SA to see more organised hacking services in 2018
Lucrative organised hacking services, malware sales, DDOS attacks and the ongoing severe shortage of cyber security professionals are among the trends expected to shape the local IT security industry this year.
This is according to Vikas Kapoor, practice head of cyber security and GRC at IT consulting firm, In2IT Technologies, speaking this week at the "Security in 2018" event organised by Cisco and In2IT.
Sharing his predictions on security in 2018, Kapoor discussed security trends that are going to gain popularity in the near future and threat intelligence systems which organisations will have to adopt in order to combat different types of cyber crimes.
"Lucrative organised hacking services, in the form of custom-written malware will gain more traction this year. Other cyber crime activities that are expected to gain popularity are malware sales, phishing Web sites, distributed denial-of-service activities and hacking services, such as Black Hat training services and advanced persistence attack services, among others.
"We will also see a lot of defensive technologies or honeypot technologies - when companies put certain devices throughout their networks and key assets, and then use them as traps for cyber criminals who are potentially trying to hack into the system. These technologies raise an alert when someone wants to run a scam to gain access. So we will see quite a bit of deception technology implementations in SA."
Speaking about the shortage of cyber security professionals, Kapoor explained that the challenge is especially severe at strategic, tactical and operational levels.
"Key shortage areas of cyber security professionals include leadership application security, incident responders, threat hunters and security administrators etc. In SA, it's difficult to find really good security professionals who have a wealth of experience. We are also seeing governments around the globe encouraging women to take up IT security careers. This will gain traction this year as we see a huge demand for offensive security certified professionals."
According to the Security Capabilities Benchmark Study, organisations that have not yet suffered a
security breach may believe their networks are safe. This confidence is probably misplaced, considering that 49% of the security professionals surveyed said their organisations have had to manage public scrutiny following a security breach.
"Due to various constraints, organisations can only investigate only 56% of the security alerts they receive on a given day. Half of the investigated alerts (28%) are deemed legitimate; less than half (46%) of legitimate alerts are remediated. In addition, 44% of security operations managers receive more than 5000security alerts per day," reveals the report
Charmaine Houvet, public policy and government affairs director: Africa at Cisco discussed cyber security within the public sector. She made reference to a recently released report which focuses on how Asian leaders can capitalise on the threat of cyber security.
"According to the report, at least 1000 of the top Asian companies stand a risk of losing up to US 750 billion in terms of market capitalisation due to cyber crime. The report was quickly grabbed by the leaders of Thailand, Singapore and Malaysia, and they quickly called the Cisco government affairs teams to try and understand what processes they need to start putting in place to minimise the risks of cyber security," continued Houvet.
Professor Klaus Schwab, founder and executive chairman of the World Economic Forum, she continued, once said the fourth industrial revolution is either going to be a time of great promise for many countries or a time of tremendous perils.
"I wondered if SA will adopt the peril or the great promise part. Collaboration and partnerships with government will be very important in the fight against cyber security. If you look at the number of breaches that have taken place within government, it's always been a concern for us. However, when you work inside these government entities you marvel at the amount of security processes that one finds as part of government's internal systems," she explained.
As organisations in SA increasingly embrace digitisation, they will need to take a holistic approach to cyber security that ensures it is elevated to a business-level priority and its importance is instilled throughout the organisational culture," concluded Tinus Janse van Rensburg, regional manager of security at Cisco Africa.