Cybersecurity is the glue that holds the many different components of the digital age together. Just imagine having your banking details or confidential business information splashed across a billboard. That’s essentially what not having adequate cybersecurity measures in place means: handing critical data to people looking to profit from it.
And make no mistake – there are countless cybercriminals lurking in the shadows looking for the slightest vulnerability that they can target to access that valuable information. As rapidly as technology evolves, so too do cybercriminals, who are notoriously savvy, sophisticated and determined.
So how then can end users, computer hardware and software engineers, vendors and regulators ensure that they stay a step ahead? Theo Watson, Commercial Attorney – Middle East and Africa at Microsoft, Shaun Durandt, General Manager of HMD Global, and Graeme O’Driscoll, Head of R&D – Cyber Security at Internet Solutions debated this at a recent round table.
“We are at the stage that it is inevitable that a cyberattack will happen; it’s a case of when rather than if – and the only answer to this is a zero trust model, coupled with putting layers of security in place to make it significantly harder for cybercriminals to breach,” said O’Driscoll.
Zero trust means trusting no-one and aggressively verifying other people’s and company’s identities. But even the most sceptical person can be tricked, so it is necessary to put multiple layers of security measures in place to protect both personal and organisational data.
These layers can include multi-factor authentication, which is gaining traction and which Apple has built in to their devices, for instance. With the addition of different levels of protection such as requiring a user name and password, needing facial recognition or a fingerprint for access, and encrypting data, this provides a solid foundation that makes it more difficult for cybercriminals to penetrate.
Making cybersecurity everyone’s responsibility
While these layers suggest that security needs to be built into devices, applications and systems – and they absolutely do – the approach to cybersecurity requires multi-stakeholder engagement and responsibility.
“Regulators, for instance, need to put legislation in place to protect the ordinary person in the street from scandals like Cambridge Analytica, where millions of people’s personal data was harvested without their consent to target them with political adverts – but often regulations are outpaced by the speed with which technology evolves or aren’t practical, so it is critical that multiple stakeholders across sectors engage to ensure that regulations don’t have unintended consequences,” noted Watson.
Making sure that all stakeholders are able to play their parts can only be achieved through education. This is particularly true for consumers, said Durandt. “People are starting to think more cognitively about security on their devices, but it is critical to keep educating them to change their behaviour and adopt a zero trust approach where they are sceptical.”
In South Africa, there is also the unique challenge of affordability, though, that it is important to be cognisant of. The high cost of data means that many consumers are simply unable to afford the data that allows them to update security patches – and building in layers of security like facial and fingerprint recognition is equally costly for manufacturers. “These are challenges but brands, like us, are increasingly trying to find ways to help customers keep up-to-date with security, including running campaigns and competitions centred on running the latest patch,” he noted.
This proves the point that every player needs to take responsibility and get involved in cybersecurity. Only by putting in place the right regulations, building in layers of security and educating end users about their own role cybersecurity and to take a zero trust model can we hope to win the evolutionary arms race against cybercriminals.