Understanding cyber threats, vulnerabilities and security risks

Our digital cosmos is continuously evolving from technology, process, and people standpoints. As corporations adapt to more innovative technologies and ways of working, the scope of challenges and issues related to cyber security magnify simultaneously.

Threats, vulnerabilities, and risks

Businesses must have a clear understanding of the threats, their vulnerabilities and information security risks to better protect their data. Understanding the landscape and needs will allow an organisation to anticipate attacks to a certain extent and deploy solutions and services to protect against these perils. These could range from compromise of critical organisational infrastructure and data breaches to phishing attacks on individuals.

Some of the most common types of cyber threats include malware, phishing, website defacing, man in the middle (MiTM) attacks and denial of service attacks.

Cyber attackers can misuse an individual’s credentials or exploit vulnerabilities within a company’s IT environment to steal information or gain access to personal financial accounts, among other potentially damaging actions. It is estimated that about 94 per cent of malware is delivered via email, whereas phishing attacks account for more than 80 per cent of reported security incidents and that a total of US$20,000 is lost every minute due to phishing attacks.

A vulnerability could mean a certain disadvantage such as lack of adequate safeguards; or weakness the organisation has like unpatched software that can potentially be exploited by a hacker.

Similarly, compromised, or outdated cyber Security software or weak passwords make organisations more vulnerable to hackers, thereby increasing the chances of getting hacked. An information security risk is calculated by considering the relevant threats to an organisation, how vulnerable the organisation is given the current safeguards in place to mitigate against these threats, which gives a likelihood rating that the threat may materialise.

Signs, symptoms and solutions 

The most obvious signs to detect if a software, phone or laptop is infected is to look for any discrepancies, unusual behaviour displayed by the device’s software. If compromised by ransomware, it is often easy to detect it as the hackers usually make their presence known to initiate negotiations.

Phishing emails, which look harmless on the surface, usually cost a hefty penalty when not addressed promptly. Some other examples of a system under attack are frequent crashes or pop-up windows. Unusually slow computers or frequent requests for password changes should be treated with caution since it could be indicative of malicious activities in the background.

Organisations should avoid approaching cyber security with broad-brush stroke solutions. It is time to pay attention to the threats, vulnerabilities and information security risks that are relevant to your organisational landscape. The reputation of businesses at risk and losing trust will always negatively impact the growth cycle of any organisation.

The writer is chief business officer-Eastern Africa regional cluster at Liquid Intelligent Technologies