by Adv. Lufuno T Khorommbi (Ms) Cyber Law Consultant and MD of Orizur Consulting Enterprise
A cyber-attack is an intentional exploitation of computer systems, networks, and technology-dependent enterprises. These attacks use malicious code to modify computer code, data, or logic. Culminating into destructive consequences that can compromise data and promulgate cybercrimes such as information and identity theft.
Cybercrimes are offenses that are committed against persons with a motive to intentionally harm them using modern technology. This includes fraud, identify theft, financial crimes etc.
What are some of the prevalent cyber-attacks that organisations should be aware of?
It is undeniable that cyber-attacks are advancing rapidly and the staff find themselves having to make difficult decisions on a daily basis to respond to such attacks. This is because cyber criminals use different ways to get your personal information. Some of the devastating attacks include:
Malware attack - Malicious software can be described as unwanted software that is installed in your system without your consent. It can attach itself to legitimate code and propagate; it can lurk in useful applications or replicate itself across the Internet.
Ransomware — Ransomware is one of the most widely used methods of attacks. It is a type of malware that blocks access to the victim’s data and threatens to publish or delete it unless a ransom is paid. This malware enters computer networks and encrypts files using public-key encryption; preventing or limiting legitimate users from accessing their system.
Spam attack includes unwanted, unsolicited, or undesirable messages and emails.
Phishing combines social engineering and technical trickery, aimed at gaining sensitive and personal information or influencing users to do something. Phishing attempts will appear to be from a trustworthy person or business.
Cyber criminals pretend to be an official representative sending you an email or message with a warning related to your account information; and often ask for a response by following a link. Any information entered into the fake link goes to the cybercriminal.
To reduce the risk of being phished, these are some of the techniques that can be used:
Critical thinking — Do not accept that an email is the real deal just because you’re busy or stressed or you have 150 other unread messages in your inbox. Stop for a minute and analyse the email.
Analyse the links — Move your mouse over the link, but do not click it! Just let your mouse cursor over the link and see where would actually take you. Apply critical thinking to decipher the URL.
Analysing email headers — Email headers define how an email got to your address. The “Reply-to” and “Return-Path” parameters should lead to the same domain as is stated in the email.
Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks – DDoS attacks make an online service unavailable by overwhelming it with excessive traffic from many locations and sources. Website response time slows down, preventing access during a DDoS attack; impacting negatively on productivity.
Man-in-the-middle (MitM) attack - A MitM attacks are a type of cybersecurity breach that allows an attacker to eavesdrop a communication between two entities. The cyber attacker hi-jacks communication between a user and the server and deceive the server to believe it is still responding to request from a trusted and authorised person.
Some of these attacks, like ransomware, are hard to detect before it’s too late. Because of this, organisations should focus on prevention efforts. Prevention efforts include training for employees and strong information security controls.
Thus, organisations need to have a comprehensive cyber security strategy and governance to prepare and curb cyber-attacks. Without proper governance, state-of-the-art infrastructure may not mean much.
Adv. Lufuno T Khorommbi (Ms) is a specialist Cyber Law Consultant and the Managing Director of Orizur Consulting Enterprise. Her expertise lies in cyber law, cyber security, IT Procurement, Contract Management, Research and Policy Management. She is a Mentee of the Cherie Blair Foundation Global Women’s Mentoring Programme; a Member of South Africa Institute of Intellectual Property Law; a MICT SETA 4IR Advisory Committee Member; LLM specialization in IT Law; Certified in CIO Practice; she holds a Certificate in Cyber Security and a Certificate in Legislative Drafting. Find out more by visiting Lufuno’s website www.orizur.co.za.
More articles by Lufuno