By Tonny Tugee
Cybercrime is expected to cost the world $10.5 trillion annually by 2025. It will be more profitable for criminals than the estimated global trade of all illegal drugs combined. From social engineering to ransomware attacks, cyber threats evolve with technology. It has therefore become increasingly important for businesses to bolster their digital security – especially for companies that are pushing to stay competitive by scaling up their digital capabilities.
Small businesses are prime targets for cyber-attacks as they often lack the necessary knowledge and resources to protect their IT systems effectively. Forty three per cent of cyber attacks target small businesses, and sixty per cent of these victims close their business within six months of an attack. Large enterprises are also not exempt from these dangers, and this certainly isn’t an ‘African’ problem. SolarWinds, a fortune 500 software company, was compromised last year and took months to realise this, exposing the data of many of their high-profile clients, including the US Military and the White House.
It seems clear that when it comes to cyber security, no one can be too safe. So, here are some of the common threats in cyber security I think businesses should look out for in 2021.
Phishing
Phishing is one of the most common types of cyber-attack. It uses social engineering to steal login credentials or install malware. Usually, a cybercriminal poses as a trustworthy contact, such as a banking representative or company employee, via an email, phone call, or website that is designed to look legitimate in every way. This tricks the user into either entering their username and password into a fake login form, downloading malware through a hyperlink or email attachment, or giving sensitive company information to the hacker which could help them with their phishing attempts on other employees.
Though phishing can take many shapes and forms – such as a chief executive officer emailing an employee to make an urgent payment – with the right support, it is usually easier to identify and prevent than other forms of hacking.
Training is a cost-effective and critical way for businesses to fight phishing. Once employees know the basics – like the fact that most companies will not simply ask for sensitive information – email addresses and website URLs should be examined carefully. If the domain seems unfamiliar or unusual, it’s good practice to exercise caution – the likelihood of being phished will reduce. Many companies also conduct phishing tests, which randomly send fake phishing emails to safely determine how vulnerable your workforce is. This also helps employees recognise the common characteristics of a phishing scam.
Ransomware
Ransomware is a type of malware that infiltrates a computer or network and encrypts the victim’s valuable files, such as a client database, or even prevents access to the entire network. The valuable files or network access are then held ransom and companies are given a choice: pay the hacker or risk losing everything. With cryptocurrencies used as a form of payment, it has also become nearly impossible to track where ransoms are being paid to.
Ransomware attacks are typically carried out using malware disguised as a normal file (often sent as an email attachment), but they can also travel between computers via other means.
For businesses, it is therefore extremely important to have adequate malware protection and to keep regular backups or ‘system images’, especially of valuable files. This is an easy way to safeguard your business from ransomware attacks and ensure that if a hacker does manage to access your system, you don’t need to worry about losing files because you have duplicates.
IoT attacks
Connected devices like tablets, phones, routers, appliances, or security systems are becoming more commonplace, but they also open up new vulnerabilities for hackers. Malware-ridden USB drives, for example, can simply be plugged into a computer at reception. If it goes undetected, that one device could compromise access to an entire network. As highlighted by Forbes, even printers can be hacked into, giving access to company documents. Leaving default passwords on routers or Wi-Fi extenders could also spell disaster, and some routers even have unpatched exploits that allow hackers to bypass passwords. Mitigating a large portion of this risk is easy for businesses – keeping software updated, changing passwords, and implementing stringent rules about what devices are allowed to join the network is a good place to start.
Mobile phones are also particularly susceptible to malware, and with more people working from their phones, one compromised mobile device could leave business data vulnerable. Devices from trusted manufacturers are usually less susceptible to attacks, but it is essential to keep the firmware security updated. The more devices that are connected to the network, the greater the risk of weaknesses. Businesses should look at implementing multiple layers of network security that kick in when device security fails.
The war of the algorithms
Artificial intelligence (AI) and machine learning have led to innovations in almost every industry – from banking to manufacturing and to healthcare. Now, AI has begun a war of algorithms – an unprecedented arms race between cybercriminals and cyber security companies to make better and smarter AI. Hackers are using machine learning to deploy far more cyber-attacks than a human could, in ways that adapt and learn automatically. Cyber security companies are therefore forced to fight fire with fire, using AI to analyse massive amounts of data, do ‘threat hunting’ on a larger scale, and manage vulnerabilities more efficiently. As attacks become more sophisticated, it becomes more likely that unprotected businesses will fall victim.
Securing your future
From small businesses to global enterprises, cyber security has become an essential practise that no one can afford to overlook. Ensuring that employees are trained and educated about existing threats can prevent serious financial losses. Companies should therefore consider outsourcing their security services if they do not have the adequate IT resources to protect their networks. Moving business to the cloud is also a good way to ensure digital security and should be a first consideration for those who want to secure their business data. You wouldn’t leave the front doors of your office unlocked, so why leave your business data wide open?
The writer is the Seacom East and North East Africa managing director