Thank you for signing up!

Thank you for signing up for our newsletter. It's a great way to stay up to date with everything about Grove Group.

Arm your business with the latest cybersecurity technologies, or show up naked to the gunfight!

On his LinkedIn profile, Brian Pinnock is said to have a proven track record in technical, pre-sales, sales, pre-sales management and innovation management in enterprise-focused communication companies within the ICT industry. While this is true, Brian is also the high-spirited and inspirational mentor you can have a beer with while laughing at the curve balls life sometimes throws at you. One of the tricks in life, Brian explains to a laughing crowd, is to never to be the smartest person in the room for any length of time! Brian is the kind of guy that eats, breathes and lives security!

It was during our latest Innovators’ Club meetup that Brian shared the lessons he learned throughout his journey to become one of the foremost cyber resilience experts in South Africa. The bottom line: For companies to be using first, second and third-generation technologies trying to protect themselves from fourth and fifth-generation attackers is no longer good enough. “Today, it’s like not even bringing a knife to a gunfight! – it’s like showing up naked to the duel.” 

Brian took his co-innovators and like-minded compatriots on a journey through pinnacle moments on the cybersecurity reel over the last 30 years declaring that Information Technology and Business industries have been in a war for the past three decades. “It is a war that up until now, we’ve been winning,” he proclaimed. “If you look back from where we are now, in an era of ransomware, fileless malware and nation-state attacks, you realise that the antecedents to the problem we’re facing now were less harmful than simple graffiti.”

Brian commended cybersecurity companies like Mimecast and Darktrace for their fight against cybercrime over the last few years. “Of course, there have been casualties – you see them in the media. Companies that have been breached, companies that have gone out of business or have had massive monetary losses, but by large we’ve been quite successful in our fight against cybercrime. Yes, threat actors have found loopholes to exploit the vulnerabilities in many organisations over the years, but we’ve responded to them as an industry, as a business and we’ve been keeping up quite well.”

This scenario has, however, radically changed in the last two years; a fact that according to Brian can be confirmed by any well-integrated security professional. “If you have a beer with a security expert working as part of the security team at a bank, for instance, and get them away from senior management they’ll tell you we’re losing this fight mainly because we’re fighting today's battles with yesterday's technology.”

This leads up to the question: How then, has the threat landscape changed over the years? How did we get from there to where we are now?  Let’s go back to where it all started.

First-generation technologies: the Morris Worm and antivirus software

Let’s be clear - for most of the 70s and 80s, threats to computer security were clear and present. These threats realised in the form of malicious insiders reading and sharing documents they shouldn’t. Network breaches and malware didn’t yet exist.

The end of this era will undoubtedly be remembered for one of the first recognised computer worms to affect the worlds' nascent cyberinfrastructure - the Morris Worm. However, the intent of this worm was never clear. It was either prematurely or accidentally released on 2 November 1988, and less than twenty-four hours later, caused the greatest damage ever witnessed by a piece of malware up to that point. As Brian thinks back to this era in South Africa, he recalls, “Those were the days when there weren’t a lot of networks around, and viruses came out on stiffy or floppy disks with little strategic objectives or financial motivation.”

How did the industry respond to these threats? By introducing first-generation technology in the form of antivirus software. Brian remembers that it was a pretty easy challenge to solve. “What you needed to do was to figure out what kind of attack it was, get some fingerprint on it and then have an AV file telling you what the malware was about. Once you had that, you were fine.”

As time progressed, the necessity for antivirus software to be included on computers systems became quite apparent, and the biggest challenge at the time was updating your antivirus files on a regular basis.

Second-generation technologies: firewalls and security by luck

During the 90s, the Internet was slowly starting to create a footprint on the South African landscape. The first Web browser, Mosaic, was released in 1993, and the concept of having a network of computers and communicate with each other through an email system was slowly starting to become a reality in the business world, Brian remembers. “The very first company I’ve ever worked for was a company called Prolab, and one of the first things I asked them when I started was whether they had an email system? The company CEO’s response to this was: '...but who will we talk to?'

The year was 1992, and organisations were going from the first-generation technology era to the second-generation working on security by luck as next-generation threats were simultaneously slowly starting to emerge, Brian explains. “This was the era of installing networks, putting up firewalls and doing security consulting for companies.”

“First of all, you had this concept of security-by-security where nobody knew where you were or who you were. Secondly, you had security-by-complexity. Every single organisation had a combination of different technologies that made it very unlikely for an attacker to know them well enough to get in. You also had security-by-accessibility or lack of accessibility where nobody’s network was set up in such a way that anyone else could get in. Lastly, you had security-by-design, which in second-generation technology terms meant a firewall.”

Third-generation technologies: opening a broader attack surface to exploited vulnerabilities

Moving into the new millennium, however, things changed radically in the security space as cyber attacks became more targeted, and most notably with the first serial data breach of credit card numbers. The data involved in these breaches was regulated (probably a front-runner of today’s GDPR), and therefore incidents required the notification of authorities and for funds to be set aside to compensate victims.

Companies learned the hard way what the dire consequences were of being unprotected and began to arm themselves with more sophisticated security systems specifically designed to cope with the new reality of cyber threats. The concept of security-by-accessibility disappeared, and everything started to get less complex moving toward IP-based solutions, web services and databases.

Threat actors were mostly hobby hackers – super skilled people starting to get augmented by cyber criminals who were not particularly well organised, but began to see that there was much money involved in actually getting into the organisation and breaking them either for monetary gain or gaining information with normally has a secondary effect in selling it for money somewhere. The networking guys needed to figure out how to really harden things up, and the Application guys were really naive and basically launching products with lots of business capabilities, but no security.

Although security-by-security still existed, the concept of inaccessibility was falling away as the business world started to move toward networks. The complexity within network security was diminishing which entailed that threat actors now had a much broader attack surface, and vulnerabilities were easier to exploit.

Reaching for the Cloud

More companies were moving away from legacy systems to cloud-based platforms and security trying to close their doors on attackers. The Cloud gave businesses the ability to be more agile, collaborative, have hands-on disaster recovery capabilities, greater security over sensitive documents and data along with the ability to cut their running costs massively. This made threat actors realise that they needed to get a lot more organised and sophisticated, not only in choosing their targets, but also in the way that they set up their attacks.

Criminal syndicates started to emerge to a point where they were actually building up support structures like call centres and help desks, Brian explains. “We started to see the emergence of the polymorphic attacks – a fancy word for stuff that changes a lot. I could send a Word document to a colleague sitting across the room, but what it actually contains is some malicious code which has been designed to be different every single time so that an antivirus or a firewall won't see it.”  

The modern-day target breach and the threat tsunami

"If we fast forward to recent times, it is mind-boggling to see the staggering scale on which target breaches encapsulates the current threat landscape. It made me realise that this war is a lot more sophisticated, a lot tougher, and a lot more below the radar than what we realise."

As a security expert Brian frequently goes into a boardroom with C-level executives asking him to close the windows, close the blinds and to make sure that the NDA is signed before hearing the familiar words: ‘We’ve been hit by ransomware but, please, you’re not allowed to tell anyone.’ 

“People are ashamed of the fact that they’ve been breached, even though the statistics show that multiple companies get breached all the time.”

Fact is, with more than 4 000 ransomware attacks every day, two out of three organisations are breached every single year with 81 percent of the victims not having a system in place to self-detect the data breaches.

Why have we been winning this war up until now? Did we lose the security-by-security battle once the Cloud was there? Brian’s answer to this is the fact that we’re fighting a war with old technology and it is starting to be a problem. “Of course antivirus has improved, but in spirit, its architecture is ultimately a first-generation technology. The same argument goes for firewalls, it has come a long way, but they are still second-generation technology.”

With various Cloud services, if threat actors have one way of getting in, they’ve got everybody, Brian explains. The tipping point of this was the WannaCry and Petya attacks last year that changed the security landscape completely. “You always had people who were well motivated - your typical ‘hacktivists’ and ‘insiders’ – but they never really had the tools other than the once they’ve built themselves to really do a huge amount of damage. Now, with the leaks from the US NSA, there’s a whole lot of tools attackers out there can use which can do massive damage to companies using Cloud services like Office 365."

Public response has become a critical consideration in dealing with cybercrime incidents, and companies can no longer take an ad hoc approach to response. The recent Liberty breach in South Africa is a clear example of this. It is imperative that all levels of the organisation understand the risk of cybercrime and have committed all appropriate resources to prevent breaches, detecting them when they occur, and responding in the appropriate fashion. Showing up naked to the gunfight is not an option!

Today, we have reached the position in which cybercrime is so sophisticated it seems almost impossible to prevent. The emphasis is now on how an organisation responds once it has been breached. While we can't prevent every incident, we can control how we manage the aftermath so that we are prepared and practised in the process of response. In doing so, we can develop organisational resilience such that these incidents are gracefully managed as just another part of the business.

Grove’s Innovator’s Club has become a popular hub for people with a passion for technology, innovation and social change to connect. The purpose of these exclusive meetup’s is to disrupt the status quo by cultivating a positive community of meaningful thinkers. The meetings introduce out-of-the-box thinkers to share inspirational messages with fellow thought leaders.

Tags: Recent Cyber Attacks in SA, Cybersecurity Solutions, Grove Innovators' Club | Cryptocurrencies with Sonya Kuhnel, Grove Innovators' Club - Keep me informed

Recent Tweets