February 21, 2022
How safe is your business data?
By Tonny Tugee, SEACOM East and North East Africa Managing Director
By 2025, cybercrime is anticipated to cost the global economy $10.5 trillion per year, making it more profitable for criminals than the estimated worldwide trade in all illegal narcotics. Cyber threats evolve with technology, from social engineering to ransomware attacks, and it has become increasingly essential for businesses to strengthen their digital security – especially for enterprises that are continuously working to remain competitive by scaling up their digital capabilities.
Small businesses are prime targets for cyberattacks because they frequently lack the knowledge and resources required to successfully safeguard their IT systems. Small businesses are the target of 43% of cyberattacks and 60% of those who are attacked are forced to close their doors within six months.
Large enterprises aren't immune to these risks, however, and this isn't only an 'African' issue. Last year, SolarWinds - a Fortune 500 software company - was hacked and it took months for the corporation to realize it. This exposed the data of many of their high-profile clients, including the US military and the White House. It appears that no one can be too safe when it comes to cybersecurity. Here are some of the most common cyber security threats that businesses should be aware of today.
Malware disguised as a legitimate file (commonly sent as an email attachment) is used in most ransomware attacks, although it can also spread between computers in other ways. Ransomware is a type of malware that infiltrates a computer or network and encrypts the victim's critical data, such as a client database, or even blocks access to the entire network.
The hacker holds the valuable files or network access for ransom and companies are offered the option to pay the hacker or risk losing everything. It's almost impossible to track where ransoms are paid, now that cryptocurrencies are being used as a method of payment.
It is consequently critical for enterprises to have effective malware protection and to create regular backups or ‘system images’, particularly of sensitive and valuable data. This is a simple approach to protect your company from ransomware attacks and ensure that if a hacker does gain access to your system, you won't lose any data because you have backups.
Phishing is a type of cyberattack that involves the use of social engineering to gain login credentials or to install malware. A cybercriminal will usually impersonate a trustworthy contact, such as a bank representative or a company employee, through an email, phone call or website that is meant to appear official in every way.
The user is tricked into entering their username and password into a fake login form, downloading malware via a hyperlink or email attachment, or providing important company information to the hacker, which could aid them in their phishing attacks on other employees.
Despite the fact that phishing can take numerous forms, such as a "CEO" emailing an employee to request an urgent payment, it is usually easier to detect and avoid than other types of hacking with the right support. Training is a low-cost and efficient strategy for businesses to combat phishing.
Employees will be less likely to be phished once they understand the basics, such as the fact that most companies will not simply ask for sensitive information; that email addresses and website URLs should be examined carefully; and that if the domain appears unfamiliar or unusual, it's best to exercise caution.
Many businesses also conduct phishing tests, in which fake phishing emails are sent out at random to determine how vulnerable your employees are. This also aids employees in recognising the telltale signs of a phishing scam.
Connected devices, such as tablets, phones, routers, appliances and security systems, are growing more prevalent, but they also introduce new vulnerabilities for hackers to take advantage of. For example, malware-infected USB drives can simply be plugged into a computer at reception. That one device could compromise access to an entire network if it goes unnoticed.
Using default passwords on routers or WiFi extenders can also be dangerous because some routers include unpatched exploits that allow hackers to bypass passwords. Businesses may mitigate a substantial percentage of this risk by keeping software up to date, updating passwords and enforcing strict restrictions about which devices are allowed to connect to the network.
Mobile phones are particularly vulnerable to malware and, as more employees work from their phones, a single infected mobile device might expose sensitive company data. Devices from reputable manufacturers are usually less vulnerable to attacks, however firmware security must be updated on a regular basis.
The larger the number of devices connected to the network, the greater the risk. When device security fails, businesses should consider implementing additional layers of network protection.
The war of the algorithms
Almost every industry, from banking to manufacturing to healthcare, has benefitted from artificial intelligence (AI) and machine learning. Now, AI has sparked an unparalleled arms race between cybercriminals and cybersecurity firms to develop better and smarter AI.
Machine learning is being used by hackers to launch considerably more cyberattacks than a human could, in methods that adapt and learn on their own. As a result, cybersecurity firms are being pushed to fight fire with fire, relying on AI to analyse enormous volumes of data, conduct larger-scale ‘threat hunting’ and to better manage vulnerabilities. As cyberattacks become more sophisticated, vulnerable businesses are more likely to be targeted and taken down.
Cybersecurity has become an essential practice to protect your future
Cybersecurity has become an essential practice that no one can afford to ignore, from small businesses to major enterprises. Companies should consider outsourcing their security services if they do not have adequate IT resources to protect their networks. Ensuring that personnel are trained and educated about current threats can help companies avoid major financial losses.
Moving a company's data to the cloud is also a great approach to ensure digital security and it should be a top priority for any business looking to protect its data. For more information or to get a quote for our various IT security solutions, email us at firstname.lastname@example.org or leave us a message.
SEACOM owns Africa’s largest network of information and communications technology (ICT) infrastructure, including fibre optic networks and subsea cables. We offer a wide range of industry-leading scalable ICT solutions for large companies that operate throughout the region.
SEACOM is privately owned - making it adaptable to the needs of the client. We are the preferred ICT and internet connectivity supplier for African enterprises. We can guarantee fast, reliable and secure internet and networking services at affordable prices.
For more information on these solutions, follow us on LinkedIn, Facebook or Twitter. Keep an eye on our news section for industry news and announcements on African ICT, internet connectivity, cloud services and security solutions.