Cyber Warfare – Increased Connectivity Leaves Businesses Open to Attacks

By Korir Isaac / Published August 11, 2021 | 12:31 pm




KEY POINTS

In today’s fully connected workplace, every device that connects to the network is a potential entry point for criminals.


Cyber Attack

Recent technologies have attracted rapid digital transformation across various industries with increased connectivity being among the top. This means that today, more than ever, information has never been more valuable and available.

But with increased connectivity comes myriads of security challenges. This was among the topics discussed by the July Africa Frontiers of Innovation.

The forum was hosted by Kenyas broadcast journalist Victoria Rubidari, and among the panelists were Confidence Staveley, award-winning founder of the Cybersafe Foundation, Nigeria; Catherine Muraga, Head of Engineering at Stanbic Kenya, and Quentyn Taylor, Director of Information Security at Canon for Europe, Middle East, and Africa.

The panelists noted with concern how data insecurity has become rampant with increasing digitization. In fact, according to a 2020 reportcybercrime costs the global economy USD 2.9 million every minute.

Banks and financial services are a popular target, but individuals, businesses of all sizes, and governments are also at risk.

ALSO READ: Remote Working Pushes Kenya’s Corporate Financial Malware Attacks to 29%

Increased connectivity – the Internet-of-Things – creates more entry points for attack. Remote and hybrid working, where people work from home and public spaces, means operating outside usual company structures and controls.

“The consequences of cybercrime and breaches can be devastating. We can’t over-emphasize the importance of data and information security; the connection between our virtual and physical lives is closer than ever,” said Staveley.

Everyone is at risk of getting hacked. With digitization, we are part of a global village. What happens in one region can affect people all over the world.

Types of Attacks

These types of threats range from malware, ransomware, and social engineering. According to an IBM report, 51 percent of attacks are attributed to malicious or criminal actions.

These vary from opportunists looking for an ‘open window’ to giant syndicates like Nigeria-based SilverTerrier, which has implemented more than 2.1 million attacks.

“It’s not one type of person,” said Taylor. “A few are motivated by the challenge. Most are doing it for the money and exploit any opportunity.”

“Criminals generally chose easy targets,” said Staveley. “In Africa, many businesses are not just low-hanging fruit; they are literally on the ground, without the most basic security measures in place.”

Staveley said manipulating people to divulge sensitive information, aka social engineering, is the top attack vector in Nigeria.

“Phishing, using email ‘bait’ to catch people, mobile vishing, and smishing via SMS are all used. COVID-19 brought a wave of attacks around relief efforts and vaccines. Opportunity scams take advantage of this instability and people’s desperation for jobs, scholarships, and new opportunities,” he added.

Being part of the Cloud brings a shared responsibility, and guarding data in the Cloud is up to both the provider and the customers. If SMEs and other businesses are not configuring the Cloud correctly, it can have massive implications for other users.

Challenges

Regulation is inconsistent across the continent. “I come from a financial services perspective which is strongly regulated, but many industries are not, from a compliance or regulation perspective,” said Muraga.

Staveley agreed regulations and compliance are at different levels of maturity across Africa. An African Union Commission survey found that only 8 of 55 African states surveyed had a national strategy on cybersecurity, and only 14 had personal data protection laws.

“There needs to be more accountability and openness. Most regulations in this part of Africa do not mandate to report a breach. This stops us from learning or making people more responsible. If we don’t step up, our global partners will demand it,” Staveley commented.

Businesses and countries that don’t comply may lose access to participating in the global economy.

ALSO READ: Are We Defenseless In The World Of Technology And Cybercrime?

“In a global village, you are forced to comply with international regulations or be left behind,” said Muraga.

Information security and risk management can be expensive; spend has been forecast to grow to over $150 billion worldwide in 2021 by Gartner.

There’s also a massive cybersecurity skills gap, estimated at over 100 000 shortage of qualified professionals on the continent.

Even companies with solid cybersecurity in place can be at risk if their third-party service providers are compromised. The often-poorly-resourced small business sector in Africa creates openings for criminal activity.

Muraga believes the debate around whether convenience or security should be a top priority is a complicating factor. “I’m in the business of trust, our systems need to be user-friendly, and our customers need to feel confident. For security personnel, it’s about how to harden and protect the system; security has to come before convenience.”

Countermeasures & Developing Cyber-Resilience

Despite the enormous challenges, there are several countermeasures available to prevent attacks and aid recovery. The message is to focus on the basics and plan accordingly.

“You will never stop 100% of attacks; you can’t be perfect,” said Taylor, “but you can have a plan.”

Asking key questions is crucial to developing an effective strategy. “What are your crown jewels, your prime assets? What could happen to them and what will occur as a result?” said Staveley. “An SMME may not be able to recover if they do not put measures and structures in place to guarantee the heartbeat of their business.”

According to Staveley, there are three pillars to an information security strategy – people, processes, and technology. “People are the strongest strength or weakest link.

You can’t control attacks, but you can control how quickly you recover. Agree with how you’ll handle cyber-attacks. Muraga said practice makes perfect: “Conduct regular simulations, with different scenarios. Go beyond just the tech, look at who gets called, who deals with customers, who deal with the regulator, get the Board to buy into how you will react and what their role is should a breach occur.”

Training doesn’t need to be expensive. “We worked with over 4,000 SMMEs in Nigeria, and 67% of employees did not recognize a phishing link. Most people didn’t know basic two-factor authentication. All your employees need to know about email and password hygiene and basic security. Get the basics right and build from there.”

Taylor agreed: “Protect your email. It’s the gateway to your customers. A single leak can lead to an attack. Set up business processes that prevent money from being stolen if one person’s email is compromised. You may have already paid for security services through your email and internet provider; check what you already have and plan from there.”

Working in partnership can provide security that wouldn’t be available otherwise. “Reach out to banks, regulators, and corporates to see if there is an opportunity for partnership,” said Muraga. “Look at outsourcing to a more experienced company.”

ALSO READ: The Realities of AI in Cybersecurity: Catastrophic Forgetting

Choose third-party service providers that prioritize security. Assess the risk of all third parties, check whether their security is up to par because, in today’s fully connected workplace, every device that connects to the network is a potential entry point for criminals.




About Korir Isaac

A creative, tenacious, and passionate journalist with impeccable ethics and a nose for anticipated and spontaneous news. He may not say it, but he sure can make one hell of a story.

View other posts by Korir Isaac


More Articles From This Author








Trending Stories










Other Related Articles










SOKO DIRECTORY & FINANCIAL GUIDE



ARCHIVES

2022
  • January 2022 (195)
  • 2021
  • January 2021 (182)
  • February 2021 (227)
  • March 2021 (325)
  • April 2021 (259)
  • May 2021 (285)
  • June 2021 (273)
  • July 2021 (277)
  • August 2021 (233)
  • September 2021 (271)
  • October 2021 (305)
  • November 2021 (365)
  • December 2021 (250)
  • 2020
  • January 2020 (272)
  • February 2020 (310)
  • March 2020 (390)
  • April 2020 (321)
  • May 2020 (335)
  • June 2020 (327)
  • July 2020 (333)
  • August 2020 (276)
  • September 2020 (214)
  • October 2020 (233)
  • November 2020 (242)
  • December 2020 (187)
  • 2019
  • January 2019 (251)
  • February 2019 (215)
  • March 2019 (285)
  • April 2019 (254)
  • May 2019 (271)
  • June 2019 (250)
  • July 2019 (338)
  • August 2019 (293)
  • September 2019 (306)
  • October 2019 (313)
  • November 2019 (362)
  • December 2019 (319)
  • 2018
  • January 2018 (291)
  • February 2018 (213)
  • March 2018 (276)
  • April 2018 (223)
  • May 2018 (235)
  • June 2018 (176)
  • July 2018 (256)
  • August 2018 (247)
  • September 2018 (255)
  • October 2018 (283)
  • November 2018 (283)
  • December 2018 (184)
  • 2017
  • January 2017 (183)
  • February 2017 (194)
  • March 2017 (207)
  • April 2017 (104)
  • May 2017 (169)
  • June 2017 (205)
  • July 2017 (190)
  • August 2017 (195)
  • September 2017 (186)
  • October 2017 (235)
  • November 2017 (253)
  • December 2017 (266)
  • 2016
  • January 2016 (165)
  • February 2016 (165)
  • March 2016 (190)
  • April 2016 (143)
  • May 2016 (245)
  • June 2016 (182)
  • July 2016 (271)
  • August 2016 (247)
  • September 2016 (234)
  • October 2016 (191)
  • November 2016 (243)
  • December 2016 (153)
  • 2015
  • January 2015 (1)
  • February 2015 (4)
  • March 2015 (165)
  • April 2015 (107)
  • May 2015 (116)
  • June 2015 (119)
  • July 2015 (147)
  • August 2015 (157)
  • September 2015 (186)
  • October 2015 (169)
  • November 2015 (173)
  • December 2015 (207)
  • 2014
  • March 2014 (2)
  • 2013
  • March 2013 (10)
  • June 2013 (1)
  • 2012
  • March 2012 (7)
  • April 2012 (15)
  • May 2012 (1)
  • July 2012 (1)
  • August 2012 (4)
  • October 2012 (2)
  • November 2012 (2)
  • December 2012 (1)
  • 2011
    2010
    2009
    2008
    2007
    2006
    2005
    2004
    2003
    2002
    2001
    2000
    1999
    1998
    1997
    1996
    1995
    1994
    1993
    1992
    1991
    1990
    1989
    1988
    1987
    1986
    1985
    1984
    1983
    1982
    1981
    1980
    1979
    1978
    1977
    1976
    1975
    1974
    1973
    1972
    1971
    1970
    1969
    1968
    1967
    1966
    1965
    1964
    1963
    1962
    1961
    1960
    1959
    1958
    1957
    1956
    1955
    1954
    1953
    1952
    1951
    1950