Saturday, March 2, 2024

African Nations Face Escalating Phishing & Compromised Password Cyberattacks: Report


In 2022, cyberattacks targeting large enterprises in African nations witnessed a significant surge. Kenyan businesses reported an 82% increase in these attacks, while South African and Zambian businesses experienced a 62% increase each.
According to a report by pan-African technology group Liquid C2, the primary method of attack was through phishing or spam attacks, accounting for 61% of incidents. Another 48% of attacks exploited compromised passwords.
Jess Parnell, the Vice President of Security Operations at Centripetal, suggests that cyber attackers might be focusing on businesses in Kenya, South Africa, and Zambia due to their emerging economies and expanding business sectors. These countries are seen as attractive targets for financial gain through activities like data theft, ransomware attacks, and financial fraud.
Anna Collard, a security evangelist at KnowBe4 Africa, believes that most attacks are still primarily opportunistic, with ransomware groups targeting compromised networks and credentials obtained from access brokers. However, she acknowledges that the targeting of emerging economies is influenced by the desire to avoid retaliation from the US. This makes Southern Africa and other economies with high cyber-dependency on the continent appealing targets.

Africa Witnessing Increased Hiring for Cybersecurity Professionals
The Liquid C2 report highlights a growing gap of 100,000 certified cybersecurity professionals in Africa. Despite this, all respondents in the report mentioned significant advancements in their cloud and digital strategies, as well as related cybersecurity capabilities.
Moreover, 68% of the respondents stated that they had hired cybersecurity staff or enlisted the services of a cybersecurity team in the past year. Kenya had the highest percentage at 82%, followed by South Africa at 63%, and Zambia at 62%.
Parnell emphasizes that the persistence of attacks, despite increased staffing and cybersecurity investments, suggests that investing in cybersecurity measures alone does not guarantee protection against threats. He stresses the importance of a proactive approach to threat intelligence-powered cybersecurity, continuously updating defenses to mitigate risks.
Defending against cyberattacks requires a multi-layered approach, including implementing robust security measures, raising employee awareness about common attack vectors like phishing, regular software and system updates, vulnerability assessments, and prompt response to security incidents. Prioritizing cybersecurity and proactive measures can help businesses defend against attacks and minimize the impact of successful breaches.
Klaus Schenk, Senior Vice President of Security and Threat Research at Verimatrix, cautions that increasing cybersecurity staff may attract malicious actors seeking challenges or opportunities to demonstrate their skills. However, he states that the benefits outweigh the risks, as augmenting the cybersecurity team can significantly mitigate the impact of cyberattacks.
The ultimate goal should be to minimize the occurrence of such attacks and strive for a state where they have no impact whatsoever, Schenk concludes.

No comments:

Post a Comment

AT&T Data Breach: 73 Million Customers' Information Leaked, Company Confirms

AT&T has confirmed a data breach impacting 73 million current and former customers, despite initially denying that the leaked data origi...