By Emmanuel Asika
Many will hate to admit it, but it seems that, perhaps, it has become quite lucrative these days to be a cybercriminal. Firstly, it is a thriving business. For instance, according to the FBI, there was a 207% increase in in reported case of cybercrime reports between 2008 and 2021, and almost $7 billion (₦3,223,080,000,000) in losses last year. In Nigeria, the peril of cybercrimes recorded a massive rise in the first six months of 2022, “with phishing and scams hitting 174%”. According to the Economic and Financial Crimes Commission (EFCC) well over 2,800 persons were convicted of cybercrimes in the country last year, and the Consumer Awareness and Financial Enlightenment Initiative (CAFEI) has projected a $6 trillion loss by 2030 to cybercrime within and outside Nigeria.
Secondly, it has no entry requirement – yes, it is that easy and, quite cheap. Imagine this - the typical cost of compromised remote access credentials costs about ₦2,302 and can simply be bought on the dark web. Cyber crooks use these passes to access their prey’s enterprise networks. A report, The Evolution of Cybercrime, showed that 75% of advertisements for malware and 91% for exploits costs less than ₦4,604.40. Some years ago, it was much more expensive. For instance, as of 2009, cybercriminals paid well over ₦3.6 million for a standard malware kit.
Worse still, it has become increasingly easier than ever before for these hackers to work together in a specialized and concerted secretive supply chain. They have built fortes, proposing unique services like hiring of huge botnets to convey a customer’s preferred malware to thousands of targets, or hackers-for-hire who take full advantage of the destruction caused by ransomware - spreading an invasion of weak points in a network. The result of all these is that workers in scattered workplaces around the globe are now in more danger than ever before. The unclear distinction between private and work devices means that hybrid staff are not always shielded by enterprise defenses, thus the risk of attacks is always there.
But there is a way out, and it lies with the employees who are usually the first line of defense, and they must work together. With computer crime now a part of how we do business, and growing, the only way to beat criminals is collaborating with one another to defend ourselves.
Knowing your enemies’ strategy
Hackers the world over betray trust in daily interfaces and exchanges online, mostly via emails, to gain access to systems. It is a known fact that email remains the most common means for hackers to secure illegal access to networks, and once they are in, they try to monetize their access—deactivating the group’s backups, stealing delicate information, and installing ransomware. The effect of such violation can be grievous, leading to operational interruption, repairs, affect an organisation’s name, and lead to exposure of trade secrets and loss of intellectual property. As a result, corporate groups and their employees must work together to fortify their lines in this highly increasing risky atmosphere.
Setting up your protective line
First, all employees must be conscious of the methods of hackers and promptly report any suspicious behaviour. They must also understand their respective roles in the defense of their organisation’s cyber systems. The employers, on their part, must back these endeavors by inspiring a positive security culture where employees are given clear instructions to be watchful for phishing and IP protection, ask for help, collaborate on ways to advance cyber safety, and teach coworkers and family members.
As a group, companies and organisations should place emphasis on understanding the basics, constantly working on their resilience, and acting as a team to lessen their risk of exposure. Quality security begins with IT asset detection – you can only protect the devices, software and systems being used by your workers. The next thing is to adhere to best practices in susceptibility management and multidimensional authentication, while putting in place the personnel, procedures, and know-how to spot, thwart, and recover from likely attacks. This entails anticipating and planning for the most unpleasant of scenarios, executing procedures to reduce supply chain and insider risks, and rehearsing your response. Such rehearsal drills are not only important in getting you ready for the real attacks when they come, but also helps to expose hitherto unknown problems and inspire process improvements.
An organisation can also exploit the advantages of its security investments by closing known common attack routes, especially malware sent via email and the web, which can be nullified using prevention technologies like the hardware-enforced isolation of HP Sure Click Enterprise. Such solutions help protect systems not by detecting malicious activity, but by allowing staffs to undertake normal daily routines, including risky undertakings like opening of email attachments safely and shielding IT departments against unidentified threats.
Collaborating with industry peers
Cybersecurity is a collaborative endeavor. Organisations can confidently strengthen the kind of actions and habits they will like their staff to adopt by vigorous and regular awareness sessions and exercises tailored to their needs. A good example is HP’s recently released noir–inspired cybersecurity training film for its employees. This will help the organisation build a security culture, with staff encouraged to individually manage risks. It must be pointed out too that these collaborations should not only be internal (within organisations), but also with other players in the industry. Such external cooperation, including sharing of threat intel, will help the organisation to gauge its cyber security strength and performance, equip it with current information on cybercrime trends and risks, and how best to stay ahead of cybercriminals in the current year, and in years to come.
Emmanuel Asika, Country Head, HP Nigeria