Threat intelligence: secure your business
Insiders remain a key threat to corporate cyber security in East Africa.
The number of insider-related cyber security incidents in East Africa has increased by 55% in the last three months, as most companies lacking active monitoring of their IT infrastructure transitioned to remote work occasioned by the COVID-19 pandemic.
According to Dimension Data, the sudden spike has resulted from attackers taking advantage of publicly available weak systems and most security controls designed to monitor and capture activities failing to keep up, as they are intended for traditional on-premises infrastructure. This has left security control gaps as more employees remotely connect to company resources from mobile devices and external networks. The financial services industry (FSI) remains the most targeted sector because of the immediate monetary gain.
Speaking during the launch of Dimension Data Intelligent Security business in East Africa, the unit's Head, Ishmael Muli, said although insider threats are largely attributed to malicious employees and contractors, statistics from the company's Threat Intelligence Centre shows that most incidences in the region originate from employee negligence and other close associates ignoring corporate cyber security policies, misuse of data and installation of unauthorised applications, among others.
Dimension Data's Intelligent Security unites all the capabilities and security offerings previously managed by its subsidiary brands Dimension Data East Africa and Internet Solutions into one business and will offer world-class solutions from global partner NTT, while developing locally relevant solutions tailored for protecting organisations in East Africa.
"Across East Africa, we are seeing insiders take advantage of organisations that lack visibility or the ability to investigate successful cyber attacks due to limited access controls to detect unusual activity once someone breaches their network. Some of these attacks involve manipulation of transactional data, tampering of logs to limit tracing, as well as framing legitimate users – all of which make forensic investigations difficult," Muli said.
“Cyber security plays a critical role in any business within emerging markets like Kenya. We’ve built Dimension Data Intelligent Security to ensure that we offer world-class solutions to our clients, while making sure they suit the unique needs of our clients operating within these markets. Further to this, we have a plan to focus on local skills development specifically in the threat intelligence space,” he added.
Current attacks within East Africa are being linked to hackers employing smarter methods to distribute their server networks and occasionally purchasing command and control systems in other countries, with traffic being routed through myriad systems making it difficult to trace its origin.
According to the Communication Authority (CA) Annual Report 2018/2019, malware attacks were the most prevalent threats, accounting for approximately 78% of all cyber threat detections by the National Kenya Computer Incident Response Team – Coordination Centre (National KE-CIRT/CC). Web application attacks and botnet/denial of service threats accounted for approximately 11% and 9% respectively of detected cyber threats.
The first half of the year has also seen an increase in reconnaissance attacks accounting for 40% of all observations in the Middle East and Africa (MEA) region, according to the NTT Global Threat Intelligence Report 2020. A rise in Web application attacks on common content management systems (CMS) such as Joomla and WordPress accounted for over 20% of observed attacks. While service-specific attacks increased by 40% targeting known vulnerabilities that may have remained largely unaddressed by various organisations.
The current COVID-19 crisis has seen an upsurge in the use of technology as many companies adopt work from home and bring your own device policies, increasing organisational risk as cyber security etiquette shifts to end-users. As a result, the most prevalent attacks include phishing and social engineering.
With the trend set to continue as the volume of information insiders access, store and transmit rises – and remote working becomes the status quo – Muli advised organisations to invest in threat intelligence services to gain regular visibility of what is happening in their internal networks, to automatically detect and remediate stealthy attacks that would otherwise be missed. He urged organisations to conduct insider risk assessments on their critical business functions that could be leveraged by insiders for fraud.
"Moving forward, cyber criminals will increasingly automate cyber attacks. This requires organisations to automate a lot along with intelligence analysis and orchestration tools, especially in terms of incidence response, to reduce the average remediation time. The future is going to be all about how to recover fast from an attack as networks, systems and processes get more sophisticated for integration," Muli emphasised.
Dimension Data’s global alignment with NTT allows for Dimension Data Intelligent Security to provide its clients with solutions that protect their businesses from noted threats all over the globe and harness key innovations from international markets. At the same time, Dimension Data Intelligent Security is investing heavily in research to develop solutions offerings that speak directly to the pricing, scaling and security needs of local businesses.