. Takealot won’t send you an email from a Gmail account, they will use their domain.
- Be password smart. Don’t re-use passwords across multiple services
- Use two-factor authentication (2FA) wherever possible: This makes it harder (but not impossible) for criminals to use your username and password against you if your credentials have previously been stolen.
New and evolving attack methods
Cybercriminals increasingly use various forms of domain similarity– when they subtly change characters and words in URLs and email addresses to match a trusted organisation. These types of attacks often bypass certain email security systems because the sites and email senders aren’t known to be malicious.
To create lookalike domains, attackers often use non-Western character sets to display letters that look identical to the naked eye. Mimecast.com, for example, looks like мімесаѕт.com in Cyrillic. You might think we’re getting fancy with our font. We’re not. Combined with a legitimate certificate, it becomes much harder to spot a fake website.
This creates prime conditions for a successful phishing attacks: nearly half of all South African firms in a recent Vanson Bourne and Mimecast research report saw an increase in targeted spear phishing attacks using malicious links over the past year.
Quick tip: Check the URL carefully. A very long URL might be a sign that the website is fake. However, these are difficult to spot when browsing on a mobile phone, unless you scroll all the way. Rather check on your computer to be sure.
Stay safe in the wild
Consumers and businesses can stay safe this Black Friday.
- Be suspicious by default. Don’t trust any email and go straight to the retailer’s website instead of clicking on links.
- Create a separate email address when signing up for Black Friday alerts. Don’t use your work or personal email.
- Use a separate credit card for online purchases to limit your losses if you are attacked.
- Conduct regular security awareness training to ensure all employees have the awareness to spot potential cyber threats. Human beings are an organisation’s greatest cyber risk and its best defence against cybercrime. During high-risk periods such as Black Friday, unaware users could expose the organisation and their families to unwanted cyber risk. Focus on implementing effective, modern training techniques and create a human firewall around sensitive company data.
The threat landscape has evolved yet again. We can never let our guard down and we have to assume that we’re never completely safe – even if we have robust security systems in place. Apple CEO Tim Cook said recently that cyber resilience is like running on a treadmill. You can’t just stop. If you do, you’ll fall off and will probably get hurt.
Think of Black Friday emails as you would Black Friday crowds outside Checkers. When you’re distracted by the pushing and shoving, you’re not likely to notice the pickpocket until he’s made off with your wallet.
Stay alert. Stay safe. And happy shopping.
How to predict the future
Forecasting the future is about people, not technology, ARTHUR GOLDSTUCK discovers on a visit to the HP Innovation Lab in Barcelona
When HP chief technology officer Shane Wall talks about the world three decades from now, the trends to steers clear of technology. That’s startling, given that he is also global head of HP Labs, the advanced research group within the world’s leading PC and printer manufacturer.
The Labs play host to numerous futuristic technologies, from 3D printing to virtual reality, so one would expect its vision of the future to be all about the gadget. Instead, it’s all about the people who will use the gadgets of the future.
“When we think long term, we try to look 15-20, even 30 years into the future,” he said during the HP Innovation Summit at the HP Innovation Lab outside Barcelona, Spain, last week. “The way we do it is that we don’t start with technology. In HP Labs we invent all manner of incredible things in basic areas like biology, physics, and 3D printing. Those give us an idea, but we’re careful not to extrapolate those into the future, because by extrapolating you miss disruption.
“Instead, we look at people. We’ve done this for a number of years, looking every year at what’s accelerating, what’s gone slower, what’s new. We call these megatrends, that look at humanity rather than technology.
“In 2019 we stood back and took a different look at humanity. Everyone does market segmentation, analysing who the customer is and how they buy things. Instead, we looked at economic segmentation, we looked at where the money is moving in the next 30 years. We conducted numerous interviews with economists.”
The key megatrends identified by HP for the next three decades revolve around rapid urbanisation, changing demographics, hyper-globalisation, and accelerated innovation.
“We’re changing where we live,” said Wall. “People are moving out of rural areas and densifying cities. Cities themselves are getting bigger. In 1991, there were 10 megacities – defined as urban areas with 10-million people or more. By 2013, there were 41, by 2030, there will be over 60. Those cities are changing the very nature of everything we do, from the nature of work to the manner of how we do product development.”
The challenge of how to get goods into cities and waste out of them, he said, will result in a much greater focus on sustainability and energy management.
“That is going to change our go-to-market approach. Currently, we focus on countries as markets. Now we are seeing how important cities are becoming. In Nigeria, you may care about all of humanity, but for sales, you care about Lagos. In China, by 2035 any tier 3 city’s gross domestic product will pass that of the entire country of Sweden.”
The very nature of the population is changing, said Wall. The impact of the post-Word War 2 population boom, resulting in the American concept of “baby boomers”, has now evolved into the “silver spenders”, who are living longer thanks to healthcare advances. They expect technology to address solutions to their toughest problems.
“On the other end of the spectrum, we are seeing a whole new generation, Gen Z, a generation like we’ve never seen, very focused on experiences and values, less focused on purchasing. They are also driving a change in our behaviour as businesses in terms of go-to-market. Understanding them deeply shapes the very nature of the enterprise.”
Wall points out that, because we live in a world that is hyper-connected, we expect things to move at speed of light, while at the same time we expect it to be local. This has given rise to the concept of “glocalisation”.
“It is the expectation that things be both global and local, thanks to connectivity and mobile phones. Startups in emerging markets growing at 20% a year. It will be not only ideas that will move at this speed, but in the near future physical goods will also move at that speed.”
Finally, technology must, by its very nature, play a key role.
“Tech itself is moving faster; it’s not just a perception. It started with Moore’s Law and the doubling of capacity on a transistor every two years. That happened at a systems level, and eventually, it brought artificial intelligence and machine learning into being. The algorithms were invented 10-20-30 years ago, but because of scale we have seen that only now are they becoming usable.”
What does this mean for consumers and businesses? On the one hand, it represents massive opportunity. On the other, even greater challenges.
“Over the next 30 years we will see incredible economic expansion, where the number of haves with the ability to spend on products we sell is going to grow at an incredible rate. The number of have-nots will shrink. But in order to meet that economic growth, we will see a 16% shortage in skilled labour, which means we must drive higher levels of automation to reach that growth.”
A big question is: What can prevent it from happening? The answer is highly relevant to South Africa.
“The challenges lie in basic infrastructure, like roads, buildings, and airports, but one thing at the root of it all is energy. When we look into the future, energy will become the critical piece: how well, how fast, we can build it out to meet those needs. In many economies, it is not being built out in a sustainable way. We need to change the equation.”
One of the solutions lies in 3D printing.
“Products can be designed digitally anywhere, and you can transmit the design on a digital supply chain, perhaps using blockchain and security tech, to cities where they are printed or manufactured on demand using 3D printers. That’s digital manufacturing and it’s already happening in some places today.
“Imagine you go to Amazon, you find a product, you edit it, personalise it, make it yours, and at the push of a button it is printed at a local manufacturing facility and shows up at your door two days later. It’s estimated that we can save 25% of our energy using digital instead of traditional manufacturing. Manufacturing itself takes one-third of energy use the in the world, so it will have a big impact on the world of the future.”
Arthur Goldstuck is founder of World Wide Worx and editor-in-chief of Gadget.co.za. Follow him on Twitter and Instagram on @art2gee
Google launches open-source cloud for enterprises
Vendor lock-in is a thing of the past for Google Cloud users, writes BRYAN TURNER.
A new way for enterprises to use cloud, that prevents lock-in, has been unveiled by Google at its Cloud Next event in San Francisco.
“Cloud Next is held in San Francisco, London, and Tokyo to cater for the various markets,” said Mich Atagana, head of communications for Google Africa. “The event aims to bring together cloud developers to showcase the latest cloud. You can think of it as the Google IO event for executives.”
At a round table, a team of Googlers broke it down for those of us who aren’t cloud developers.
“There’s a lot of technicality in this event, and a lot of the magic could be lost on those who aren’t developers,” said Atagana. “That’s why we’ve assembled our Cloud team to demystify the technicality.”
Shai Morgan, head of Google Cloud Sub Saharan Africa, said: “Cloud Next started four years ago. The first one hosted 3600 attendees, while this year we hosted about 30,000. This shows the way Google moves across the industry and how we address businesses. We’ve seen large growth in our partner ecosystem. It used to be very niche players, and now it’s big players like Accenture and Deloitte using Google Cloud.”
Daniel Acton, regional tech lead for Cloud at Google, said: “We had a new CEO come in [for Google Cloud] and he said it’s all fair and well to talk about the benefits of the cloud, but it’s not always attainable for business.”
This is where Google comes in. It launched new products to assist businesses in customising the cloud, the transition to cloud platforms, and how much must remain on-premise.
First up is Anthos, a management system for hybrid environments.
Acton said: “Anthos addresses the journey to the cloud. Businesses know that this journey doesn’t happen at the snap of the fingers. Executives have to make carefully calculated decisions on how to get there. There’s also lots of friction to get to the cloud, with a big factor being cloud vendor lock-in.”
“One way to move a business to the cloud is through a ‘lift and shift’, which is simply moving all the components of the business off-premise and on the cloud. This isn’t always what a business needs. Anthos deals with “infrastructure modernisation”, which is how we go from what we got to what we need. That’s because not everything should be in the cloud.
“We give businesses that option for hybrid infrastructure. Anthos exists to help customers on their journey to the cloud. We realise this is a multi-cloud environment and provide our customers on-premise, a bridge, and computation on the cloud, for example.”
Morgan expanded on this and said: “It’s a bridge to the cloud and a very well managed bridge at that. For an enterprise customer, it’s complicated to move assets, manage skillsets, all while thinking about lock-in to a cloud vendor. Open source in an enterprise environment prevents lock-in. We work very closely with existing vendors, walking with them in their cloud journey but they can leave at any time.
“Anthos can run on Amazon Web Services (AWS) and Microsoft Azure. That’s the beauty of Open Source, no lock-in. Containerising is a method that’s popular in the cloud developer environment but moving these containers across these environments is not trivial currently. Anthos allows this to happen.”
This brings the second major feature: serverless computing.
Containers and serverless computing go hand-in-hand. Acton explained that containers are like pre-setup computers, where a developer doesn’t have to spend time setting up a virtual environment and can focus on writing code, which ultimately delivers business value. He compared the proliferation of containers to Java, with the “write once, run anyway” phrase.
Serverless computing is split into many levels. At a low level, the Google App Engine allows developers to write code, and it takes care of hosting and handling the load. This is similar to the AWS Lambda service.
The enterprise nature of Google Cloud is not exclusive to large enterprises.
“We address very small businesses as we treat our consumers,” said Morgan “They most likely use Gmail, Drive, Docs, and Calendar because those products are free and very easy to handle. Setting up an enterprise cloud environment is quite complicated.
“If one invests enough time and energy, one can start a business that adds value and has its computing backed by Google Cloud.”