InfoSec Advisory with Del Aden: Emerging cyber threats and how to prevent them

0
Del Aden is a UK-based Enterprise Architect

Cybercrimes have become big news!  With large data and security breaches at many organisation generating headlines…. It has never been more challenging for security and risk management leaders to protect the organization’s data and strengthen its Digital security posture. But today, the challenge is even more complicated – with an expanded attack surface due to the remote (home) working of the global workforce.

In the new normal, your remote workforce is increasingly accessing corporate data from mobile devices. That means the exposure to data breaches is greater than ever, making data security a top concern for every organisation in Africa. 

In this age of the COVID-19-driven new normal, the remote workforce is using mobile devices to access corporate data, often over public Wi-Fi networks that are easy to compromise, sending more emails, messaging more often, and sharing more files than ever.  The result is that exposure and risk are at unprecedented levels.

Emerging Cyber Threats of 2021

Since March 2020, researchers at Check Point observed an enormous rise in the number of attacks and data breaches originating through the mobile endpoints primarily used by remote workers, and how they might impact businesses, governments, and individuals in 2021 and beyond.

Below are some of the emerging and existing cybersecurity threats you are likely to hear more about this year:

  1. Deepfakes – This is a combination of the words “deep learning” and “fake.” Deepfakes happen when artificial intelligence technology creates fake images and sounds that appear real. A deepfake might create a video in which a politician’s words are manipulated, making it appear that political leader said something they never did. Other deepfakes superimpose the face of popular actors or other celebrities onto other people’s bodies.
  2. AI-powered cyberattacks – Using artificial intelligence, hackers are able to create programs that mimic known human behaviors. These hackers can then use these programs to trick people into giving up their personal or financial information.
  3. Cloud jacking – is a form of cyberattack in which hackers infiltrate the programs and systems of businesses, stored in the cloud, and use these resources to mine for cryptocurrency.
  4. Ransomware attacks on the public sector – In a ransomware attack, hackers access the computer systems of an end user, usually freezing them. These attackers will only unlock the infected systems if the victim pays a ransom. Hackers today often target the computer systems of government bodies, including municipalities, public utilities, and fire and police departments, hijacking their computer systems until these government agencies pay a ransom.
  5. Advances in quantum computers pose a threat to cryptographic systems – The idea of quantum computing is still new, but at its most basic, this is a type of computing that can use certain elements of quantum mechanics. What’s important for cybersecurity is that these computers are fast and powerful. The threat is that quantum computers can decipher cryptographic codes that would take traditional computers far longer to crack — if they ever could.
  6. Breaches in hospitals and medical networks – Hospitals and other medical providers are prime targets for cybercriminals. That’s because these medical providers have access to the personal and financial information of so many patients. Data breaches can expose this information; which hackers can then sell on the dark web.

 

Effective cyber threat defense mechanism

To help security leaders choose a cyber security solution that is robust, comprehensive, and its designed to keep their organization and sensitive data safe, we have outlined below some cyber threats defense mechanism:

  1. Protection of all attack vectors – Most devices have three key vectors of attack – the device’s operating system, apps, and the network. Consequently, the optimal cyber security solution must demonstrate advanced capabilities for securing each of these three vectors.
  2. Full visibility into the risk level of your workforce – Having a complete picture of the organization’s cyber security posture is critical to effectively mitigating risk and accelerating response when needed. The most effective tool for bridging the gap and for managing cyber threats is an advanced and intuitive visual dashboard that provides real-time threat intelligence with visibility into the threats that are impacting your organisation.
  3. Scalability, for securing thousands of devices in no time – What this means is that the optimal cyber security solution must be able to support every device type, operating system, and device-ownership model. And, as the organization grows, it should also be able to scale without adding complexity to the security operation.
  4. Ensuring privacy by design – Ensuring employee and customer privacy is an additional critical mandate. As such, the optimal cyber security solution must also be designed for uncompromising privacy protection.
  5. Stop the Complacency! – According to a recent survey, Complacency remains Biggest Cybercrime Problem in Africa. The I.T and InfoSec teams of most organisations in Africa tend to believe they have cyber theft protection under control. And the lack of requirements for disclosure meant that they are able to hide cyber attacks and data breaches from their management and other regulatory authorities and agencies such the central banks, etc.
  6. Engage the services of Cyber security consultants – Independent Cybersecurity consultants can provide third-party expertise and an outside perspective to help even the so-called cyber mature organizations continuously improve the way they manage cyber risk. Outside help can provide a fresh perspective on inefficiencies or systemic problems in order to keep moving the needle on security effectiveness. Consultants also offer up expertise and experience to support limited projects, for which a company couldn’t afford to hire (and wouldn’t want to keep) additional long-term staff.

There’s always room for improvement

No matter how mature your cybersecurity program has evolved to be, there always remains room for improvement. Many organizations that have mastered the basics of cybersecurity can take their practices to the next level by making architectural improvements, adding more sophisticated detection or monitoring, and streamlining operations.

But even organizations with leading cyber risk management programs can struggle to make this jump to the next level. In order to overcome obstacles, many leading organizations turn to cybersecurity consultants to provide unbiased, expert advice and to augment their own staff expertise and resources in order to get over plateaus in the growth of their cybersecurity programs.

Worth Noting:

Delta3 International is committed to helping organizations in Africa to secure their data. In this regard, we are happy to share the following the optimization ideas with your team:

  • Enhancing security architecture to improve how security controls are designed
  • A zero-trust readiness assessment to identify prerequisites, before building a zero-trust roadmap
  • Opportunities for optimizing your SOC processes and procedures
  • Opportunities for optimizing your Cyber Incident Response and Business Continuity Planning & strategies
  • Bespoke & Effective Training in technology innovation and data security

Why it matters:

Businesses worldwide are at risk for security breaches. While large, well-known companies seem a likely target, small and medium-sized organizations and individuals are also at risk. There are many ways data can be compromised, including viruses, phishing scams, hardware and software vulnerabilities, and network security holes.  As such, it is the responsibility of each organisation to defend their digital infrastructure

About the Author

Del Aden is a UK based InfoSec & Business Continuity Consultant, with main focus on helping organisations to implement Digital Transformation, defend their digital infrastructure and plan their Business Continuity Strategies. Del is also a freelance writer, international conference speaker and a global trainer. Contact: [email protected] | WhatsApp:+44 7973 623 624  |  Web: www.delta3.co

Leave a Reply