The year ahead looks set to bring some exciting new challenges in security as technology plays an increasingly important role in a rapidly changing environment. Cybercrime is a real and present danger that no one can afford to ignore. And the value of SA’s private security sector shows no sign of slowing down as consumers choose to take security matters into their own hands.
Cyber security takes top priority
Implementing security measures to safeguard technology is no longer a nice-to-have, but a must-have, to protect your organisation, as well as its clients and stakeholders. According to Claude Schuck, regional manager for Africa at Veeam, malware is evolving as rapidly as the technology that is being used to safeguard companies.
“The reality is that breaches will happen. It is how the organisation can mitigate those risks in the always-on environment which will become the differentiator,” he says.
“In the past, the biggest threat was protection against viruses that would slow down desktops and networks. But now, companies are under constant pressure with patches needing to be implemented on a virtually continuous basis. User education is more important than ever, with it becoming a constant ‘us versus them’ battle.
Company leaders must take this seriously. According to the PwC South African Online Survey 2016, 32 per cent of local organisations reported having been victims of cybercrime (the same as the global average). Perhaps more critically, only 35 per cent of organisations have a cyber incident response plan in place. Only 48 per cent of board members request information about the state of cyber-readiness at their company.
Given the rapid rate of attacks, it is no wonder that organisations are struggling to keep their systems up to date with the required security measures. From a consumer perspective, there is concern about the safety of data, both personal and corporate, and what the risks of it being compromised are.
With the Protection of Personal Information Act (PoPI) coming into law next year, government is driving regulation to ensure that end users have recourse when this happens and when their data is used for purposes other than what they give explicit permission to.
In Europe, the enforcement of the General Data Protection Regulation (GDPR) is putting the focus firmly on end user privacy and data ownership concerns.
It will no longer be sufficient to depend upon cloud-based services providers to ensure customer privacy, or for existing security implementations to enable data ownership and privacy rights. End users and customers will demand the right to be forgotten, the right to be informed of data breaches, and the right to withdraw consent. These demands will put a focus on data ownership and privacy rights.
Recognising the assassin’s cloak
“One of the biggest security risks facing local and global organisations is the so-called Insider threat,” says Morgan Malyon, Senior Software Engineer at Quest Software. “These threats are coming directly from individuals working inside the organisation itself, which is mistakenly perceived as a trusted environment,” he says.
Most organisations are so busy putting measures in place to counter attacks from outside their organisations, that they tend to overlook the threat sitting at the desk next to them. According to Malyon, the costs of the internal attacks have escalated dramatically in recent years for two main reasons.
Firstly, the “long serving” employee has become a relative thing of the past. There are very few employees that stay with one organisation for more than two years, and when they leave, whether it be under a cloud or not, all that company information is easily accessible from mobile devices and it’s easier than ever to take sensitive and critical company information with them.
Another contributor to the growth of insider threats is the simple fact that a large proportion of companies are internationally based, and the proliferation of their information on a global scale has seemingly endless bounds.
Malyon says that insider threats are one of the biggest threats facing organisations, because while there are many ways of protecting your company from external threats, there is always a trusted resource in any company that has ultimate and privileged access.
Think of your domain administrators with all-seeing capability, or an executive who requires access to all sensitive and privileged information for HR and payroll. There’s a fine line between preventing a threat, without compromising people’s ability to carry out their jobs.
“When it comes to implementing prevention strategies, organisations need to take a multifaceted approach,” says Malyon. The use of real-time auditing applications, the isolation of access to a limited number of employees, reducing the number of “super” administrators to those who have long and distinguished histories within the organisation. These are just a few examples of what could potentially prevent, protect, or at the very least, reduce the risk of internal threats.
The fundamental challenge is that you never know where it’s coming from, unless you are proactively aware of the threat as it happens, in real-time, with real-time consequences for the perpetrator.
The bottom line is that organisations need to recognise that this is a real and global threat, not just a fancy buzzword or hushed secret. It’s happening each and every single day,” says Malyon.
“The more that awareness is generated about the lurking insider threat, the more proactive companies and their loyal employees will be in helping to combat this insidious threat,” he says.
Remember that industrial espionage is as old as industry itself, and throughout the annals of history, it has been the precursor to the collapse of many companies. “Company leaders are, however, capable of taking back control. How well they recover from a security breach, how well they proactively guard against threats in future, will make all the difference,” concludes Malyon.
The rise of global access management
A recent study by IHS Markit analysts concluded that the global access management market is projected to increase from $5.4 billion in 2016 to $9.6 billion in 2021. The technology team at IHS Markit is the leading source of information, insight and analytics in critical areas that shape today’s technology ecosystem.
The factors impacting this growth include the looming General Data Protection Regulation (GDPR) deadline of May 2018. The increase in the number of data breaches and the looming legislation has piqued renewed interest in security and identity and access management (IAM) solutions.
Another contributor is that a growing number of smaller companies will steadily increase the amount of access management solutions they deploy. On-premises hybrid and cloud solutions are the next growth contributor. A significant portion of larger organisations still want some on-premises solutions and are likely to move to a hybrid model towards full cloud application. In contrast, smaller organisations are more likely to deploy software-as-a-service (SaaS) solutions, which for them can be more cost effective than on-premises solutions.
Leveraging emerging technologies, such as behavioural biometrics, will help to reduce the burden on end users and increase the validity of identity proofing. Organisations can learn a lot about how people interact with their networks to give a full picture of how things are evolving, but these technology developments are a bit of a cat-and-mouse game.
Blockchain makes security cheaper and more accessible. Many organisations have isolated and centralised identity management systems, but the current landscape demands federation and single sign-on (SSO).
These systems make identity management, protection and verification very cumbersome, costly and risky for industry enterprises and government agencies. Blockchain has the potential to introduce improvements that can make security more accessible and budget friendly.
Video surveillance changes to look out for in 2018
According to IHS Markit, the major video surveillance trends to watch in 2018 are the rise of artificial intelligence and deep learning. Deep learning video analytic algorithms have been developed into fully deployable products, with user-friendly interfaces and scenario-focused solutions.
Deep learning face-recognition algorithms are now available in search-engine applications designed to find missing people from video footage. Vendors that market vertically-focused deep learning applications aligned with their own existing portfolios should have good opportunities to grow.
China is forecast to account for almost half (46 per cent) of global professional video surveillance equipment revenue in 2018. However, the Chinese market has some unique characteristics that differ from other regional markets. Essentially, there are two markets for video surveillance equipment: the Chinese market, and the rest of the world.
Consumer drones are readily available for just a couple of hundred dollars and can be flown by anyone, with no prior training and without a license. Thus, the problem of drones in restricted air space has become an increasing concern. Given the large physical area these restricted air spaces cover, simply being able to identify a nearby drone has proven challenging. Recent developments in drone detection technology mean that anyone wanting to secure a perimeter in 2018 will have to take into account the threat from above.
Compared to the IT industry, the video surveillance industry is often viewed as having a relaxed approach to many aspects of failover and redundancy. However, as the multiple uses and perceived value of video surveillance data increases, we can expect to see increased demands for greater failover, redundancy and backups from end users.
Forensic video analysis has been available for some time, yet the improvement in accuracy provided by deep-learning technology over the past two years has been instrumental in delivering a level of competency reliable enough to assist human analysts.
We can expect to see increased convergence in post-recording video repositories, where multiple video sources are brought together and investigated using deep-learning video analytics.
Perimeter protection is also gaining traction
According to Report Linker, a technology company that simplifies how analysts and decision makers get industry data for their business, the perimeter security market is expected to grow from USD 110.64 billion in 2017 to USD 196.60 billion by 2022, at a Compound Annual Growth Rate (CAGR) of 12.2 per cent between 2017 and 2022.
The perimeter security industry is growing substantially both on a local and global scale, with the rising need for securing business assets, employees and customers. The increasing usage of internet of things (IoT) and smart technologies, such as intelligence monitoring, is one of the most significant drivers influencing the growth of the perimeter security market.
Murder by numbers
The looming Day Zero Water Crisis is not the only major threat facing Cape Town. Following the release of the 2017 South African Police Crime Statistics, it was revealed that what was previously thought to be one of the safer regions in the country is in fact home to South Africa’s highest murder rate.
The Western Cape is home to one third of South African police stations where the most killings have been recorded and it’s also home to South Africa’s longstanding murder capital, Nyanga. Seven out of the top 10 police stations where the highest numbers of murders have been recorded are also in the Western Cape.
Back in Gauteng, the Roodepoort police station in Gauteng has experienced the sharpest per centage increase in murders, followed by Ivory Park. In terms of reported rapes, Gauteng is home to nine out of the top 30 police stations in the country, which recorded the highest number of reported cases. According the SAPS crime stats, the Western Cape is home to 10 of the top 30 stations, while Gauteng is second with seven stations and KwaZulu-Natal third with six stations.
According to Police Minister Fikile Mbalula, gang violence has become a major problem in the Western Cape, saying that in future the army may have to be called in to help police. Nyanga in the Western Cape remains South Africa’s murder capital with 281 murders being recorded in the year ending in March. This is up by just two cases from 279 murders recorded in the previous year.
According to Mbalula, the Roodepoort police station in Gauteng, which ranked number 27 out of the top 30 murder stations, had the highest percentage increase in reported murders – 51.7 per cent. The number of murder cases increased by 30 from 58 in the 2015/2016 period to 88 recorded in the 2016/2017 period.
The Gugulethu police station in the Western Cape, ranked number nine in the top 30 murder stations, recorded the sharpest percentage decrease of 26.1 per cent in murders. In the 2015/2016 period, 184 murders were recorded. While over the year ending in March 2017, 136 murders were recorded.
Hillbrow in Gauteng, which is notorious for crime, showed a 13.6 per cent decrease in reported murders. In the 2015/2016 period 103 killings were recorded. This dropped by 14 to 89 killings recorded in the year ending in March 2017.
Just one police station in Mpumalanga is among the country’s top 30 when it comes to reported murders – that of the Embalenhle station, where 85 murders were recorded in the 2016/2017 period.
During Securex South Africa, hosted at Gallagher Convention Centre in Midrand, during May last year, Joshua Low, the former director of Securex spoke about the architecture of fear, adding that South Africans spent R55 billion in 2013 on private security measures. “Most of this is driven by consumers. There are around 490 000 active private security employees in South Africa working in armed response, cash-in-transit, and guarding,” he added.
Mr Low said that consumers were less trusting of the South African Police Services and those who can afford it are more interested in using integrated technology systems to protect their homes and businesses.
A survey conducted in 2013 by consumer insights company Pondering Panda found that most young South Africans do not trust the police. It said that 53 per cent of youth surveyed did not trust police, 23 per cent were afraid of the police, and 22 per cent believed the police could be trusted. It also showed that women were more likely than men to say they were afraid.
Industry experts at the Securex Seminar also commented that the problem with SAPS crime stats is that they probably do not paint an accurate picture of the state of crime in SA, given low levels of consumer trust in the police.