Picture this. You leave work in the evening with everything perfectly in order, only to wake up the next day to find that your systems across multiple departments have been hacked by a political organization. What would you do?
This was the grim reality of the KFC Fast Food Franchise on the morning of 5th May 2024. Customers in their restaurants were confronted with screens displaying messages from the Mutarrif Hamas Islamic Force, announcing a cyberattack creating a buzz on social media. This ‘cyberattack,’ more accurately described as website defacement, occurs when malicious parties infiltrate a website and replace content on the site with their messages. The messages mostly convey a political or religious message, profanity, or other inappropriate content that would embarrass website owners, or a notice that a specific hacker group has hacked the website. In this context, the KFC screens across different countries displayed pro-Palestine content, anti-Israel messages, and messages that read ‘hacked by Mutarrif Hamas Islamic force’ alongside a picture of the infamous Hamas military spokesperson, Abu Obaida.
KFC is not the only organization that has fallen victim to cyberattacks. Africa has experienced the highest average number of weekly cyber-attacks per organization during Q2 of 2023, with an average of 2164 attacks, according to CheckPoint Research. This signifies a significant year-on-year increase of 23% compared to the same period in 2022. The main sectors targeted were government agencies, the financial sector, telecommunication companies, and the trade and industry sectors. For context, from January – March 2023, the National KE-CIRT/CC detected 187,757,659 cyber threats in Kenya.
Unfortunately, cyberattacks have long-term devastating consequences for their victims. Companies lose valuable time and money repairing their systems, regaining stakeholders’ trust, and rebuilding their brand reputation. The annual estimated cost of cyberattacks to Kenyan companies is Ksh 15 Billion.
In an in-depth interview, Mr. Alex Osunga, the cybersecurity technical lead at @iLabAfrica, analyzed the reasons many companies fall victim to cyberattacks. First, most organizations do not prioritize security in their budgets and consider it an afterthought. This is worrying because we live in a digital world where many organizations have integrated digital solutions into their daily operations.
“Just as you provide physical security for your building and ensure that there is a security guard at the gate, so should you secure your networks,” said Mr. Osunga.
One of the consequences of not prioritizing digital security is that organizations cannot afford skilled personnel to operate cybersecurity, hence the organization continues to be vulnerable to threats.
Furthermore, organizations are prone to cyber-attacks because they carry out treatment before diagnosing the actual problem. Many organizations make the assumption that by having a set budget to procure the tools and setting them up, they are granted safety, yet this is rarely the case. In actuality, it is important to carry out an audit of the systems and know the attack surface of the systems to analyze where the system is vulnerable and the kind of threats to watch out for. This helps organizations understand the impact of an attack on the organization in terms of reputation and finances. This audit enables organizations to know their information system assets, the type of system they are, and where they are most vulnerable. The organization can also use its budget most beneficially to procure the necessary tools and skilled personnel to handle any threats.
Mr. Osunga curated a list of Do’s that organizations can implement at their level to ensure the safety of their digital systems, he also recommended corresponding services offered by @iLabAfrica. This includes the following;
- Train everyone in the whole organization on cybersecurity awareness: In data security, human beings are known to be the weakest aspect. This is why it is important to train every employee on basic digital hygiene such as how to set up strong passwords. @iLabAfrica offers cyber hygiene training to organizations, which involves security audits of their systems to ensure that they are free from any threats, ensuring that based on the type of data they process, the organization complies with the Data Protection Act.
- Period Vulnerability testing, preferably twice a year. This is the recommended number of times an organization should test its systems because it takes an average of 6 months to identify and neutralize potential cyber threats. @iLabAfrica offers Vulnerability Assessment Management where they scan the organization’s applications and networks to analyze if there are any vulnerable places that can be exploited. This service is combined with penetration testing that involves conducting tests on a deeper level. This not only uncovers vulnerabilities that may have slipped through during the initial check but also ranks them based on severity.
- Create and implement internal cybersecurity policies. These policies govern how your internal staff conducts themselves when using the organization’s network. International organizations can benefit greatly from GDPR (General Data Protection Regulation) compliance services. The GDPR is a European regulation that governs how the personal data of individuals in the EU may be processed and transferred. This ensures that international organizations collecting and processing data from Europe comply with the regulations to prevent data breaches.
- Use a secure network. This starts from the network architecture design—the design must be equipped with intrusion and detection systems to ensure it is secure. Also, take the extra step to move to Zero Trust Network where the people on your network must always verify at every step before accessing the network.
The digital age brings undeniable convenience and connectedness, but it also creates a critical need for data security. Cyberattacks have crippled many promising businesses, highlighting the importance of online protection before we fully embrace this new era.
By @iLabAfrica Research and Innovation Centre, Strathmore University.