Data breaches decoded: Understanding threats and information security risks

Friday September 03 2021

Wannacry ransomware caused global havoc in May 2017, infecting computers in 150 countries. PHOTO | FILE | NMG


Our digital cosmos is continuously evolving from technology, process, and people standpoints. As corporations adapt to more innovative technologies and ways of working, the scope of challenges and issues related to cyber security magnify simultaneously.

Latest digital developments, coupled with the side-effects of the global pandemic, and increased regulatory and legislative requirements, have pushed the need for cyber security to be prioritised by big businesses and individuals alike. Cyber security protects confidentiality, integrity, and availability of information critical to the survival of any business or even personal finances and welfare.

Landscape basics

Understanding the landscape and needs will allow an organisation to anticipate attacks to a certain extent and deploy solutions and services to protect against these perils. These could range from compromise of critical organisational infrastructure and data breaches to phishing attacks on individuals.

Some of the most common types are Malware, Phishing, Website Defacing, Man in the Middle (MiTM) attacks, Denial of Service attacks.

Cyber attackers can misuse an individual’s credentials or exploit vulnerabilities within a company’s IT environment to steal information or gain access to personal financial accounts, among other potentially damaging actions.


A vulnerability could mean a certain disadvantage, like lack of adequate safeguards; or weakness the organisation have, for example, unpatched software; can potentially be exploited by a hacker.

A house without security devices like cameras, alarms, or even security guards is at a higher risk of being broken into than those that have even one of those physical security measures in place. Throw in a broken door or window to the already vulnerable house, and chances of an attack increase manifold.

The risk is calculated by considering the relevant threats, how vulnerable the organisation is given the current safeguards in place to mitigate against these threats, which gives a likelihood rating that the threat may materialise.

This rating must then be considered along with relevant confidentiality, integrity and availability impact ratings of information assets which may be affected should the threat materialises.

These ratings combined gives an information security rating. The highest rated information security risks need to be managed by one of the following: mitigation (reduce); transfer, e.g., taking out insurance; avoid, e.g., doing away with a system/service that is the risk; or lastly accept the risk since it falls within the organisation’s risk appetite. This is because multiple layers of complexities are associated with threats, vulnerabilities, and information security risks.

A multi-layered approach is required just to defend against malware attacks, e.g., safeguards needed for email, Web, endpoints, servers, Groupware, removable media, etc.

There are also different types of attacks which must be covered, e.g., known malware can be addressed by basic malware signature protection, but variants require behaviour-based protection, while unknown or 0-day attacks requires sandboxing or similar.

In some cases, organisations don’t realise their defences are compromised; like a thief lying in wait for the perfect moment to ensure maximum damage.

Signs, symptoms, solutions

The most obvious signs to see if a software/phone/laptop/device is infected is to look for discrepancies, odd/unusual behaviour displayed by the software.

Phishing emails, which look harmless on the surface, usually cost a hefty penalty when not addressed promptly. Other examples of attack are frequent crashes or pop-up windows; unusually slow computers or frequent requests for password changes are indicative of malicious activities in the background.

The sophistication of the attacks will influence the possibility of employees ever knowing their devices were used to infiltrate their employer’s network. It is vital to rely on the expertise of professionals who have the right tools to detect any malicious activities on devices, networks, or the Cloud.

Prevention is better than cure

Due to cyber-attacks’ multi-faceted and complex nature, organisations should avoid approaching Cyber Security with broad-brush stroke solutions. Always take care of the basics and ensure that you have a defence-in-depth strategy with multiple layers of protection.

The elements are not new, however, with an increasing number of businesses adopting the hybrid work culture, the playground for cybercriminals just broadened overnight.

Sylvester Mboya is chief business officer-Eastern Africa Regional Cluster at Liquid Intelligent Technologies