Part 1 : 4 Alarming Cybersecurity Threats and How to Counter Them.

Cybersecurity is quite literally as simple as locking your own phone with a password or your fingerprint, you do it to avoid unwarranted and unconsented access to your phone. On a broader scale, Cybersecurity refers to the practice of protecting systems, networks, and data from digital attacks, damage, or unauthorized access. It encompasses a range of technologies, processes, and practices designed to safeguard computers, servers, mobile devices, electronic systems, networks, and data from cyber threats. Cybersecurity challenges are rampant these days though, ranging from Hacks to Phishing Scams but while these challenges are increasingly complex and pervasive, a range of solutions can help mitigate risks and protect digital assets.

Cybersecurity challenges refer to various problems, vulnerabilities, and threats that compromise the security and integrity of digital systems, networks, and data. These issues can arise from both external attacks and internal factors, and they impact individuals, organizations, and governments alike. Ransomware Attacks, Phishing Scams, Data Breaches and Insider Threats are a few of the possible challenges a person, organization or even a government as a whole can face when it comes to cybersecurity.

A ransomware attack is a type of cybercrime where malicious software (malware) is used to encrypt (lock) the files or data on a victim’s computer or network. The attacker then demands a ransom payment in exchange for the decryption key needed to restore access to the encrypted data, hence the term “ransomware”. This encryption can only be removed with something called a decryption key and the attacker typically leaves instructions on the system for the victim to follow in order to pay for the key and be free, these ransoms are usually demanded in cryptocurrencies to allow the attacker cover his/her tracks. There are typically two types of ransomware attacks, a crypto-ware attack only denies one access to specific files on the system and the system itself remains operational until the ransom is paid but a locker ransom totally locks up the system and renders it absolutely inaccessible to the owner, only displaying the ransom note. Attacks are usually carried out with the use of malicious websites (clicking alone activates it) but they can also be delivered and activated through phishing mails. The bombshell with ransomware attacks is that first payment or payment at all does not always guarantee a release and one might be made to pay once, twice or thrice before getting the key, the attacker could also withhold the key even after multiple payments, forever. The credibility and trustworthiness of a company is also likely to reduce if word gets out that they were compromised. The WannaCry ransomware attack was a worldwide one in 2017 that targeted PCs running Windows, it encrypted their data and the attackers threatened to release private data/info if their demands were not met.

Phishing scams are another prevalent challenge on cybersecurity, they are deceptive practices used by cybercriminals to trick individuals into divulging sensitive information, such as login credentials, financial details, or personal data. These scams typically involve impersonating a trustworthy entity or using fraudulent means to deceive victims into taking actions that compromise their security. They can come as a seemingly harmless e-mail from your bank that tells you to “verify” your account by entering your login details and credentials and doing that would grant the scammer access to your bank account, they can also be an email appearing to come from a high-level executive requesting financial transfers or sensitive information from employees, this type of phishing is called spear phishing as it is targeted at a specific individual or group. The obvious effect of phishing scams is loss of money, potentially leading to debt for an individual or an organization.

Cybersecurity challenges can also come in form of Data Breaches, they occur when unauthorized individuals gain access to confidential or sensitive information. This can include personal, financial, medical, or proprietary data, and can have serious consequences for individuals and organizations alike. Data breaches can result from various factors, including Cyber Attacks (like ransomware, hacking, phishing), insider threats, or accidental data exposure. The compromised data can be used for callous purposes, including identity theft, financial fraud, or corporate espionage. Babcock University, Nigeria in May 2023 announced that some of their school records (although inconsequential) had been breached through their front end server. The incident caused a stir among parents and students alike, but it was promptly resolved by the school’s computer team.

Insider Threats are probably the easiest form of cyberattacks to execute as they come from within. They are risks posed by individuals within an organization who misuse their access to systems, data, or networks for malicious or unauthorized purposes. These threats can come from employees, contractors, business partners, or anyone with insider access. They are particularly challenging to detect and nullify because the individuals involved typically have legitimate access to the organization’s resources. There are different types of insiders, malicious insiders intentionally misuse their access to harm the organization, steal data, or commit fraud. This could be due to personal grievances, financial incentives, or external pressures. Negligent Insiders unintentionally cause harm due to carelessness or lack of awareness. Examples include falling for phishing scams or mishandling sensitive data. Compromised insiders meanwhile are those whose accounts or credentials have been stolen or compromised by external attackers, who then use these to conduct malicious activities. In 2023, Tesla suffered a major data breach that was orchestrated by two former employees, who leaked sensitive personal data to a foreign media outlet. The leaked information included names, addresses, phone numbers, employment records, and social security numbers of over 75,000 current and former employees. The insider breach also exposed customer bank details, production secrets, and complaints about Tesla’s Full Self-Driving features. While legal actions were taken against the former employees responsible for the data breach, the stain on the brand’s security reputation is irreversible.

While these challenges and attacks are unlikely to be totally eradicated from humanity, they can be prevented and avoided. There are a range of solutions and precautionary measures that can be implemented to either eliminate an ongoing attack or prevent the attack at all. Prevention they say is better than cure so it’s always better to prevent the attack from happening at all. The first way to prevent Cyber Attacks is to be vigilant, careful and disciplined, to not be negligent or lax with sensitive info or in fact any info, be it personal or of an organization.
The second is implementing robust security protocols, the use of firewalls, a network security device or software that acts as a barrier between a trusted internal network and an untrusted external network, such as the internet whose primary function is to monitor and control incoming and outgoing network traffic based on predetermined security rules, is highly recommended a`nd so is the use of antivirus programs (like Avast) to protect against threats. Encryption is another effective security protocol in the fight against Cyber Attacks, it is the process of converting plaintext (readable data) into ciphertext (encoded data) to prevent unauthorized access. This transformation uses algorithms and keys to ensure that only individuals or systems with the appropriate decryption key can access the original data.

Employee Training and Awareness is another measure that must be taken to combat cybersecurity challenges. Employees need to be able to not only identify threats but respond to the threats as well and this can be done through numerous training programs and tests e.g using phishing simulators to create faux phishing attacks and having employees try to combat or avoid it. Employees should also be advised on choosing stronger passwords and being more careful with information that is in their possession.

Part 2 explores other solutions and the future of cybsersecurity.