Visibility | Skills | Context | Agility

The risk of cyber attacks is growing constantly and this is something corporations around the world are coming to grips with. One major challenge is that most organizations do not have the ability to quantify this risk.

This is one of the reasons that so many companies have a blinkered approach of “nothing has happened, everything is running, so we are okay”.”

It has been said that there are three types of organisations out there:

  • Those that have already been breached and don’t know about it (my research suggest that these are in the majority).
  • Those that have been breached and have some idea of the scope and consequences and will be counting the costs for years to come.
  • Those that will be breached.

All companies are challenged by the following :

  • Visibility

Having an accurate view on their security posture on an on-going basis. This includes a view on their compliance requirements (ISO, PCi, POPIA etc.) and how their people, process and technology decisions are enabling them to meet their compliance, legislative commitments, etc.

  • Skills

The lack of specialist skills to ensure they extract full value from their technology investments and also that these technology investments are doing what they should to assist in adherence to compliance requirements.

There are never enough truly specialised skills available, so one or two generalists land up having to do everything – this is quite commonplace and it is fertile ground for the bad guys.

We are human and cannot function 24x7x365 – the bad guys on the other hand never seem to stop.

We cannot digest and interpret the huge volumes of information from multiple sources to detect the “blip in the radar” that indicates something is afoot.

  • Context

Extracting actionable security insights from all the content flowing across the network, in time to make decisions that will stop incidents or at least limit the impact.

  • Agility  (Responsiveness)

The ability to detect cyber security incidents (incidents of attack and incidents of compromise) and the people and process to implement possible decisions made as a result of contextual insights.

Hoodlums to hackers | The rise in cybercrime

Hacking exploits and exposés continue to dominate media headlines – and for good reason. In 2017 alone, according to McAfee and CSIR’s joint report ‘The Economic Impact of Cyber Crime – No Sign of Slowing Down’,  cybercrime cost the global economy over US$600bn – of which approximately US$3bn was concentrated in sub-Saharan Africa. Alarmingly, recent estimates by Forbes indicate that cybercrime will cost US$6 Trillion per year by 2022 – an almost unimaginable number to most of us.

Whether state sponsored cyber terrorism, organised crime 2.0 or hacktivism, cybercrime makes a lot of sense to growing numbers of people. Just one of the reasons can be ascribed to current unemployment figures. Following depressed global economic conditions in recent years, attention has turned to other means of making a living and the rise of a new, unvirtuous cycle.

Cybercrime has become a viable ‘career path’ for a number of reasons, not least of which, is the perception that it’s a ‘victimless crime’, particularity in the corporate world. It’s also hard to trace and prove, and harder to prosecute. Legislation hasn’t kept pace with the evolving criminal landscape – some inroads have been made, but there is still a long way to go.

Connected and dangerous

Now consider just how low the barriers of entry are. It couldn’t be easier to access connectivity, purchase an exploit kit or two, read some forums, watch a few videos and away they go – the next cyber-criminal is on their way to graduating.

In fact, online crime is fast becoming industrialised through the efforts of criminal, multinational organisations on the dark net. One-stop shops are being developed and run like businesses with all the tools and services needed to commit cybercrime. Exploit kits, custom malware, botnet rentals and ransomware distribution provide a diverse toolkit for as little as US$100.

This is the new, sophisticated generation of organised crime. The motivations may vary between creating a new income stream to the thrill of the chase and everything in-between –  hidden behind relative anonymity on the dark net.

Cybercrime as a Service isn’t a new concept, but is rapidly evolving to include everything a criminal could need including product development, technical support from help desks and even money-back guarantees.

Sophisticated crimes against the unsuspecting and underprepared

The ‘regular’ threats we see including those like ransomware holding data or devices hostage, or breaches threatening to expose sensitive data like medical records, banking details or personal particulars are fairly well known.

But there are emerging technologies that open an entirely new threat landscape. For instance, Blockchain technology is a robust, disruptive technology that is predicted by Gartner to increase business value-add to US$176bn by 2025. The newness of the technology presents cyber-attackers with opportunities for exploitation.

Alongside technological advancement will be the development of their cyber-criminal counterpart’s sophistication. For example, now viruses are smart and malware is equipped with artificial intelligence capability that self-adjusts until it finds vulnerabilities, is more energy-efficient and more effective than any human hacker, and also more economically attractive.

With this in mind, it is surprising that many organisations are underprepared or unaware of threats which in turn impedes their ability to identify attacks and defend themselves. Startlingly, NTT Security’s  ‘2017 Global Threat Intelligence Report’ revealed that nearly 47% of vulnerabilities are more than three years old and only a third of companies had a formal incident response plan in place.

In summary, crime isn’t just for your neighbourhood hoodlum. It has evolved to open an entire digital threat landscape. So no matter your business size, maturity or perceived degree of cyber risk, it’s a business imperative to implement risk management and cyber resilience protection and defence strategies.


An online advert caught my eye. A cool USB gadget that I had to check out. I go over to the site Trendy Castle and I like what I see.

I am into photography and yes, like every geek, I like gadgets. So when I see this mini camera that is a cool USB drive, I am hooked. There is a button to add this to the shopping basket, so I click. But for some reason I never actually bought the gizmo. I was having a crazy day at work and I was probably doing some late night window shopping just to unwind. I had the site’s URL saved, and it was just a matter of time … that little baby was coming to my collection.usb nikonThe next morning I get up and have my digital routine kick in. Switch on phone, check for any e-mails, Slack and WhatsApp messages (the work never stops), and I notice I have a Facebook message. I don’t often use the Facebook messenger, but occasionally it comes in handy. But this message is not from anyone I think I know. But hang on, it has been sent by Trendy Castle… Isn’t that the Web site I just peeked at last night?! The heading of the message reads: Want the cutest (yet useful) USB drive you’ll ever own? And the familiar call to action: Leave something behind?

Just now they will be telling me about photos I take, and perhaps they will do image recognition on the photos and they will try target the people I interact with. Phew, the creepy factor here has no bounds.

How does this online store know how to find me on Facebook?

This is a warning of things to come.

I really do dig this little USB gadget, and I did order one. But whoa, I am not excited about the world we are living in. Everything we do online is tracked and exploited. I still don’t understand how they found my Facebook address – I didn’t enter my email address and I didn’t “like” anything… weird.

The word opportunity

Opportunity sounds like a positive thing, doesn’t it? I mean, if someone calls you up and passionately says “I want to share an exciting opportunity with you”, then this sounds cool, right.

The thing is, from what I have learned in life, opportunity can also be a chance to hit the bottom. Yes, opportunity also means you can fail. And statically speaking, more business ventures fail than succeed. So the next time someone wants to talk to you about an amazing opportunity then make sure you are sober when considering getting involved.

Opportunity is not just about work but also about life, and love. An opportunity to go on a date, for example, does not necessarily mean you will fall in love and live happily ever after. Just think of how many crummy dates you have been on in your life. Think about the excitement beforehand and then try remember the disappointment the next day. We have all been there.

Every opportunity means we can win or we can lose. And I believe that the chances are greater that we will lose. So, why then is the word opportunity such a positive sounding word?!

I am a positive person, and I have spent my life taking risks. I have had many ups, and downs. The opportunity roller coaster can be hectic.

Opportunity is always all around us. I keep hearing of opportunities – apparently they are everywhere. And it generally sounds so good.

This ironic word has got me thinking this week. Perhaps I am considering another opportunity and getting a bit anxious. For such a positive sounding word, it sure does bring a lot of stress. Irony indeed.

The art of deception in cybersecurity

I’ve been working in the cybersecurity space for the past 18 months. I’m no expert on the matter, but I do know about corporate relationships and selling to big companies. I spend my time working on a smart development in the deception technology space. These are a few lessons I’ve learnt:  

         The levels of skills are not what they should be. Many companies have substandard security policies and poorly configured defence technology.
         Network security is usually a grudge purchase.
         There’s a lack of maturity about risk with a matching under-investment in cybersecurity.
         Many people are not concerned about cybersecurity saying, “We are okay, we haven’t had any problems.”

Most global corporate efforts on cybersecurity have centred around securing the perimeter. But considering that most attacks come from inside organisations, corporate mindsets are now slowly evolving to include internal traps.

And this is the arena in which we play. We have partnered with leaders in the deception technology space and offer a network trap that complements your existing perimeter defence. Think of us as the motion sensor (to complement the front door) on your property. If your first line of defence is breached, then trip wires send out alerts when an infringement occurs. We notify enterprises of unsanctioned lateral movement on their networks.

If you believe you have no problems then asking you to deploy network traps is hard work. Of course, there may be a compliance parameter, which makes the proposition easier. Or perhaps you’re conducting a penetration test and want to catch hackers red-handed to see if your traps are working. Then there’s a compelling case for deception technology. But after numerous meetings, I can tell you that it’s a challenge – but important work nevertheless. The tech is smart and inspired, but if you are met with ignorance then it’s a very hard sell.

We are involved with the art of deception. It’s a way to trick hackers and to get wrongdoers to reveal themselves. An alert may be the most important thing you will ever get, and it’s there when you need it most. This is what network traps do. They sit there quietly, like smoke detectors, and if they sense something’s wrong, a silent alarm is triggered. The silence has a purpose, you don’t want to startle the hacker, but you want to know when there’s an unwelcome intruder on your network.

Magic, the art of deception, is fun and rich in storytelling and creativity. It’s the same with our traps. We have a mixed interaction honeypot called Canary, which is used by leading companies all over the world. It gives them peace of mind because it uncovers breaches on their corporate networks.

A popular magician is well-known for saying: “Magic’s the only craft that you practise constantly so you can hide your skill … with a good magician, the skill goes unnoticed.” This is also true of the IT world. If we do our jobs well, then we go unnoticed. But when IT fails, chaos ensues. And when a company is hacked, several panicked calls go out. For example, Ransomware has helped me to meet many company heads, but they are stressed and anxious when I meet them.

I enjoy my work – the tech is smart and plays a key role in helping companies avoid disaster through an early warning system.

No business wants to be hacked and read about their vulnerabilities in the next news headline. What intrigues me is when someone says: “We can’t afford to spend any more time or money on our security.” This is something I hear fairly often. But would you say this about your health? The health of your company’s network is as important as your personal health, but there are still some people who ignore this. I often hear people say: “We are okay, we’re not at any real risk.”

Sure, not every company has the same level of risk, but if you think hacking won’t affect your business, you are mistaken. And it’s just a matter of time. Every company will get hacked sooner or later.

The art of deception is creative and inspired, but is often misunderstood. When we witness an illusion, we often guess how it will work out. And when it comes to your company’s cybersecurity, then there’s no need to guess. We are here to help because this is what we do.