Friday, 20 January 2017

Afro Leo

Could pirated software leave companies at risk of increasing cyber attacks?

As the business world begins yet another year, so too are the cyber criminals gearing up for renewed attacks on all forms of commerce and online industry. Figures show that Africa is increasingly in the sights of these ruthless, highly organized crooks but remains one of the hungriest for illegal software.

Check Point, global online security vendor, has revealed in their monthly Global threat index, that five African nations were among the top 10 most-attacked countries in November as cybercriminals made increasing use of ransom-ware attacks using the Locky and Cryptowall viruses.

Botswana was the most-attacked country in Check Point's list of 117 at-risk nations, followed by Malawi in second place, Namibia in fourth, Uganda in ninth and the Democratic Republic of Congo in tenth place. South Africa moved up to 31.

"Software is generally protected via copyright and using software without a license is considered copyright infringement as well as reckless and fraudulent trading because it defrauds the country of tax revenue and exposes the directors to risk under the companies legislation, in most countries. Apart from that, using proper licensed software will naturally decrease risks of malware. It makes sense [to use proper licensed software] both legally and practically but African countries need to ensure that they can enforce legislation effectively to combat the threat", says one prominent African IP lawyer.

Billa Coetsee, Managing Director for Cloud Computing experts Noctranet and Chairperson of BSA The Software Alliance's  South Africa Committee, has attributed this heightened focus on Africa to increased vulnerability.

All networks need both firewalls and end-point security, think of the firewall as the military that protects against foreign (external) threats, and end-point security as the police force that protects against domestic (internal) threats. Never use pirated software, the pirates need to benefit somehow and often the very purpose of pirated software is to introduce vulnerabilities or embed spyware on user systems (there are very few Robin Hood cases regarding software piracy). Finally, never use default settings, especially a default permit policy, allow only the things you intend to use for the people who intend to use it. Design systems to be secure, don't just design systems and then add security as an afterthought.

Installing good cyber security systems is critical to warding off potential attacks but Coetsee says South Africa is at high risk. He says in his personal experience, he has been shocked at the lacklustre security policies and practices employed within the South African context, in both public and private sector. I contacted a number of companies ranging from telecoms to health insurance organizations indicating clear security vulnerabilities that were glaringly obvious just from using their services. It was only a matter of time for unscrupulous users or hackers to identify these weaknesses, or complete lack of security, and exploit it.”

“I have dealt with a number of government organizations that failed to not only deploy firewalls and end-point security systems, but also in changing the default usernames and passwords for their networking devices and hardware, details that are publicly known to everyone."

He says the socio-political environment also exacerbates the issue as Africa does not want to hear that it is failing to meet industry standards or appear open to regulating employee use.

“The use of illegal unlicensed copies adds further vulnerability, as the parties responsible for bypassing security measures often use the very same techniques to create or embed security vulnerabilities such as "back doors" and/or spyware along with the illegal software,” says Coetsee.

Coetsee also points out that though Africa has become a target, many phishing scams have actually originated in African states such as Nigeria.

He says any sophisticated attack makes use of a technique called "tunnelling", which pertinently hides the origin of the attacker and bypasses any geo-location gate-keeping techniques.

But most alarming for Coetsee is the way the African industry players are dealing with the elevated cyber insecurity issues.

They are using the worst possible strategy: "Penetrate and Patch". This is most often employed and is, in my opinion, one of the worst ways. It is a reactive strategy that "fixes" vulnerabilities only after they have been exploited. Many so-called security experts will say it is the only viable strategy as it is near impossible to predetermine what may be attacked, how, where and why. This leaves the defender vulnerable to the will and determination of potential attackers."

Who Dares Loses
Coetsee says a good course of action can be likened to the historic Himeji Castle in Japan.

“Even though it is more than 400 years old its defences remain untested because nobody ever tried to attack it... This in my opinion is the reason we are seeing an increase in attacks on African nations: others have raised the cost of attacking them, leaving attackers to seek more vulnerable targets. Impenetrable defence is a "unicorn" for all practical purposes, but a pro-active strategy that raises the cost of potential attacks will force attackers to look elsewhere at more vulnerable targets.”

Check Point Software Technologies Ltd., the largest pure-play security vendor globally, provides industry-leading solutions, and protects customers from cyber-attacks using security architecture like Fire-Wall-1 and patented inspection technology.

Nathan Shuchami, Head of Threat Prevention at Check Point said Ransomware attacks were growing in volume for the simple reason that they work and generate significant revenues for the attackers.

“Organizations are struggling to effectively counteract the threat posed by this insidious attack form; many simply don’t have the right defenses in place, and may not have educated staff on how to recognize the signs of a potential ransomware attack in incoming emails. This, of course, only makes it even more attractive to criminals."

Marius Haman, head of Microsoft’s cybercrime unit, wrote in a guest editorial on the CIO that the risk of cyber breach needs to be managed.

With increasingly strict regulations about the safeguarding of information, cyber security is certainly now a board-level issue. Businesses tend to think the risk of attack is relatively low, but if it does happen, the impact can be significant. The outlook is clear: businesses need a proper cyber risk strategy that focuses budget on a holistic approach, one that complies with the five silos of security (identify, protect, detect, response, recover) as identified by the National Institute of Science and Technology,” says Haman.

Coetsee says the best way to combat cyber crime is to consciously and continually employ pro-active defensive strategies both legally and from a practical standpoint. Keep abreast of cyber crime activity and ensure that you have no known vulnerabilities.

Read More

Thursday, 5 January 2017

Afro Leo

Can you assist Aurelia make her IP Article on African IP Open Access?

The burgeoning use of social media and online marketing tools has seen more and more people turning to the world wide digital community to help them drive their interests and offer their contemporaries free-to-access content.

And the legal fraternity is no different.

Afro IP blogger and intellectual property lawyer Aurelia Schultz is on a mission to publish her journal article as an open access document in order for interested parties to benefit from her research.

Aurelia is an attorney working in the area of copyright policy, with a focus on using open licenses and a specialist on intellectual property developments in Sub-Saharan Africa.

 “The students and researchers I hope can find my work most useful and build on it in the future are the least likely to be able to pay for access to a journal. If the article is open access, anyone who wants to read it, copy it or share it will not need to worry about whether or not they can afford a license from the publisher,” says Aurelia.

Because Aurelia is from the US, a developed country by world standards, she is charged a fee to publicly publish the work. However, she cannot afford the fee herself and is looking to raise the funds through the “Go Fund Me” portal, an online portal that helps individuals campaign in their private capacity by motivating for their causes.

The piece of work she wants to publish was written for a special journal issue focusing on IP law in Africa. And her aim is to see it published under a Creative Commons License using money she hopes to raise through Go Fund Me.

To date, she has received $2 407 of the $3 670 she requires to realize her dream of sharing the journal work publicly. You can help her achieve this by donating using this link. Every little bit helps.

Read More

Monday, 2 January 2017

Afro Leo

First January Post

Greetings from the Afro-IP team and best wishes to our readers. As this little blog and community shoots through the 40000 page view per month barrier, we share with you our most popular posts in 2016, in no particular order:
  1. IP and African Music Industries – and interview with Phil Chard by Aurelia
  2. INTA’s first Africa dedicated conference on African soil – click here and here
  3. Clearvu - Africa’s First Adwords case – SA’s Supreme Court Decision here
  4. Aurelia’s coverage of IP Developments in Zambia here and here
  5. Big Win for Copyright and Artists in Tanzania
  6. Brexit & its possible impact on Africa – read more here
  7. Quentin – the homeless man who begged for a trade mark - here
  8. Mozambique’s IP developments and new code - here
  9. Caroline’s ever popular review on IP Policies in Africa
  10. Counterfeiting Strategies in Africa – Guest post by Vanessa Ferguson

We are always looking for good content and bloggers and guest posts. If you feel that you want an outlet for your talents or views or just want to alert us to something, please contact us here for further information. On that note, if you have sent through a blog post which has not yet been published, look out for it this week. Thank you.
AFRO-IP re launch 30 cat naps away!

Afro-IP is now in its tenth year and boasts over 1500 posts on African IP making it the largest news source of searchable information on Africa IP. To celebrate this we are re-launching the blog on 1 February. Don’t miss it.

Best wishes

The Afro-IP blogging team

Read More