From the editor's desk: The weakest link

April 2024 News

Kim Roberts, Editor.

Lately I’ve been getting an ever-increasing number of articles on cybersecurity in my inbox. It’s easy to put it on the backburner, but there is no doubt that this is a very serious problem that’s not going to go away if you ignore it. Unsurprisingly, the weakest link is people, although they usually don’t get treated as harshly as those in the game show, The Weakest Link − remember that?

We generate around 2,5 quintillion bytes of data every day, leaving us all vulnerable to data misuse, cybersecurity attacks and identity theft, both in our own lives and in the commercial and industrial world. In a recent survey of 500 security executives from 13 countries around the world, including South Africa, cybersecurity company Trellix’s ‘Mind of the CISO 2023’ report has some sobering numbers. I thought the statistics were quite interesting.

Cybersecurity incidents involving phishing were at 40%, ransomware at 36%, business email compromise at 32%, and credential stealing at 28%. The report also said that 28% of attacks were state-sponsored, meaning hacking syndicates backed by hostile states, while 24% were inside jobs. The leading cause of major cybersecurity incidents was password misuse at 56%, followed by insider threats at 44%, supply chain breaches at 40%, non-detection by existing technology at 40%, and missed vulnerabilities at 36%. These incidents led to a loss of customers, business downtime, reputational damage, regulatory penalties, and higher insurance premiums. Only 60% of the respondents were fully covered by their cybersecurity insurance.

There are plenty of examples locally. In 2020, the credit bureau Experian had a data breach that exposed the personal information of 24 million South Africans and 790 000 business entities; and the hack of TransUnion in 2022 exposed millions of South Africans to potential risk. There are more. Liberty Holdings, ViewFines and Ster-Kinekor were all attacked. The Dis-Chem cyber attack resulted in the data of over 3,6 million South Africans being compromised. I’m sure we’ve all had random emails and WhatsApps where we wondered how they got our information.

The most devastating ransomware attacks almost always begin with a simple Spear-Phishing attack to get a user with valuable credentials to click on an infected link. Of the South African companies surveyed by Trellix, 78% said they had paid a ransom of between five million and ten million dollars.

There are many technical solutions that can be put into place, but the most important barrier is your people. The key lies in strong passwords, regular training, checking your links with your end users and vendors, and not clicking on suspicious email links. A little prevention today could save you from huge problems tomorrow. As an example, I still remember my very first computer − a long time ago. It was a 64K Apple that I was ridiculously proud of, and my very first password was − password. At least that wouldn’t happen today.

At the recent MESA conference, I heard of another typical example. This was the story of a company in Abu Dhabi that was subject to a cyber attack. On the first two tries the hackers were unable to breach the company’s security. Then they employed three pretty girls to stand outside the offices and offer the people going in a free USB stick. Within five minutes they were in, and had all the information.

You also need to get your people’s cooperation, which is where training comes in. Nowadays, process plants operate on a whole new level. Everything is interconnected. While this brings huge benefits in productivity, it also makes them vulnerable. In response, companies are putting into place such strict policies that it’s very difficult to get access to a plant to work on it, and this is creating resistance from workers.

In the future, cyber resilience is going to become even more important. Looking ahead, quantum computing has the potential to take this to a whole new level. Quantum computers can perform calculations exponentially faster than today’s computers. We can expect to see the arrival of post-quantum cryptography to make cryptographic systems secure against attack.

On the other side, as quantum computers become more powerful, they could be a threat to current encryption standards like RSA. ‘Bad actors’ could decrypt encrypted data that is considered secure, potentially exposing sensitive information. While a regular computer needs millions of years to crack RSA algorithms, a fast quantum computer would take hours. Today’s encryption algorithms would become obsolete, putting communications, financial transactions, and military defences at risk.

The race is on to develop new quantum-resistant encryption methods that can withstand attacks like this. I’m optimistic that the good guys will win.


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Moore Process Controls is moving ahead
Moore Process Controls News
Moore Process Controls was established in South Africa in 1985, migrating from a local agent for Moore Products in the USA to a multi-faceted company with a wide range of automation and optimisation capabilities.

BMG’s machine tools on show at Machine Tools Africa
Bearing Man Group t/a BMG News
BMG will be participating at the Machine Tools Africa exhibition. Its stand will showcase the company’s comprehensive range of quality branded tools and equipment, which has been carefully selected by specialists, to meet the exact requirements of customers in diverse sectors.

Enlit Africa reimagines energy security in Africa
The prestigious Enlit Africa 2024 exhibition has the goal of addressing the very real energy security concerns felt by companies across Africa.

From the editor's desk: The digital deluge
Technews Publishing (SA Instrumentation & Control) News
One of the issues arising out of our newfound ability to generate our own electricity is the ability to store it. BESS systems are the order of the day, and we regularly run stories on this new development. ...

Turck Banner welcomes Ivan De Waal as new managing director
Turck Banner Southern Africa News
Turck Banner Southern Africa is pleased to announce the appointment of Ivan De Waal as its new managing director.

University of Pretoria unveils immersive technology laboratory
The University of Pretoria’s faculty of Engineering, Built Environment and Information Technology is proud to announce the launch of its new Immersive Technology Lab at the Department of Information Science. This cutting-edge facility marks a significant milestone in the university’s journey towards integrating advanced immersive technologies into its curriculum and research initiatives.

IS3 X-Change 2024 conference
X-Change is an annual gathering of tech enthusiasts, industry leaders and visionaries pushing the boundaries of innovation. Join IS3 for an immersive experience that celebrates the latest in technology and fosters networking opportunities, and discover how your organisation can benefit from AVEVA software and the IS3 industry solution partner ecosystem.

Exploring the role of AI in recruitment
In an era defined by rapid technological advancements, the integration of AI is proving to be transformative across various industries. Thankfully, and in contradiction to what many people believe, AI enhances many functions, rather than replacing real people.

Celebrating three decades of innovation in Africa's premier industrial software conference
With a rich 29-year history, the X-Change User Conference stands as Africa's largest and most prestigious annual gathering dedicated to industrial software and related technology. Hosted by Industry Software Solutions & Support (IS3), this year, X-Change 2024 promises to be even more impactful as it celebrates three decades of innovation and collaboration.

4Sight OT Automation achieves prestigious AVEVA Endorsed Partner status
4Sight OT Automation, a leading industrial software solutions provider, has achieved Endorsed Partner status within the AVEVA Partner Network.