By Mohit Sahni
We live in a world where everything connects to the internet. As a result, all of us, as individuals and organizations, are susceptible to cybercrime. Although cyber-attacks are not a new threat, the number, type and sophistication of the attacks have developed over the past twenty-four months. PwC’s 2020 Global Economic Global Economic Crime and Fraud Survey, stated cybercrime as the second most reported fraud, with 34 percent of respondents falling victim to cyber-attacks. According to the report, cybercriminals frequently attack government institutions, the healthcare industry, as well as media and telecommunications sectors.
This trend, however, does not mean that individuals and private sector organizations are not under threat. You may believe you’re a small target; however, this does not mean that you are not at risk.
The social measures recommended by experts to combat COVID-19 means more people have adapted to working remotely, studying on the internet and shopping online. To support this shift in behaviour, we depend more than ever on computer systems, smart devices and online connectivity and security experts are increasingly concerned about cybercrime because it is currently benefiting from such external conditions. This uncoordinated shift to working from home and the unprecedented rise in electronic transactions leaves many without the necessary cybersecurity infrastructure vulnerable to criminals looking for victims. So here are some examples of cyber-attacks and what you should know about them.
Malware or malicious software is a type of software used by cybercriminals to disrupt computer systems, steal data, encrypt or delete sensitive data and break into computer networks. Trojans, worms, adware and spyware are all types of malware that can infiltrate core computing functions and monitor users’ computer activity without their permission or knowledge.
Man-in-the-Middle (MitM) attack
A man in the middle attack is when an attacker intercepts a two-party transaction between users to either secretly eavesdrop or modify data between the two. A successful MitM attack allows the hacker to steal credentials or personal information, spy on victims, sabotage communications or destroy data.
Denial-of-Service (DoS) attack
A DoS attack shuts down a machine or network by flooding systems, servers or networks with traffic that triggers a crash. A DoS attack denies legitimate users to use a system and resources as expected. DoS attackers use these attacks to interrupt a variety of services such as email, online accounts for example, in banking and access to websites.
Criminals carry out social engineering attacks by manipulating and exploiting unsuspecting victims to obtain confidential information which proves beneficial to the attacker. Such criminals often masquerade as harmless individuals in the form of employees, researchers or external consultants or by impersonating others through social media.
A Phishing attack is one where criminals deceive people into sharing sensitive information such as passwords, banking details and credit cards. The most common phishing tactic is where victims receive malicious communication via email, text messages, telephone or social media that imitate a person or an organisation they trust, such as co-workers, banks or familiar websites. The rapid move to online communication has resulted in phishing becoming an increasingly common cyberthreat to internet users.
The United Nations recently reported a 350 percent increase in phishing websites in the first quarter of 2020. The Daily Nation recently published a report on how vulnerable banks are to cyber-attacks. The frequent attacks directly stem from the limited resources and expertise that Kenya’s security agencies have to investigate such crimes. According to the report, Kenya has been losing billions to cybercrime. From 15.1 billion until 2015 to over 30 billion over the past five years.
Advancements in technology, such as Artificial Intelligence has allowed the cybersecurity industry to evolve and develop more sophisticated tools. Like other offenders, cybercriminals continuously change their modus operandi as technology develops. As a result, you should regularly review your cybersecurity setup and policies to ensure you are secure from new forms of attacks.
We face a significant challenge in staying ahead of cybercriminals, and even the most secure systems have fallen victim to modern attacks. In July 2020, bitcoin scammers hacked over 100 high profile Twitter accounts the biggest cryptocurrency scams to date. The former CEO of IBM Ginni Rometty once said: “cybercrime is the greatest threat to every company in the world”. Such are the challenges that technology has brought in this new era.
How can you protect your business?
Protecting your business from cyberattacks can prove a complicated task. However, simple evaluations and continuous assessment of your operations can help guide your requirements and ensure your business remains protected from a threat that is here to stay. The following three steps are the perfect starting point for any business looking to protect its network from potential attackers:
Regular Employee Training
You must ensure that your employees undergo thorough training on different cybersecurity threats that can impact your business. A trained workforce will take extra steps to take care when engaging with the cyberspace. Employees can detect potential phishing attempts and attacks such as DoS and attempts at social engineering.
Develop business continuity plans that incorporate cyber-attacks
Conducting business in today’s environment, it is likely that computers and online connectivity play an essential role in your daily operations. Considering the possible outcomes of a cyber-attack on your business when building or redefining your business continuity plan will help ensure you are informed of potential risks to your operations before an attack happens.
Keep your computer software, firewalls, anti-virus and other standard security applications updated
Outdated software is particularly susceptible viruses and malware the size of your business so regularly updating your business systems is good practice that will ensure protection viruses and malware. Conducting regular updates to your systems can prove tedious and time-consuming. However, with the rapid rise in cyber-attacks, the risk is too high for you to ignore. With regular updates, you should also backup your data and applications and store them in a secure place to safeguard it from easy access from potential adversaries.
If you find yourself concerned that your data is compromised, ensure that you raise a red flag about it as soon as you can. Doing so will allow the necessary time to contain the attack, like changing passwords and PINs. The same thing goes with a personal compromise – be sure to contact your bank/credit card company immediately should you spot any irregularities with your account.
Preparation and planning are essential to ensure your business is not vulnerable to cyber-attacks. You should conduct an in-depth analysis of cybercrime trends. By analyzing cyber threats to your business, you build a layer of cybersecurity tools that can proactively protect you and your business.
The COVID-19 pandemic has increased the challenges posed by cybercrime. More people have moved their lives online following social distancing measures, and the culture of working from home is here to stay. Therefore, we should all be concerned about cybercrime and implement the relevant measures to protect ourselves.
Mohit Sahni is a Security Consultant at Securex Agencies (K) Ltd a Private Security Company in Kenya.