Cyber Warfare – Increased Connectivity Leaves Businesses Open to Attacks

KEY POINTS
In today’s fully connected workplace, every device that connects to the network is a potential entry point for criminals.
Recent technologies have attracted rapid digital transformation across various industries with increased connectivity being among the top. This means that today, more than ever, information has never been more valuable and available.
But with increased connectivity comes myriads of security challenges. This was among the topics discussed by the July Africa Frontiers of Innovation.
The forum was hosted by Kenyas broadcast journalist Victoria Rubidari, and among the panelists were Confidence Staveley, award-winning founder of the Cybersafe Foundation, Nigeria; Catherine Muraga, Head of Engineering at Stanbic Kenya, and Quentyn Taylor, Director of Information Security at Canon for Europe, Middle East, and Africa.
The panelists noted with concern how data insecurity has become rampant with increasing digitization. In fact, according to a 2020 report, cybercrime costs the global economy USD 2.9 million every minute.
Banks and financial services are a popular target, but individuals, businesses of all sizes, and governments are also at risk.
ALSO READ: Remote Working Pushes Kenya’s Corporate Financial Malware Attacks to 29%
Increased connectivity – the Internet-of-Things – creates more entry points for attack. Remote and hybrid working, where people work from home and public spaces, means operating outside usual company structures and controls.
“The consequences of cybercrime and breaches can be devastating. We can’t over-emphasize the importance of data and information security; the connection between our virtual and physical lives is closer than ever,” said Staveley.
Everyone is at risk of getting hacked. With digitization, we are part of a global village. What happens in one region can affect people all over the world.
Types of Attacks
These types of threats range from malware, ransomware, and social engineering. According to an IBM report, 51 percent of attacks are attributed to malicious or criminal actions.
These vary from opportunists looking for an ‘open window’ to giant syndicates like Nigeria-based SilverTerrier, which has implemented more than 2.1 million attacks.
“It’s not one type of person,” said Taylor. “A few are motivated by the challenge. Most are doing it for the money and exploit any opportunity.”
“Criminals generally chose easy targets,” said Staveley. “In Africa, many businesses are not just low-hanging fruit; they are literally on the ground, without the most basic security measures in place.”
Staveley said manipulating people to divulge sensitive information, aka social engineering, is the top attack vector in Nigeria.
“Phishing, using email ‘bait’ to catch people, mobile vishing, and smishing via SMS are all used. COVID-19 brought a wave of attacks around relief efforts and vaccines. Opportunity scams take advantage of this instability and people’s desperation for jobs, scholarships, and new opportunities,” he added.
Being part of the Cloud brings a shared responsibility, and guarding data in the Cloud is up to both the provider and the customers. If SMEs and other businesses are not configuring the Cloud correctly, it can have massive implications for other users.
Challenges
Regulation is inconsistent across the continent. “I come from a financial services perspective which is strongly regulated, but many industries are not, from a compliance or regulation perspective,” said Muraga.
Staveley agreed regulations and compliance are at different levels of maturity across Africa. An African Union Commission survey found that only 8 of 55 African states surveyed had a national strategy on cybersecurity, and only 14 had personal data protection laws.
“There needs to be more accountability and openness. Most regulations in this part of Africa do not mandate to report a breach. This stops us from learning or making people more responsible. If we don’t step up, our global partners will demand it,” Staveley commented.
Businesses and countries that don’t comply may lose access to participating in the global economy.
ALSO READ: Are We Defenseless In The World Of Technology And Cybercrime?
“In a global village, you are forced to comply with international regulations or be left behind,” said Muraga.
Information security and risk management can be expensive; spend has been forecast to grow to over $150 billion worldwide in 2021 by Gartner.
There’s also a massive cybersecurity skills gap, estimated at over 100 000 shortage of qualified professionals on the continent.
Even companies with solid cybersecurity in place can be at risk if their third-party service providers are compromised. The often-poorly-resourced small business sector in Africa creates openings for criminal activity.
Muraga believes the debate around whether convenience or security should be a top priority is a complicating factor. “I’m in the business of trust, our systems need to be user-friendly, and our customers need to feel confident. For security personnel, it’s about how to harden and protect the system; security has to come before convenience.”
Countermeasures & Developing Cyber-Resilience
Despite the enormous challenges, there are several countermeasures available to prevent attacks and aid recovery. The message is to focus on the basics and plan accordingly.
“You will never stop 100% of attacks; you can’t be perfect,” said Taylor, “but you can have a plan.”
Asking key questions is crucial to developing an effective strategy. “What are your crown jewels, your prime assets? What could happen to them and what will occur as a result?” said Staveley. “An SMME may not be able to recover if they do not put measures and structures in place to guarantee the heartbeat of their business.”
According to Staveley, there are three pillars to an information security strategy – people, processes, and technology. “People are the strongest strength or weakest link.
You can’t control attacks, but you can control how quickly you recover. Agree with how you’ll handle cyber-attacks. Muraga said practice makes perfect: “Conduct regular simulations, with different scenarios. Go beyond just the tech, look at who gets called, who deals with customers, who deal with the regulator, get the Board to buy into how you will react and what their role is should a breach occur.”
Training doesn’t need to be expensive. “We worked with over 4,000 SMMEs in Nigeria, and 67% of employees did not recognize a phishing link. Most people didn’t know basic two-factor authentication. All your employees need to know about email and password hygiene and basic security. Get the basics right and build from there.”
Taylor agreed: “Protect your email. It’s the gateway to your customers. A single leak can lead to an attack. Set up business processes that prevent money from being stolen if one person’s email is compromised. You may have already paid for security services through your email and internet provider; check what you already have and plan from there.”
Working in partnership can provide security that wouldn’t be available otherwise. “Reach out to banks, regulators, and corporates to see if there is an opportunity for partnership,” said Muraga. “Look at outsourcing to a more experienced company.”
ALSO READ: The Realities of AI in Cybersecurity: Catastrophic Forgetting
Choose third-party service providers that prioritize security. Assess the risk of all third parties, check whether their security is up to par because, in today’s fully connected workplace, every device that connects to the network is a potential entry point for criminals.
About Soko Directory Team
Soko Directory is a Financial and Markets digital portal that tracks brands, listed firms on the NSE, SMEs and trend setters in the markets eco-system. Find us on Facebook: facebook.com/SokoDirectory and on Twitter: twitter.com/SokoDirectory
- January 2025 (118)
- February 2025 (69)
- January 2024 (238)
- February 2024 (227)
- March 2024 (190)
- April 2024 (133)
- May 2024 (157)
- June 2024 (145)
- July 2024 (136)
- August 2024 (154)
- September 2024 (212)
- October 2024 (255)
- November 2024 (196)
- December 2024 (143)
- January 2023 (182)
- February 2023 (203)
- March 2023 (322)
- April 2023 (298)
- May 2023 (268)
- June 2023 (214)
- July 2023 (212)
- August 2023 (257)
- September 2023 (237)
- October 2023 (264)
- November 2023 (286)
- December 2023 (177)
- January 2022 (293)
- February 2022 (329)
- March 2022 (358)
- April 2022 (292)
- May 2022 (271)
- June 2022 (232)
- July 2022 (278)
- August 2022 (253)
- September 2022 (246)
- October 2022 (196)
- November 2022 (232)
- December 2022 (167)
- January 2021 (182)
- February 2021 (227)
- March 2021 (325)
- April 2021 (259)
- May 2021 (285)
- June 2021 (272)
- July 2021 (277)
- August 2021 (232)
- September 2021 (271)
- October 2021 (304)
- November 2021 (364)
- December 2021 (249)
- January 2020 (272)
- February 2020 (310)
- March 2020 (390)
- April 2020 (321)
- May 2020 (335)
- June 2020 (327)
- July 2020 (333)
- August 2020 (276)
- September 2020 (214)
- October 2020 (233)
- November 2020 (242)
- December 2020 (187)
- January 2019 (251)
- February 2019 (215)
- March 2019 (283)
- April 2019 (254)
- May 2019 (269)
- June 2019 (249)
- July 2019 (335)
- August 2019 (293)
- September 2019 (306)
- October 2019 (313)
- November 2019 (362)
- December 2019 (318)
- January 2018 (291)
- February 2018 (213)
- March 2018 (275)
- April 2018 (223)
- May 2018 (235)
- June 2018 (176)
- July 2018 (256)
- August 2018 (247)
- September 2018 (255)
- October 2018 (282)
- November 2018 (282)
- December 2018 (184)
- January 2017 (183)
- February 2017 (194)
- March 2017 (207)
- April 2017 (104)
- May 2017 (169)
- June 2017 (205)
- July 2017 (189)
- August 2017 (195)
- September 2017 (186)
- October 2017 (235)
- November 2017 (253)
- December 2017 (266)
- January 2016 (164)
- February 2016 (165)
- March 2016 (189)
- April 2016 (143)
- May 2016 (245)
- June 2016 (182)
- July 2016 (271)
- August 2016 (247)
- September 2016 (233)
- October 2016 (191)
- November 2016 (243)
- December 2016 (153)
- January 2015 (1)
- February 2015 (4)
- March 2015 (164)
- April 2015 (107)
- May 2015 (116)
- June 2015 (119)
- July 2015 (145)
- August 2015 (157)
- September 2015 (186)
- October 2015 (169)
- November 2015 (173)
- December 2015 (205)
- March 2014 (2)
- March 2013 (10)
- June 2013 (1)
- March 2012 (7)
- April 2012 (15)
- May 2012 (1)
- July 2012 (1)
- August 2012 (4)
- October 2012 (2)
- November 2012 (2)
- December 2012 (1)