Aug 18, 2021–Written by Divine Sufor Anye, Phd. The world has never been as connected or as digital as it is today. From personal devices to complicated industrial systems, digitization is now all around us. Wherever you look, the world seems to be taking on a digital dimension. But where does Africa stand in this rapidly digitizing world? Read this book to get the answer.
Category: Digital Transformation
Apr 3, 2018, Washington, DC–Frank Welffens, Managing Partner at USAFCG, joined the Washington Forum at Voice of America in Washington, DC, and participated in the discussion on information security and Facebook in light of Cambridge Analytica’s scandal.
Discussion Topic: Panic winds at Facebook, following the revelations of data use of millions of users by the company Cambridge Analytica to influence the last US presidential election. And in Africa, how can Facebook influence political processes?
Washington Forum: 30 minutes of African, American and international news. Economy, politics, health, religion, sports, science, multimedia: our experts answer your questions live, via Live Remote, Skype, and telephone from Dakar to Johannesburg, via Cairo, New York, Paris and London . This broadcast is broadcast live by satellite for TV stations and radio partners of the VOA in French-speaking Africa.
Washington, DC, 30 March 2018: Voice of America Washington Forum’s host Raissa Girondin discusses Facebook and Cambridge Analytica’s scandal and the potential impact on social media use in Africa with Frank Welffens, Managing Partner, USAFCG.
Jan 10, 2018–As companies embrace technologies such as the Internet of Things, big data, cloud, and mobility, security must be more than an afterthought. But in the digital era, the focus needs to shift from securing network perimeters to safeguarding data spread across systems, devices, and the cloud.
January 23, 2017
Technologies such as big data analytics, the Internet of Things (IoT), blockchain, and mobile computing are reinventing the way companies handle everything from decision making to customer service. The automation of virtually all business processes and the increasing digital connectedness of the entire value chain create agility, but they also significantly raise cybersecurity risks and threat levels.
The key to addressing those risks and threats is building security into applications, as well as into interconnected devices, right from the start.
Running IT systems in the cloud supports organizational flexibility. To that end, companies are increasingly moving both data and business functions (e.g., human resources and procurement) between the cloud and on-premises legacy systems.
But as companies embark on their journeys of digital transformation, they must make cybersecurity a top priority, says Michael Golz, CIO, SAP Americas. “We have to maintain confidentiality, integrity, and availability of data in all these contexts: on premises, in the cloud, and in hybrid environments,” Golz says.
Both the value and the volume of data have never been higher, and end points are more vulnerable than ever. That’s especially the case with the IoT, which is still in its infancy. As the IoT is extended to everything from industrial equipment to consumer devices, attacks are growing not just in number, but also in sophistication. Next-generation devices are now deployed in potentially vulnerable environments such as vehicles, hospitals, and energy plants, vastly increasing the risks to human welfare. Concerns about such devices being hacked, turned into botnets, and used to attack targeted computers and organizations are growing as well.
“Any vulnerabilities in the supply chain now have a wildfire effect that results in millions of dollars being lost and trust being destroyed on impact,” says Justin Somaini, global CSO, SAP. “It used to take a while to exploit these weaknesses. Nowadays, it’s very fast and the damage is immediate.”
With the stakes so high, senior IT leaders, including both CIOs and CSOs, need to adopt a more proactive approach to securing critical data. Forensic analysis of what went wrong after a breach won’t be enough to save lives—or C-level careers.
Focusing on Both Applications and Data
Cybersecurity professionals are accustomed to securing access to their networks and applications. But digital transformation leads to an explosion of connected environments where perimeter protection is no longer enough. Attackers and other malicious individuals will continue to compromise weak links, resulting in deep access to companies’ networks, systems, and data.
In a digital world, the classic, contained enterprise network no longer exists. For that reason, security must be embedded into all applications as the first line of defense, Somaini says. To achieve that level of security, SAP favors the “security by default” approach, in which an application’s embedded security controls are, by default, set at the highest levels of protection. “The idea is to build in security, rather than asking users to opt in,” he says. That’s one of the hallmarks of being more proactive in securing data: protection is the default posture.
So-called “self-defending apps” are another example of proactive security. This active-protection technique provides applications with advanced access-control capabilities, allowing them to react to malicious source-code modifications and debugging at runtime. Encryption of all data in transit is another core tenet of preemptive cybersecurity, according to Somaini. SAP HANA, for example, features encryption services for data both at rest and in flight.
Among the most important factors for heading off insider threats are two-factor authentication (which verifies a user’s identity via two different methods) and role-based access controls (which limit the user’s access to data by job role), Golz says. “The insider threat is very real. There are a lot of data breaches today by people who have a legitimate authorization that is too broad. They get to see more than they are entitled to. Two-factor authentication dramatically increases the security of the communications.”
Bringing Two Worlds Together
The cybersecurity issues raised by digital transformation are driving the need for a better understanding between the organization’s cybersecurity professionals and those who provide application security. “Traditionally, those groups don’t speak the same language and don’t understand what the other side is doing,” Golz says.
Today, responsibility for cybersecurity is generally shared by the application team, which tends to focus on hardening and securing enterprise applications, and the cybersecurity professionals, who handle aspects such as access controls and firewalls. “Those are different roles, and they use different technologies and terms,” Golz says. Going forward, with the focus shifting from traditional network-perimeter security to securing application data, those two worlds need to join forces to prevent issues from falling through the cracks, he adds.
Digital transformation makes it essential that the cybersecurity and IT teams find a common understanding, a shared terminology, and a unified approach to securing applications and data. “Systems are being opened in ways that they weren’t before,” Golz explains. “There is more direct connectivity with suppliers, partners, customers, and consumers. There are tighter connections between a company’s Web presence and back-end systems. The seamless process flows mean more things can go wrong.”
When it comes to digitally transforming a company’s business, cybersecurity must be part of that conversation from the start. As a case in point, many companies now sell software along with their products. For example, a large industrial vendor such as GE today provides not just the equipment used in production environments but also subscription-based monitoring and maintenance services to ensure that equipment does not experience an unexpected outage. “That means all the challenges and requirements a software company faces now apply to you. The way you protect the data is paramount. It’s a whole set of new challenges,” Golz says.
As one of the top providers of business-critical applications, SAP will continue to build security into the heart of its applications and to secure cloud operations to protect content and transactions, Golz says. “We are working to help customers define, plan, and execute measures for their secure digital transformation.”
Source: MIT Technology Review Custom https://www.technologyreview.com/s/603426/cybersecurity-in-the-age-of-digital-transformation/
Jul 20, 2017–The Global Cybersecurity Index (GCI) is a survey that measures the commitment of Member States to cybersecurity in order to raise awareness.
The second edition of the Global Cybersecurity Index 2017, released by the International Telecommunications Union (ITU), an agency of the United Nations, measured the commitment of ITU Member States to cybersecurity and highlighted a number of illustrative practices from around the world.
The GCI revolves around the ITU Global Cybersecurity Agenda (GCA) and its five pillars (legal, technical, organizational, capacity building and cooperation).
The data collected shows that developing countries lack well-trained cybersecurity experts as well as a thorough appreciation and the necessary education on cybersecurity issues for law enforcement, and continued challenges in the judiciary and legislative branches.
According to the report, the 2017 publication of the GCI continues to show the commitment to cybersecurity of countries around the world. The overall picture shows improvement and strengthening of all five elements of the cybersecurity agenda in various countries in all regions. However, there is space for further improvement in cooperation at all levels, capacity building and organizational measures. As well, the gap in the level of cybersecurity engagement between different regions is still present and visible. The level of development of the different pillars varies from country to country in the regions, and while commitment in Europe remains very high in the legal and technical fields in particular, the challenging situation in the Africa and Americas regions shows the need for continued engagement and support.
In addition to providing the GCI score, this report also provides a set of illustrative practices that give insight into the achievements of certain countries.
Sep 23, 2016–Africa is now home to some of the world’s fastest growing economies–the terms “Africa rising” and “lions on the move” have both been used in recent years to capture the positive economic outlook for the continent. In tandem with this new economic boom, countries in the African Union (AU) have experienced explosive growth in the use of technology and the spread of information and communication technology (ICT) infrastructure over the past decade and a half. About 300 million users have been brought online since 2000 due to the liberalization of telecommunications markets across African countries and the increasingly widespread availability of mobile technologies. For Africa, the technology age is booming– and shows few signs of slowing. The rapid turnaround from being a continent essentially offline in 2000, with only 4.5 million Internet users, to this level of connectivity has left African leaders scrambling to implement adequate cybersecurity policies and regulations.
In spite of the breathtaking growth of ICT use, the development of national cybersecurity legislation has been relatively stagnant in the region. Mauritius, which has legislation addressing cybercrime, e-commerce, data protection, and privacy as well as an established Computer Emergency Response Team (CERT), remains a distant outlier on the continent. Countries such as Chad, Guinea-Bissau, and Gabon, which have minimal-to-no legislation addressing cyber issues, are much more typical. The AU faces the challenge of developing a common continental cybersecurity policy, which requires not just the harmonization of legislation across several economic regions but also encouraging national policy development in a majority of member states. Attaining this level of political cohesiveness–in a regional organization that consistently faces criticism of ineffectiveness–is a steep hurdle to overcome.
Africa is experiencing a unique state of vulnerability due to the absence of national legislation and international cooperation available to handle growing cyber threats. Despite this very real challenge, cybersecurity is inherently intertwined with more general trade and economic development in Africa, creating space for cooperation and consensus. The growing global recognition of the necessity for ICT and cybersecurity policies has been intertwined with AU economic policy since the early 2000s. Additionally, partnerships with the European Union (EU) and United Nations (UN) that have been tied to broad regional economic development have been integral to driving both regional and national cybersecurity initiatives. If it strengthens these partnerships, the African continent has real potential to create a robust and secure cybersecurity environment.
Read more from the author of this article: Skye Terebey
Source: https://jsis.washington.edu/news/african-union-cybersecurity-profile-seeking-common-continental-policy/ The statements made and views expressed are solely the responsibility of the author.