Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

IT security professionals ‘secure society’

SMART Cybersecurity Handbook 2022 Training & Education

The role of information security professionals has become a critical one as the world enters the second phase of the Internet revolution in which computers run everything and everything is connected.

This emerged at the inaugural KB4-CON cybersecurity event for EMEA, where Mikko Hyppönen, chief research officer at F-Secure and a worldwide authority on computer security and privacy issues, outlined the impact of the Internet and changing cybersecurity risks.

Hyppönen said: “We are the first generation to live our lives partially in the real world and partially in the online world and now we see that the Internet will be part of mankind’s future forever.”

The first wave of the Internet revolution – which took all the computers online – is already behind us, he said. “We are now living the second wave of the Internet revolution, which will take everything else online. I’m not just speaking about IoT or smart devices, I’m speaking about everything. If we plug it into the electricity grid, we will also eventually plug it into the Internet grid. It’s going to happen whether we like it or not. This second wave will bring us great benefits and great new risks: it’s always a trade-off.”

Hyppönen highlighted how lucrative ransomware attacks are for criminals, noting that business email compromise is even more so. “The amount of money moving around in these ransomware attacks is remarkable, there is a lot of money to be made in online crime. But even more money is being made with business email compromise (BEC) attacks. They always say crime doesn’t pay, but it obviously pays very well if criminals are driving around in a fleet of Rolls Royces.”

In this environment, the role of the information security professional has changed, he said. “We are no longer securing computers: we are securing society, because computers are everywhere and run everything.”

Complexity is the enemy of security

Hyppönen said: “Complexity is the biggest enemy of security. The more complex our systems are, the harder they are to secure. The more complex they are to use, the easier it is for people to make mistakes. The more complex the systems our users are using, the more prone they are to human error.”

While the solution to this should be to reduce complexity, systems were becoming more complex. “If you look at the size of Windows 10 on your hard drive, it is 1000 times bigger than Windows 95. If you look at the complexity of the code base, Windows 10 has 5,7 million source code files. So, we are just shooting ourselves in the foot as we build more and more complex systems which have more room for bugs, which then become vulnerabilities and which are more complex to use, which means our users are more prone to make human errors and mistakes. But we must not blame the users.”

Data is the new uranium

Pointing to changing attack methods, Hyppönen said: “People say data is the new oil, but it is more like the new uranium. Like oil, it is also expensive, but it is also very damaging and some data – like medical data – stays dangerous forever when it is compromised. I don’t think we fully understood the challenge of this.

“We see a big shift from traditional V1 ransomware groups into ransomware V2. In January 2020, the Maze ransomware gang from Moscow innovated V2 by not only encrypting the files of the victim company, but also stealing the files and threatening to leak the stolen files if the ransom was not paid. This means that suddenly the backups don’t matter at all. Even if you have perfect backups of everything and you can recover them in an hour, the attackers still have your files and they can leak them. This is the reason we have seen so many multi-million-dollar ransom payments – V2 ransomware has proven to be highly beneficial for the attacker.

“If we track down the root causes of any data breach, leak or malware, it’s always a technical problem or a human problem. Technical problems can be hard to solve, but once you find and fix the bug, you have solved the problem. However, patching human brains isn’t straightforward at all. You need to educate users and make sure people remember what they are taught and whenever we teach users what to look out for, the attackers will look for new ways of going around what they have learned.”

Boost user training and awareness

Stu Sjouwerman, founder and CEO of KnowBe4, announced during the event that KnowBe4 sponsored a new vendor-neutral certification by H Layer Credentialing, the Security Awareness and Culture Professional (SACP) certification for security awareness programmes.

KnowBe4 has also launched a set of 24 mobile-first training modules and its Security Snapshots (a set of 12 stand-alone security ‘micro modules’ in 34 languages, which may be particularly interesting to organisations on the continent where many users consume training on their mobile devices).




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Tips and tools for trade businesses
News & Events Training & Education
ServCraft brings together trade industry associations and corporations to launch blox, a digital content platform and community impacting lives, businesses and industries across hundreds of thousands of trade business SMEs.

Read more...
Africa Online Safety Platform launched in SA
Training & Education News & Events
Impact Amplifier, with the financial support of Google.org, launched its African Online Safety Platform (AOSP), a platform providing a rich repository of research, education content, funding opportunities and ways to seek help after an online crime.

Read more...
South African Keiron PRO laser target system
News & Events Training & Education
Jacstech, based in Cape Town, South Africa, has been appointed to supply a complete Keiron PRO laser training system to the SIRT Academy. The SIRT Academy is a firearms and tactics training facility in Perugia, Italy.

Read more...
Practical guide to protect data privacy
Training & Education Information Security
The Data Privacy Toolkit, reflecting the evolving landscape of data privacy, includes guidelines and recommendations to safeguard sensitive information crucial for protecting sensitive information from malicious actors.

Read more...
ONVIF releases first add-on for secure communications
Surveillance Training & Education
ONVIF has released the final version of the TLS Configuration add-on to increase the security of communications between devices and software clients within a physical security system.

Read more...
Mastering security awareness in the digital era
Security Services & Risk Management Training & Education
Human error and lack of security awareness remain the first security threat. Companies must consider the importance of managing employee cyber risk and the significance of training and awareness programmes.

Read more...
Preparing young entrepreneurs
News & Events Training & Education
Liquid Intelligent Technologies SA recently announced that its Youth Empowerment Programme is successfully preparing young South Africans with the skills they need to succeed in a digital future.

Read more...
Free South Africa Market Report webinar from TAPA EMEA
Technews Publishing Editor's Choice News & Events Transport (Industry) Training & Education Logistics (Industry)
October 2023 offers TAPA EMEA members and non-members opportunities to increase their knowledge of cargo crime and supply chain security risks in three countries in Europe, the Middle East & Africa region, where supply chains are most targeted by both organised crime groups and other offenders.

Read more...
Empowering the new team of trailblazers in cybersecurity
News & Events Information Security Training & Education
Fortinet is committed to creating more opportunities for women in cybersecurity in South Africa as it actively fosters a culture of inclusion by expanding access to training and career advancement through its training institute.

Read more...
Digital transformation is dependent on engaged leaders
Training & Education Infrastructure
Having a digitisation strategy in place is the starting point, but to truly activate a digital transformation programme, organisations need a strong leadership team that has acute self- awareness, and can positively contribute and direct their influence toward the people affected by change.

Read more...











SMART Security Business Directory



Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.