The continuous evolution in sophistication and the rising frequency of cyber threats means that next level stealth attacks are becoming increasingly difficult to detect and prevent with traditional cybersecurity technology.
By Saul Wamalwa, regional manager for West, East And Central Africa at Commvault
While most cyber breaches in Kenya are not publicised, a recent Distributed Denial of Service attack that received widespread media attention took down government’s eCitizen portal, which is used by the public to access more than 5 000 government services. In recent weeks, ransomware attacks also affected both the Kenya Airports Authority and the Neighbours Retail Group.
The Communication Authority of Kenya’s Cybersecurity Report Q2 2022-2023 notes that elementary and advanced phishing attacks still result in an alarming rate of successful theft of user credentials and account takeovers. It also states that ransomware attacks continue “to top the threat vectors quarter-over-quarter as cyber threat actors adopted sophisticated techniques to extend their attacks”.
According to a study by Venafi, 60% of security decision makers consider ransomware to be as serious as terrorism, while 80% of organisations were hit by ransomware attacks in 2021/22. At the same time, only 32% of organisations are comfortable with their security controls, which underscores the need for businesses to protect themselves against ransomware.
Structured and organised
While ransomware attacks on Kenya’s private and public sector organisations used to largely be isolated events in the past, they have evolved drastically during the last five to ten years to become well-structured and organised. This is partly because the availability of ransomware tools on the dark net have enabled cyber threat actors to adopt Ransomware-as-a-Service (RaaS) attack techniques to execute automated ransomware attacks.
Protecting an organisation’s IT ecosystem against cyberattacks has become a game of seeing who is smarter – those trying to defend the infrastructure or those launching the attacks. Unfortunately, there is no limit to human creativity, so when trying to defend their environments, information security professionals are constantly being tested by new techniques and security tools that typically lag a bit behind.
However, there are solutions and ways to secure an IT environment as best as possible by following best practices and investing in the right tools. Cyber deception is the new frontier in ransomware detection and prevents attacks by luring cybercriminals to honeypots of data that assist to proactively detect, defend and recover from unknown threats.
Crucial defensive weapon
Cyber deception technology is rapidly gaining traction as a crucial defensive weapon in the enterprise cybersecurity arsenal, and typically consists of techniques that dupe hackers into engaging with dummy digital resources that are not used by authorised enterprise users. These decoys, which can include services, networks, files, user accounts or email accounts, only serve to alert the organisation that a breach is in progress.
By essentially increasing an organisation’s attack surface and luring cybercriminals to attack a fake resource, cyber deception strategies act as an early warning system that an attack is happening, which gives security teams time to bolster their defensive measures, lock out the intruders and ensure that the environment is stable and secure.
One of the main benefits of cyber deception is that it is a proactive rather than reactive strategy, which allows enterprise security teams to beat attackers at their own game. Considering the value and strategic importance of data in businesses, enterprises should thus explore protecting their critical data by deploying cyber deception technology as a service.
Ultimately, the key to reducing security vulnerability is to take proactive steps to protect data and applications by engaging with a reputable solutions provider that can offer comprehensive and sophisticated ransomware protection and recovery solutions.