How Kenya can avoid another crippling cyber attack

Shot of a hooded hacker cracking a computer code. [Getty Images]

The government recently disclosed that it faced a cyber-attack on some of its key platforms and critical infrastructure on Thursday, 27 July. The attack had a significant impact on service-oriented platforms, including e-citizen, which facilitates essential services such as license booking, visa applications, and vehicle registration. A group calling itself 'Anonymous Sudan,' claimed responsibility for the orchestrated cyber incident, executed primarily through a Distributed Denial of Service (DDoS) method.

A DDoS attack is a malicious tactic aiming to overwhelm a targeted network or service by flooding it with an excessive volume of traffic, thereby disrupting normal functioning and rendering it inaccessible to legitimate users. Such attacks, when targeted at government services and telecommunication infrastructure, can have severe consequences, crippling the delivery of essential public services and causing communication breakdowns that affect businesses and citizens' access to crucial information.

DDoS attacks, with their distributed nature and involvement of botnets or hijacked devices from global locations, present a significant defence challenge. Thus, implementing robust security measures and real-time monitoring becomes imperative for effective detection and mitigation. To address these challenges, a multi-layered approach is essential.

Firstly, organisations need to identify and assess their critical assets to uncover potential security risks and vulnerabilities. Implementing DDoS protection services that utilise advanced traffic analysis and filtering techniques is crucial in identifying and blocking malicious traffic before it reaches the network.

Additionally, traffic scrubbing solutions can be utilised to distinguish between legitimate user traffic and malicious requests, automatically triggering protective measures when abnormal traffic behaviour is detected. Distributing incoming traffic across multiple servers using load balancers can help prevent overwhelming a single server during a DDoS attack.

Furthermore, configuring firewalls and Intrusion Prevention Systems (IPS) to detect and block suspicious traffic patterns associated with DDoS attacks is vital. Employing dedicated edge network defences can also minimise downtime resulting from DDoS attacks.

Using Content Delivery Networks to cache and serve content from multiple locations reduces the load on target servers during DDoS attacks. Over-provisioning bandwidth is necessary to absorb sudden spikes in traffic, and collaboration with Internet Service Providers is essential for attack response and mitigation.

Real-time monitoring and alerting systems play a critical role in detecting and responding promptly to DDoS attacks as they occur. Developing comprehensive incident response plans and considering migration of critical services to cloud-based platforms with built-in DDoS protection further strengthens defense capabilities.

In the event of a DDoS incident, specific steps can be taken to address the attack. These include identifying the IP addresses from which the attacks originate, monitoring memory utilisation against network traffic, and collaborating with ISPs to implement port and packet size filtering. Establishing thresholds for traffic spikes that trigger alerts for potential DDOS incidents can also help in the response process. Conducting packet captures of the DDOS activity and working with service providers to block the attacks are additional measures.

Post a DDOS attack, conducting a thorough review of the incident and documenting all relevant details, notifying internal stakeholders and external partners, preserving evidence related to the attack, and conducting a root cause analysis are essential steps.

To prevent future attacks, organisations should conduct periodic security audits and penetration tests, implement remediation actions to address vulnerabilities, strengthen infrastructure and network, and ensure continuous monitoring of network traffic. Additionally, employee awareness sessions are crucial in educating personnel about DDoS attacks, their impact, and the importance of reporting suspicious activities.

As our world becomes increasingly interconnected, safeguarding critical resources from DDoS attacks is a pressing concern. By adopting a proactive and multi-faceted approach to cybersecurity, organisations can better protect their infrastructure and maintain the stability of essential services, ensuring the safety and well-being of citizens and businesses.

The writers are data protection and cybersecurity experts with PwC Kenya