It’s an interesting time to be an internet user. The brains over at the Council for Scientific and Industrial Research (CSIR) today detailed the recent trends in cybersecurity threats, both internationally and in South Africa, offering some insight into what South Africans can expect from criminal activity online.
The group also detailed the products and services it has at its disposal to help mitigate cyberattacks and other online threats. These range from the kinda-awesome (a network traffic dongle-slash-early-warning-system) to the actually-scary (biometrics for kids). But first, what to expect from the internet in 2023:
CSIR, you can’t go in there
It shouldn’t be surprising that criminal activity online is on the increase. It’s cheap. It’s easy. It’s profitable. It’s also an attack vector that governments and those that oppose them are willing to exploit. That’s why one of the greatest threats online is expected to come from a geopolitical conflict. Think Russia vs. Ukraine, Australia vs. Emus, America vs. everybody. Okay, we’re joking about a potentially serious event but basically everyone is expecting a serious event to take place in the near future. Not this year, perhaps, but soon.
Closer to home, by which we mean at home, businesses and the South African government are expected to face increasing threats from cybercriminal activity. That’s across the board but the CSIR expects ransomware in particular to proliferate more. Incidents of blackmail (“cyber-harassment, cyber-extortion, [and] sextortion”) are also predicted to increase. Worryingly, kids will also be criminally targeted with greater frequency, according to the CSIR’s research.
Now that you’re terrified…
The CSIR wouldn’t go out and be utterly terrifying without some sort of a backup plan (we’d hope). In addition to increasing its efforts to recruit and develop new cybersecurity experts, which the group plans to do via bursaries and other outreach programs, it has developed several products. These aren’t really consumer-friendly. They’re supposed to be deployed at a business or government level. Because those are the agencies most under threat. Plus, you know, they’re more likely to have the resources to roll these solutions out as broadly as they need to be.
The closest thing to a commercial product the CSIR offers is something called a Cyber Early Warning System or CEWS. It’s a little black box designed to be slotted into a network environment. CEWS scans network traffic for a variety of threats and notifies network admins if something’s awry. It won’t prevent intrusion entirely, because there needs to be some malicious network traffic, but it could stop an unpleasant situation from escalating. Plus, the CSIR says, this particular model is more affordable than most options on the market. Locally made and all that.
There are three software-based platforms designed to detect and deter threats of a cybercriminal nature. There’s something called Cyber Protect, which “[m]onitors the cyber-threat landscape”, checking whether personal details have been compromised and also checking whether any Internet of Things (IoT) devices, a notoriously insecure lot of gadgets in general, have been turned to malicious purposes.
There’s also mSAP, or Mobile Application Security Assessment Platform. That automates the security analysis of Android or iOS apps, generating a report about any potential security threats. Android, in particular, is known for apps that siphon off data and send it to unpleasant places. mSAP helps avoid that. Finally, there’s the POPIA Compliance Assessment Toolkit, which doesn’t have a fancy acronym and does exactly what it says on the tin.
And then there’s this guy
The final two products the CSIR is fielding are a little concerning. Both have to do with fingerprints and the first, Veristic Print, isn’t entirely dystopian. Veristic Print is a fingerprint scanning technology that can use a camera sensor to verify people’s biometrics. It’s currently available for licensing from the group. But the other fingerprint tech is… worrying.
Called Biometrics for Children, this is an idea that we can see the utility of. Collecting fingerprint, iris, and ear shape (yes, you can identify people using that, unless they have a bad case of cauliflower ear) data in the event of a child going missing has positive applications. But that biometric information will stick around long after the threat of human trafficking has passed. Collect that sort of identifying information on enough people and you can do some truly terrible things… if that information is in the wrong hands. And, as the CSIR’s own information shows, the wrong hands are constantly trying to secure valuable information.