Navigating the cybersecurity landscape in 2023 and beyond

Scammers persistently devise new and innovative ways to break into systems and steal data. [iStockphoto]

As we navigate through the digital age, safeguarding our personal information on the internet is becoming increasingly challenging.

Driven by the belief that data is the new gold, hackers, and scammers persistently devise new and innovative ways to break into systems and steal data.

There continues to be an upward surge in attacks targeting email and social media systems across the world in the form of phishing and spam.

Recently, a distinct form of cyber assault has gained attention, characterised by attackers employing methods to impede users from accessing vital system services and data, notably observed in Distributed Denial of Service (DDoS) attacks.

Remarkably, cybercriminals have established business enterprises that offer cybercrime-as-a-service, offering hacking services for a fee and engaging in malware economics.

This encompasses the sale of ransomware, provision of malware-as-a-service, and offering compromised machines for use in DDoS attacks (known as DDoS-for-hire).

Cybersecurity researchers predict a significant rise in cyberattacks and associated costs for 2023 driven by the bleak economic outlook, geo-political conflicts, and the related rise in hacktivism, availability of Crime-as-a-service, and a rapidly expanding attack surface from the use of mobile devices, cloud computing and adoption of Internet of Things.

According to projections by IBM, cybercrime is forecast to cost the global economy $10.5 trillion (Sh1.5 trillion) by 2025.

Governments around the world have stepped up efforts to protect their citizens through the introduction of various laws around cybersecurity and data protection.

A prominent example is the General Data Protection Regulation (GDPR) passed in Europe to protect the privacy of European citizens.

Key legislation in Kenya includes the Computer Misuse and Cybercrimes Act and the Data Protection Act.

The Ministry of Information, Communication and the Digital Economy also recently published, for public comment, draft regulations to support the Computer Misuse and Cybercrimes Act.

Enhanced authentication protects sensitive data and systems. [iStockphoto]

Private organisations have also created forums to share information on new threats, cybersecurity trends, and solutions that effectively address these challenges.

Indeed, with the evolution of cyber threats, private organisations have adapted and advanced their solutions to enhance cybersecurity.

These include new authentication methods that have been deployed in recent times to mitigate against the threat of identity theft.

Organisations with requisite expertise and capacity now offer Cybersecurity as a Managed service available to players across the entire economy.

October 2023 marks the 20th anniversary of Cybersecurity Awareness Month, a milestone highlighting two decades of dedicated efforts in promoting digital safety and vigilance.

Cybersecurity Awareness Month has been designated to heighten digital security awareness and empower individuals to safeguard their data from the perils posed by hackers and other digital threats. Beyond the government and private organisations, this month seeks to remind each of us that we have a role to play in protecting data in the digital arena.

Security begins with controlling access to your devices before thinking about digital space risks. We are responsible for using strong passwords to protect digital platforms, including computers and phones.

When signing onto new accounts, use strong, unique passwords for all your online accounts. Using easily guessable information like birthdays or common words seems easier, but avoid them at all costs.

Still, on the subjects of passwords, consider changing passwords regularly and using password managers to generate and store complex passwords securely.

It is also important to enable multi-factor authentication whenever possible. This adds an extra layer of security by requiring you to provide two or more forms of authentication, such as a password and a one-time code sent to your mobile device.

Enhanced authentication protects sensitive data and systems such as online banking accounts by alerting you whenever a login is done.

Cybercriminals often exploit vulnerabilities in outdated software. This is one of the most overlooked areas by users. You must keep your operating system, software, and applications up to date with the latest security patches and updates.

When you don’t trust a source, do not click it. Be cautious about clicking on links or downloading attachments from unknown sources, especially in emails or messages. Phishing attempts often aim to trick you into revealing sensitive information.

As such, do not click on suspicious links or respond to dubious messages.

Lastly, we must Implement appropriate cybersecurity protection measures, including parental controls, anti-virus software, and firewalls.

Data protection is a collective responsibility, and we all play a part in enforcing it. It’s essential to be aware of data protection laws and regulations and to implement measures to comply with them.

Additionally, educating others about the importance of data protection and promoting responsible data handling practices is crucial.

By working together, we can create a data protection culture and protect personal information from unauthorised use or disclosure.

The writer is the chief corporate security officer at Safaricom