We live in an increasingly connected world where information flows between us and the organizations and companies we deal with every day. Historically that information was stored in filing cabinets but, today, most of it is stored on computers—sometimes accessible via the Internet. The internet, however, is an ocean full of sharks circling around, waiting for that drop of blood in the water. Just like an ocean, the outward scenery looks beautiful and pleasing, but inside is infested with so many dangers.
We have come from a year that saw the global village shaken up by a series of cyber threats all around. Talks are still going on the issue of Russia meddling into the US elections back in Nov. 2016 and new insights come up each and every day we have our eyes on the American politics. Other than this, the world fell victims into the hands of “Shadow Brokers” a few months ago. The ransomware dubbed WannaCry was disseminated on May 12, 2017, targeting a variety of organizations and institutions worldwide. The ransom note, written in different languages, demanded US$ 300-600 from the victims to decrypt their files. Infection cases were detected in multiple countries worldwide. The massive attack affected a wide variety of sectors, including health, government, industry, transportation, communications, and financial institutions, among others.
According to the reports, more than 200,000 systems worldwide were infected in the attack. Fortunately for African organisations, the attacks started late on a Friday when most organisations/employees had left their offices for the weekend though. The Communications Authority of Kenya (CA), through the National Kenya Computer Incident Response Team Coordination Centre (National KE-CIRT/CC), said in a statement that they have received confirmed reports of an encryption-based cyberattack, in the form of ransomware, that is targeting computers running the Windows operating system and is spreading worldwide.
Luckily enough, Microsoft released a patch MS17-010 (ETERNAL BLUE) on 14th March to tackle the issue. Vulnerable systems included Windows XP through 8.1 (Windows 10 is not vulnerable). Several experts have put their heads together into this issue of cybersecurity to contemplate, discuss and counter the current challenges and those to come. Technological advances and their accelerated use have led to a number of scenarios considered unlikely just few years prior, are now within the realm of possibility.
Recently we witnessed one of the key players in the banking industry, The National Bank, loose Ksh. 29m to the hands of hackers. “The amount of attempted fraud is about Ksh 29 million and we are confident we will recover most of that money,” read the statement. It had been claimed that the bank has lost over Ksh 340 million, claims which the bank has since refuted.
We can never be certain but to wish for a less turbulent year in the cybersecurity world. In a report by ESET dubbed Cybersecurity Trends 2018: The Cost of our Connected World, ESET security experts present the areas that they expect to be leading security priorities in the upcoming year and suggest ways to mitigate the possible risk that they pose. A critical issue they reported on is ransomware. As the name suggests, one is set to pay some amount of token to the hackers to be granted your permission to view your files.
Some people choose to pay in the hope of getting their data back even though they know that this encourages the criminals. Before paying up, though, check with your security software vendor (a) in case recovery may be possible without paying the ransom (b) in case it’s known that paying the ransom won’t or can’t result in recovery for that ransomware variant.
Again, protecting your data proactively is safer than relying on the competence and good faith of the criminal. Back up everything that matters to you, often, by keeping at least some backups offline to media that aren’t routinely exposed to corruption by ransomware and other malware – in a physically secure location (preferably more than one location). And, obviously, backups defend against risks to data apart from ransomware and other malware, so should already be part of a disaster recovery plan.
There is no doubt that new risks come with every new advancement, but if we want to use technology to improve our lives, then we must prevent it from creating greater problems overall than benefits. This prevention starts with you. Your own personal devices and your organisation’s devices.
Should you invest in insurance to help you in case of cybersecurity attacks? Check out this article Business & Risk: Is It Important To Get Cyber Insurance?