The number of insider-related cybersecurity incidents in East Africa has increased by 55% in the last three months as most companies lacking active monitoring of their IT infrastructure transitioned to remote work occasioned by the COVID-19 pandemic.
According to Dimension Data, the sudden spike has resulted from attackers taking advantage of publicly available weak systems and most security controls designed to capture activities failing to keep up as they are intended for traditional on-premise infrastructure, thereby leaving security control gaps as more employees remotely connect to company resources from mobile devices and external networks.
The Financial Services Industry (FSI) remains the most targeted sector because of the immediate monetary gain.
Speaking during the launch of Dimension Data Intelligent Security business in East Africa, the unit’s Head – Ishmael Muli said although insider threats are largely attributed to malicious employees and contractors, statistics from the company’s Threat Intelligence Centre shows that most incidences in the region originate from employee negligence and other close associates ignoring corporate cybersecurity policies, misuse of data, and installation of unauthorized applications, among others.
Dimension Data’s Intelligent Security unites all the capabilities and security offerings previously managed by its subsidiary brands Dimension Data East Africa and Internet Solutions into one business and will offer world-class solutions from global partner NTT Ltd whilst developing locally relevant solutions tailored for protecting organizations in East Africa.
“Across East Africa, we are seeing insiders take advantage of organizations that lack visibility or the ability to investigate successful cyberattacks due to limited access controls to detect unusual activity once someone breaches their network. Some of these attacks involve manipulation of transactional data, tampering of logs to limit tracing, as well as framing legitimate users – all of which make forensic investigations difficult,” Mr Muli said.
“Cybersecurity plays a critical role in any business within emerging markets like Kenya. We plan to focus on local skills development specifically in the threat intelligence space,” he added.
Current attacks within East Africa are being linked to hackers employing smarter methods to distribute their server networks and occasionally purchasing command and control systems in other countries, with traffic being routed through myriad systems making it difficult to trace its origin.
According to the Communication Authority (CA) Annual Report 2018/2019, malware attacks were the most prevalent threats accounting for approximately 78% of all cyber threat detections by the National Kenya Computer Incident Response Team – Coordination Centre (National KE-CIRT/CC). Web application attacks and botnet/denial of service threats accounted for approximately 11% and 9%, respectively, of detected cyber threats.
Moving forward, cyber criminals will increasingly automate cyberattacks.Ishmael Muli, Dimention Data
The first half of the year has also seen an increase in reconnaissance attacks accounting for 40% of all observations in the Middle East and Africa (MEA) region according to NTT Ltd Global Threat Intelligence Report 2020.
A rise in Web Application attacks on common Content Management Systems (CMS) such as Joomla and WordPress accounted for over 20% of observed attacks. While service-specific attacks increased by 40% targeting known vulnerabilities that may have remained largely unaddressed by various organizations.
The current COVID-19 crisis has seen an upsurge in the use of technology as many companies adopt work from home and bring your own device policies, increasing organizational risk as cybersecurity etiquette shifts to end-users. As a result, the most prevalent attacks include phishing and social engineering.
Mr Muli advised organizations to invest in threat intelligence services to gain regular visibility of what is happening in their internal networks – to automatically detect and remediate stealthy attacks that would otherwise be missed. He urged organizations to conduct insider risk assessments on their critical business functions that could be leveraged by Insiders for fraud.
“Moving forward, cyber criminals will increasingly automate cyberattacks,” Mr Muli said. “This requires organizations to automate a lot as well with intelligence analysis and orchestration tools, especially in terms of incidence response, to reduce the average remediation time. The future is going to be all about how to recover fast from an attack as networks, systems and processes get more sophisticated for integration.”