Thank you for signing up!

Thank you for signing up for our newsletter. It's a great way to stay up to date with everything about Grove Group.

Don’t Show up Naked to the Gunfight!

Arm your business with the latest cybersecurity technologies


Brian Pinnock’s LinkedIn profile says he has a proven track record in technical, pre-sales, sales, and pre-sales and innovation management within enterprise-focused communication companies in the ICT industry. This is all true, of course, but only part of the truth. Brian is also the high-spirited, inspirational guy you can laugh with over a beer about the curved balls of life. One valuable life hack, he says, is to never to be the smartest person in the room for any length of time. Brian also eats, breathes and lives cybersecurity.


During an Innovators’ Club meetup, Brian shared the lessons he had learned on his journey to becoming a leading cyber-resilience expert in South Africa. He says it is no longer good enough for companies to use first-, second- and third-generation technologies to protect themselves against fourth- and fifth-generation attacks.


‘Today, that is not even like bringing a knife to a gunfight. It’s like showing up naked to the duel.’


Brian took his audience on a journey through the cybersecurity story over the past three decades, saying information technology and business industries have been locked in a war against cyber attackers all this time.


‘It’s a war that, until recently, we’ve been winning,’ he said. ‘If you look back from where we are now—in this era of ransomware, fileless malware and nation-state attacks—you realise that the progenitors of the problems we face today were less harmful than graffiti.’


Brian commended cybersecurity companies like Mimecast and Darktrace for their fight against cybercrime over the past few years.


‘Of course, there have been casualties—you see them in the media. Companies that have been breached, or have gone out of business, or have had big financial losses. But by and large, we’ve been quite successful in our fight against cybercrime. Yes, attackers have found loopholes to exploit the vulnerabilities in many organisations, but we’ve responded to them as an industry. And we’ve kept up quite well.’


However, the scenario Brian sketched has changed radically over the last two years. Any well-integrated security professional will be able to confirm this.


‘If you have a beer with a security expert working as part of the security team at a bank, for instance—and get them away from senior management—they’ll tell you we’re losing this fight, mainly because we’re fighting today’s battles with yesterday’s technology,’ he says.


But how exactly has the cyber-threat landscape changed? Let’s go back to where it all started.



First-generation technologies: The Morris Worm and antivirus software


For most of the 1970s and 1980s, threats to computer security were clear. They materialised in the form of malicious insiders reading and sharing documents they shouldn’t. Network breaches and malware didn’t yet exist.


The end of this era will undoubtedly be remembered for one of the first recognised computer worms to affect the world’s budding cyberinfrastructure—the Morris Worm. The reason behind this worm has never been identified. It was released either prematurely or accidentally on 2 November 1988. Less than 24 hours later, it had caused the greatest damage witnessed up to that point from a piece of malware.


Brian recalls this era in South Africa. ‘Not many networks were around in those days. Viruses came out on floppy or stiffy disks, with little in the line of strategic objective or financial motivation.’


The industry responded to these threats by introducing first-generation technology in the form of antivirus software. Brian remembers that, as a challenge, threats were pretty easy to resolve.


‘What you needed to do was figure out what kind of attack it was, get a fingerprint on it and then have an antivirus file telling you what the malware was about. Once you had that, your problem was solved.’


As time progressed, the necessity for antivirus software to be included on computer operating systems became quite apparent, and the biggest challenge was updating your antivirus files regularly.


Second-generation technologies: Firewalls and security by luck


During the 1990s, the Internet was slowly starting to develop a footprint. The first Web browser, Mosaic, was released in 1993, and the concept of having a network of computers communicate with each other through an email system was becoming a reality.


‘The first company I ever worked for was Prolab. One of my first questions to them was whether they had an email system. The CEO’s response was, “But who will we talk to?” ’


By 1992, organisations were switching from first-generation to second-generation technology, relying on luck as next-generation threats simultaneously began to emerge.


‘This was the era of installing networks, putting up firewalls and doing security consulting for companies. First, you had the concept of security-by-security, where nobody knew where or who you were. Second, you had security-by-complexity, and every organisation had a combination of different technologies that made it unlikely for an attacker to know them well enough to get in. You also had security-by-accessibility, or lack thereof, where networks were set up in a way that others could not get in. Lastly, you had security-by-design, which in second-generation technology terms meant a firewall.’


Third-generation technologies: Head-on attack and vulnerabilities exploited


Moving into the new millennium, things changed radically as cyberattacks became finely targeted, most notably with the first serial data breach of credit card numbers. The data involved in these breaches were regulated (probably an early version of today’s General Data Protection Regulation), and therefore incidents had to be reported to the authorities and funds set aside to compensate victims.


Companies learned the dire consequences of being unprotected the hard way and began to arm themselves with increasingly sophisticated security systems, specifically designed to cope with the new reality of cyber-threats. Cybersecurity began to move toward IP-based solutions, web services and databases.


Attackers were mostly hobby hackers, but cyber-criminals soon joined their ranks. They were not particularly well-organised, but began to see there was money involved in getting into organisations’ systems and breaking them either for financial gain or accessing information for sale elsewhere. The networking guys needed to find security solutions while the application guys naively continued to launch products with lots of business capabilities but no security.


The concept of inaccessibility disappeared as the business world began to move toward networks. Complexity within network security was diminishing, leaving a much broader surface of attack, with vulnerabilities wide open to exploitation.


Reaching for the Cloud


More companies have been moving away from legacy systems to Cloud-based platforms and security in an attempt to lock out attackers. The Cloud has given businesses the ability to be more agile and collaborative, have hands-on disaster recovery capabilities, providing greater security around sensitive documents and data, while cutting running costs significantly. Attackers came to realise that they would need to become much more organised and sophisticated, not only in choosing their targets, but also in the way they set up their attacks.


Criminal syndicates have begun to emerge to the extent that they build up support structures like call centres and help desks. We began to see the emergence of polymorphic attacks—malware that could change or ‘morph’ its code in each succeeding iteration so that it would not be detected by antivirus programmes.


‘I could send a Word document to a colleague sitting across the room, but it could contain some malicious code designed to be different each time it’s opened, so that an antivirus or a firewall wouldn’t pick it up,’ Brian explains.


The modern-day target breach and the threat tsunami


‘Fast forward to today, it is mind-boggling to see the staggering scale on which target breaches encapsulate the current landscape. It has made me realise that this war is a lot more sophisticated, a lot tougher, and a lot more below the radar than we realise.’


As a security expert, Brian frequently goes into boardrooms where executives would ask him to close the windows and blinds and sign a non-disclosure agreement before he hears the familiar words: ‘We’ve been hit by ransomware but please, don’t tell anyone.’


‘People are ashamed of being breached, even though the statistics show that multiple companies get breached all the time.’


Fact is, with more than 4,000 ransomware attacks every day, two out of three organisations are breached every year, with 81 percent of the victims not having a system in place to self-detect breaches.  


‘We’re fighting a new-technology war with old technology. This is a problem. Of course, antivirus has improved, but its architecture is a first-generation technology. The same argument goes for firewalls—they’ve come a long way, but they’re still second-generation technology.’


If attackers find one way to get into a system in the Cloud environment, they will be able to get in anywhere. This became only too clear with the WannaCry and Petya attacks in 2017, which changed the cybersecurity landscape completely.


‘People well motivated to do damage have always been around, typically “hacktivists” and insiders, but they never really had the tools other than the ones they’d built themselves. Now, with the leaks from the US National Security Agency, attackers have any number of tools to use to damage companies using Cloud services like Office 365,’ Brian says.


Public response is a critical consideration when dealing with cybercrime incidents, and companies can no longer take an ad hoc approach to this. The 2018 Liberty breach in South Africa is a clear example. It is imperative that all levels of an organisation understand the risk of cybercrime and commit all appropriate resources to prevent breaches, detect them when they occur, and respond in an appropriate fashion. Showing up naked to the gunfight is not an option!


Today, we have reached a situation where cybercrime is so sophisticated, it seems almost impossible to prevent. The focus has shifted to how to respond once a breach occurs. While we can’t prevent every incident, we can manage the aftermath and be prepared and practised in our response to it. In so doing, we can develop organisational resilience to elegantly manage such incidents as we do any other part of the business.


‘... the war on cybercrime is a lot more sophisticated, a lot tougher, and a lot more below the radar than we realise.’

Tags: Recent Cyber Attacks in SA, Cybersecurity Solutions, Grove Innovators' Club | Cryptocurrencies with Sonya Kuhnel, Grove Innovators' Club - Keep me informed

Recent Tweets