I have been studying how companies and organization carry out their operations in regard to cyber security from the day I attended the AON Kenya Cyber security event. That event itself left me a bit shocked on how easy it is for hackers to use some soft spots within companies or orgs operations to carry out successful cyber-attacks or breaches. Some of the high profile hacks in the last few years were carried out through a simple act of hackers fooling the email users to provide them with their login details and especially the password. Vox for example, referred to the trick used to hack Mrs. Clinton 2016 campaign chairman John Podesta, as a village level operation
“It took a village to get Hillary Clinton’s campaign chair John Podesta’s email hacked.
It wasn’t technical; there wasn’t a big security breach on Google’s servers. In short, someone tricked Podesta into giving them his password”
At the end the idea is simple
“Hackers often try to trick email users with seemingly familiar addresses — for example, a trusted email address with one character different — and send “poisoned” links. Click on the link, and it can take you to a page that can steal more information, running malicious software.”
Netflix subscribers became the target of similar tricks recently which we reported here. The email scam was designed as a warning, asking account owners to verify their subscription information or risk account suspension. It gets worse, when you look at the number of subscribers who were targeted, 110 Million.
Back to AON Kenya event, most presentations pinpointed why some of the companies and organizations that look to be well prepared and advanced in their outlook setup get breached quite easily. Dr. Bright Gameli presentation at event, really highlighted this issue. Below are some of the questions which were posted as part of the intro for the Dr Gameli’s presentation.
Did you Know that:
- Opening a malicious document can make a hacker activate your camera and even listen to your Mic without you noticing?
- Staying on a wireless network can make a hacker grab your passwords on the ?y, make changes to websites you visit and even force you to play music that you don’t want at the highest volume possible?
- Opening a simple app on your phone can give a hacker inde?nite access to your phone such as call records, SMS, make calls on your behalf and even download your pics, videos as well as your WhatsApp database?
- When you plug in a phone to charge or insert a ?ash disk you know can get fully hacked in less than 10 seconds?
I think from the above, the first point of defence in any organization is having well trained employees on cyber risks. It is said that over 90% of cyber-attacks are a direct result of employee error. The following are some of the areas that every employee need to know about:
- Digital Hygiene. All unknown programs and applications should be vetted before being brought in or installed within the network. Installing non-approved applications from the internet or plugins or updates should be a no no for all.
- Good Password Standard. Bad password issue is a worldwide problem. The most popular password across the world is the word “password”, followed by the numbers “12345”. I remember sometime back when Kenyan police website was hacked, the public came to discover that they were using the word “admin” as the user name and “password” as the password. Now that is like leaving your door open at night and hoping that nobody would try to break in. When comes to password the longer the password length, the harder it is to crack. The best practice is to use a mixture of upper- and lower-case letters, numbers, and punctuation.
- Danger behind the emails: As we have seen above emails are the main source of most breaches. It important that all employees learn and understand secure email practices. And it is simple do not open suspicious links in e-mails, online ads, messages or attachments. This should be the case even if you know the source.
Meanwhile this pointing time in Kenya, we have a bigger problem due to the fact that companies and other organizations are not willing to discuss or even disclose when their systems are breached. It is a common knowledge among the cyber security experts in Kenya, that a number of Kenyan Financials institutions suffer huge losses every year due to cyber-attacks but they remain mum about it. The silence is informed with the notion that the banks’ business is based on trust and if people know about the breaches then they would run away. It is this line that I think it is great that ION Kenya is offering cyber enterprise solutions within Kenyan market.
Finally, as I continue with my small study and research, I will come back and talk about this in length.