THE WORLD of hi-tech is so focused on the next big thing in
gadgetry, it tends to forget that each new gadget and every new advance comes with
new vulnerabilities.
These go by many names, from malware and spyware to
ignorance and stupidity. The biggest and the smallest of entities fall prey. At
the beginning of 2012, South Africa’s Post Bank lost R42m to hackers using
fairly basic equipment. Yet, that’s a fraction of the losses suffered by
individuals.
According to the 2012/3 South African Cyber Threat Barometer
released recently by Wolfpack Information Risk, a total of R2.65bn has been
stolen in cyber crimes in the past 18 months. A full three-quarters has been
recovered, but that still leaves a loss of R662m.
Clearly, it is no longer enough to install anti-virus
software. As the smartphone market explodes across Africa – 2013 will for the
first time see more smartphones than “ordinary” phones sold in South Africa –
viruses and scams will increasingly target these devices. And being on the
southern tip of the least connected continent won't protect anyone.
“The trends in Africa pretty much follow trends in the rest
of the world, because it’s an online environment. It's about a global scenario
rather than specific threats,” says Riaan Badenhorst, recently appointed Head
of Operations for Kaspersky Lab Africa.
While low internet penetration ironically protects Africa
from much of this onslaught, the shift to mobile threats is beginning.
Android devices in particular are vulnerable, as there is
little filtering of apps released for the operating system. Apps for iOS, the
Apple mobile operating system for the iPad and iPhone, all have to go through a
strict vetting process. Even that won’t fully protect their users.
“Most of what we are seeing is phishing malware, which hunts
for specific information on the devices,” says Badenhorst. “People think
anything on their phone is not accessible, and they tend to lower their guard.”
The warning is underlined by the fact that the company’s
latest product range includes packages entitled Kaspersky Tablet Security and
Kaspersky Mobile Security.
However, it is their flagship product, Kaspersky Internet
Security 2013, that offers a true insight into the range of threats facing
every computer user.
Aside from the usual anti-virus and e-mail protection, it
includes specific safeguards against spam and phishing, provides child security
and parental control options, and something called “secure keyboard”. This protects
the user from hidden software that monitors keystrokes and sends data like
passwords, ID numbers and bank account details to the creators of the malware.
In the coming year, Kaspersky will build on its corporate
offerings, but it is on the personal level where it has made the biggest
difference.
If Kaspersky has raised the bar for consumers, companies
like Symantec and EMC are doing the same for large enterprises.
“Anti-virus and anti-spam on their own are no longer
enough,” says Gordon Love, Symantec regional director for Africa. “The message
has evolved, and Symantec is repositioning itself from basic security to
information protection.”
While the consumer is concerned with safety on a couple of
devices, the enterprise has numerous areas of responsibility, from looking
after customers to maintaining the confidence of investors.
“The major drivers of protecting the enterprise are around
intelligence, managed security, and compliance,” says Love. “It’s driven by
both existing and expected legislation on corporate governance, and focuses not
only on the data, but also on how the data flows through the business. We back
up 50% of the world’s data, and have to protect it when it’s at rest or on the
move.”
Last year, Symantec blocked 5.5bn malicious attacks – and
that number has already increased by more than 80% this year. Symantec ranked
South Africa 43rd in the world for number of attacks in 2011 – up from 46th the
year before.
“Initially all this hacking and malicious activity was
targeted around fame for the hacker,” says Love. “The next phase is how to
extract financial benefit from it.”
One of the more sophisticated tricks is to create a virus
that fools users with warnings that their systems are infected, and invites
them to click through to a link that will clean their system – for a fee,
payable by credit card. You can see where that story ends...
As a result, even the vendors who offer free versions of
their anti-virus products have upped their game. AVG, which uses a “freemium”
model – a free basic version of AVG Internet Security can be upgraded to a
paid-for premium edition – says it is now “more than just an antivirus
company”.
“Computers and devices have become an extension of every
individual at work and at play,” says JR Smith, the company’s CEO. “In today’s
world, we're not just securing machines. We’re securing people’s digital life.”
But that may not be enough.
In a report released last week, Symantec security practices
expert Grant Brown warned that a new form of scareware is emerging:
“ransomware”.
“Ramsomware goes beyond attempting to fool its victims; it
attempts to intimidate and bully them.”
While this “business model” has been tried before, says
Brown, it suffered from the same limitations of real life kidnapping - there
was never a good way to collect the money.
“Cybercriminals have now discovered a solution to this
problem using online payment methods. They can now use force instead of
flimflam to steal from their targets. As it is no longer necessary to con
people into handing over their money, we can expect the extortion methods to
get harsher and more destructive... attackers will use more professional ransom
screens, up the emotional stakes to motivate their victims, and use methods
that make it harder to recover once compromised.”
Brown points to the core threat facing regions like Africa,
but also to the core of the solution:
“As accessibility to technology and access to internet
connectivity become more affordable to previously untapped markets, security
education needs to form part of any online strategy.”
*Arthur Goldstuck is managing director of World Wide Worx and editor-in-chief of Gadget.co.za. Follow him on Twitter or Pinterest on @art2gee.