• Monday, December 23, 2024
businessday logo

BusinessDay

Phishing and social engineering account for 70-90% of malicious Data breaches, says cyber-security specialist

Phishing and social engineering account for 70-90% of malicious Data breaches, says cyber-security specialist

Isaiah G. Ogun is a Cyber Security and Data Protection Specialist. He is a cyber-security detection and monitoring specialist at a High Street Bank in London. He also holds a Master Degree in Cyber security and Human Factors from Bournemouth University. In this interview, Isaiah who is a graduate of Public Administration, Babcock University and also provides services to indigenous company in Nigeria on security and data protection speaks on most significant cyber-security threats organizations face today and other issues. Daniel Obi brings the excerpts.

In simplified terms, how would you describe cyber security?

Without using technical Lexicons, Cyber security is about keeping your phone, computers, and online accounts safe from internet criminals, like you lock your front door to keep burglars out. These criminals, often known as Hackers, attempt to deny you access to your devices to gain access to your personal or corporate information (Data).

What are the most significant cyber-security threats organizations face today? And what are the main value targets in cyber security – money, personal information?

The cyber threat landscape keeps evolving, gaining complexity and sophistication. Some of the complex threats in recent times are:

Phishing and Social Engineering: Phishing and Social Engineering is responsible for 70-90% of all successful malicious Data breaches where attackers manipulate individuals into exposing sensitive information (e.g., credentials, financial data). Phishing has gone from a mere simple tactic to a more complex one. Phishing emails are fraudulent emails that look authentic but are really an attempt to steal your personal information or money. Phishing emails frequently look like they are from a reputable company, like a bank, ISP, or mortgage provider.

Ransomware Attacks: Where data of an organization is encrypted by malicious actors, who then demand money (Ransom) to unlock it. The impact of ransomware attacks could be Operational shutdowns, reputational damage, and financial losses.

Insider Threats: These are employees, contractors, or partners who misuse their access to either maliciously or negligently expose sensitive information belonging to the organization.

The main value targets are Corporate Data, Personal Identifiable Information (PII), Intellectual Property, reputation value, Financial Data such as bank accounts and credit card details, etc.

Could you give value of property lost to cyber security in Nigeria annually?

The world has suffered large financial losses as a result of cyberattacks. According to the Economic and Financial Crimes Commission Chairman, Ola Olukoyede, $500m was lost to the scourge in 2022.

What strategies should businesses and individuals adopt to prevent and respond to such incidences of cyber security?

Businesses and individuals alike should implement comprehensive plans that incorporate incident response planning, preventive measures, and ongoing improvements in order to successfully avoid and respond to cybersecurity issues.

For Businesses

  •  Securing Network Using Intrusion Detection/Prevention system (IPS/IDS)
  •  Implementing robust security policies around password management, data handling, and device usage.
  •  Regular patching and software updates
  •  Strict adoption of Multi-Factor Authentication (MFA)
  •  Continuous monitoring for detection of potential Data breaches

For Individuals

  • Proper Cyber hygiene: Using strong, unique, passwords.
  • Avoid clicking on links or downloading attachments from unknown sources
  • Updating devices, using encryption, and updated Anti-virus
  • Verify website authenticity
  • Using extra layer security (MFA)

What steps can individuals take to better protect their personal information in an increasingly digital world?

Individuals should limit data sharing, regularly adjust and review privacy settings on social media accounts, securely use cloud services, back up personal data, and stay informed.

With the rapid shifts to doing business through internet /cloud computing, what specific security risks should companies be aware of?

Cloud computing and the Internet have gained an increased adoption rate in recent times. As a result, businesses face a plethora of security risks. Understanding these risks is important to building a robust defense. Some of the risks associated with these developments are; Data breaches that could result in unauthorized access and data exfiltration, Data Loss, Distributed Denial of Service (DDOS), malware and viruses.

Cybersecurity is a global challenge. How can countries collaborate more effectively to tackle cross-border cybercrime?

Countries should collaborate on multiple fronts including : Information sharing, Harmony in cyber security regulations, Common attack simulation, Capacity building, etc.

Human error is a common entry point for cyber-attacks. How can organizations better train employees to recognize and avoid cyber threats?

Very good question. In cyber security, Humans arethe strongest and also the weakest link. You can deploy the best security tools if employees do not imbibe simple security standards, you are still at risk of cyber threats. User awareness training is essential to bridge this gap. User awareness training can be tailored training programs, interactive sessions, phishing simulations, and continuous learning.

What role should governments play in regulating cybersecurity practices, and are current laws keeping up with the pace of cybercrime?”

The government’s role in regulating cybersecurity practices is very pivotal. The government should provide a legislative framework that becomes a standard for organizations. This involves enacting Data Protection Laws to protect sensitive and individual information, enacting and enforcing cybercrime laws, research funding, and support innovation

What are the key elements of a robust data protection policy for organizations?

A Data protection policy should include Data inventory and classification. This helps to identify data sensitivity (Confidential, public, private, etc). It should also address data access control, strong authentication, data encryption, and regulatory compliance.

How should companies respond to a data breach internally and externally to minimize damage?

Companies must take swift containment action in response to a data breach. The containment usually involves, isolating affected devices to avoid command and control. The next time is to conduct a root cause analysis and identify compromised data.

Companies should also inform appropriate regulatory bodies, conduct vulnerability patching, network traffic monitoring, and embark on a public relations strategy.

How can small and medium-sized businesses protect their data effectively with limited resources?

Small, and medium-sized businesses with limited resources can protect their data effectively by taking proactive measures to protect data. This involves, Employee training, adhering to compliance standards and frameworks, enforcing strong password policy, regular software updates, data back up and importantly consider affordable cyber insurance.

What cutting-edge technologies are emerging to help organizations better secure their data?

Data Loss Prevention (DLP) tools with AI capabilities, Zero-Trust security, biometric authentication, User Entity Behaviour Analytics (UEBA) tools, End Point detection and Response (EDR), Security Information and Events Management (SIEM) tools are few of the numerous technologies that could be deployed to protect data.

Do you think the general public is sufficiently aware of data protection issues, and how can awareness be improved?

There has been a significant increase in public awareness regarding data protection in recent times. However, following the recent data breaches and their complexities, there is still a deficit in awareness and the importance of data protection. To improve awareness there must be accessible and clear information, education and training, public awareness campaigns, and various government initiatives to drive this course

Join BusinessDay whatsapp Channel, to stay up to date

Open In Whatsapp