Last week, it emerged that Yahoo accounts had been hacked and some information stolen. An email sent out to Yahoo users confirmed the breach happened in 2014.
The incident was a reminder of how the digital era has made every person accessing the Internet a target. And with cybercrime growing with every passing day, ensuring high level security for personal or official emails and the cloud services being the current preferred storage for companies (small or big), has become of utmost importance.
While reassuring its customers that they had launched an investigation into the data security infringement, Yahoo advised users to change passwords, security questions and answers. Further, it urged them to change the information for other accounts- in cases where user had duplicate information for several accounts.
Users were also informed to be on the lookout for any suspicious activities and avoid visiting sites or clicking on links that redirected them from the original page.
“Exercise caution with any unsolicited forms of communication that ask for your personal information or refer you to a web page asking for personal information,” read the Bob Lord Yahoo’s chief information security officer, correspondence.
Security experts say that keeping cyber criminals away from hacking private email accounts can no longer be left in the hands of the email service providers.
For instance, they point out that continuous change of passwords and sticking to accessing sites from one device will guarantee a better degree of security .
“For email accounts regular change of passwords is necessary to ensure safety. Some of these email service providers are building one time passwords (OTP’s) where they send a code to your phone for verification-that for me is the securest way of staying secure because your data is not predictable,” said William Makatiani, chief executive officer, Serianu Limited, a cybersecurity firm, adding that companies using cloud services have also exposed themselves to threats.
“Hackers have become sophisticated and it is necessary for the companies to ensure continuous monitoring of their systems. But firms also need to know that some hackers are right at the heart of the company and this calls for multi-layer security checks,” he said.
The 2016 Data Breach Investigation Report by Verizon Enterprise says that databases are the second most frequently targeted asset by cyber criminals.
It says that criminals are mainly people inside an organisation, trailing only desktop computers with 75 per cent of cyber-attacks in East Africa region caused by insiders, mostly disgruntled employees.
But growing cybercrime is also attributable to the move towards the digital era which has put pressure on cyber security because there are more devices to protect, more people with access to data and ever more partners to integrate with.
“New technologies—like mobile and the Internet of Things (IoT)—threaten to give attackers new opportunities,” said the Verizon report.
Janusz Naklicki, Oracle’s senior vice president for Africa speaking at Africa Summit in Tanzania a fortnight ago said that building a database security strategy is the first step for a company in ensuring security has been addressed inside out.
“It is surprising, then, that businesses don’t prioritise investment in protecting their databases. Even if an organisation’s perimeter is breached, by placing security controls around sensitive data, detecting and preventing SQL injection attacks, monitoring database activity, encrypting data at rest and in transit, redacting sensitive application data, and masking non-production databases, organisations can reduce the risk of data exfiltration,” said Naklicki.
Budgetary allocation to ensure monitoring of a companies ICT environment remains the greatest impediment towards curbing the cybercrime threats in Kenya.
To ensure the level of security is maximized The 2015 Kenya Cyber Security Report by Sereanu suggested that cyber security monitoring and human based log analysis and employee security awareness and training is mandatory.
“The latest security technology may protect core systems, but it cannot protect against employees giving away information on social networks or using their own, less secure, mobile devices for business purposes.
Organisations need to invest in security awareness and training,” said the report adding that it should cover cyber security practices in the office.
That included protecting passwords, how to deal with phishing and other social engineering attacks and also how to enhance privacy settings on social media sites.
The report also said that every organisation should develop a localised cyber intelligence and research while ensuring that they carry our vetting especially in cases where IT systems are shared.