Even prior to the onset of the Covid-19 pandemic, organisations and consumers were under constant threat from cyberattacks.
By Bethwel Opil
However, the environment has shifted dramatically over the past 16-months due to an increasingly distributed workforce. Cybercriminals have been exploiting these conditions and a continually expanding attack surface to compromise data.
This has seen malicious users turning their attention to remote employees working outside the relative safety of the corporate network. After all, it is an easier proposition to compromise a home network with its myriad of devices than focusing on a more secure business environment. In fact, accessing the network through unsecured or poorly secured personal devices is one of the biggest cybersecurity concerns facing companies across industry sectors today.
By September 2020, Kaspersky solutions reported on 28-million malware attacks for the year to date and detected 102-million potentially unwanted applications (PUA) across South Africa, Kenya, and Nigeria. It is especially in the case of the latter where there is significant risk of exposure. While not considered malicious in themselves, PUAs have become popular to disguise malware downloads. This means companies and individuals must remain cautious against phishing scams, malware attacks, and even PUAs that threaten the integrity of their data.
Training critical
Individuals must be more aware of this new and increased risk landscape when working remotely, as well as using digital services to relax at home. Anyone is a target, and people need to start taking cybersecurity seriously especially given the connectedness of their lives.
The best technology solutions and policies in the world mean little if users still click on phishing links or download and install suspicious software. Humans will always unintentionally remain the weakest link in the cybersecurity chain. Companies must therefore increase employee cyber awareness as one of the most effective ways to combat cybercrime. This training must be delivered optimally for remote workers. Adaptive learning that assesses and adapts to each person’s level of knowledge, skill, and confidence becomes a key enabler.
Focusing on immunity
At Kaspersky, we believe that the concept of cybersecurity will give way to cyber-immunity. This sees the development of an ecosystem where everything connected is protected, and all the systems in it, are secure, by design. This does not come without its share of challenges – the most significant being the shift in mindset required that sees security integrated into everything an organisation does and not installed as an afterthought.
This is becoming more critical especially given the increase in Advanced Persistent Threats (APTs). These use continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain inside for a prolonged period, with potentially destructive consequences.
Another trend to follow is the growth of hackers-for-hire and cyber mercenary groups targeting SMEs and financial institutions. These groups have the perfect breeding ground to steal sensitive data and sell it to the highest bidder, often resulting in the bankruptcy of the affected organisation. For their part, cyber-mercenaries can be hired to search for sensitive, private information that can be used in disputes to win court rulings or to steal business trade secrets and provide their ‘employers’ with competitive intelligence to get ahead in the market.
Fortunately, the pandemic has brought with it an increased focus on the importance of cybersecurity within and outside the perimeters of the network. Constant vigilance is key as threats become more sophisticated and pervasive in all aspects of people’s lives.
Bethwel Opil is the enterprise sales manager at Kaspersky in Africa