The impact of cyber-attacks on individuals, businesses, and organisations cannot be overemphasized. It becomes a great concern for institutions whose operations are based on the internet, digitalisation, and technology-driven. These pose a great threat to smooth operation, business success, and existence. If not carefully checked, can ruin any business or organisation within a twinkle of an eye.
A Cyber-attack is any attempt by a hacker to gain unauthorised access to computing devices, information systems, infrastructures, and networks to steal processed information to the detriment of the victim. The attack has the capacity of exposing, altering, disrupting, disabling, destroying, stealing, gaining, or even resulting in the damage of the system or infrastructure of the victims. However, in some cases, these attacks may not affect the system adversely. Those that engage in this act are called hackers or cybercriminals and the act itself is called cyber-crime.
Oftentimes, several cases of detected and traceable cyber-attacks have been reported, but many undetected cases are still out there until the loophole is checked. Recently reported is the case of an attempted cyber-attack by a hacking group called Cozy Bear from Russia, who were allegedly accused by the British, Canada, and United States of trying to steal COVID-19 vaccine and treatment research from academic and pharmaceutical institutions around the world.
In a similar case, some group of UAE-based Africans was reportedly extradited to the United States over an alleged case of hacking, cyber fraud, and other related cybercrime.
Concern over the rising cases of bank-related fraud since the beginning of the COVID – 19 outbreak has been reported, as fraudsters were exploiting the economic hardship of the outbreak to take advantage of the vulnerable bank customers through scam mail and text messages.
Statistics have also shown that from the beginning of the global pandemic, the rate of cyber-attacks and crimes has grossly increased. Over 18 million of COVID-19 related scam email was reported to have been sent to both private and corporate bodies with the intent of phishing.
Sixty percent (60%) of businesses and organisations were reported according to Businessday Nigeria to have suffered from cyber-attacks early last year, and forty-three percent (43%) out of the sixty percent were focused on small and medium-sized enterprises (SMEs) who has only a little or no effective measure in place to curb these menace. According to the Nigeria Cyber Security Outlook 2020, cyber-attacks on SMEs are expected to rise continually and other areas such as cloud-based systems, user mobile devices, IOTs, and as well as organisations in the non-financial sector were predicted to be a focus of cyber-attacks this year.
As businesses, organizations, trading, and other activities are now operating almost fully online due to the implementation of COVID–19 work from home policy, we must consider the impacts of cyber-attack, prevention, and solutions.
Types of Cyber-attack
Cyber-attacks come in various forms but the commonest and most often used are listed here:
Malware: This is a malicious software attack deployed through a website, email, or both in other to gain unauthorised access, extract sensitive information, disrupt or damage the system e.g. worms, virus, Trojan horse, adware, etc.
Ransomware: This is a type of malware attack that involves blocking access to data or files of its victim in demand for payment of ransom before restoring access.
Phishing: This attack involves sending a disguised email (with the name of a popular brand) randomly to a wide audience to get them in clicking an infected link or reveal sensitive information.
Spear Phishing: This attack is an advanced form of phishing where disguised email, using the name that the target is in contact with to get them in clicking an infected link or reveal sensitive information. This involves thorough research or monitoring of the victim.
Structured Query Language (SQL) Injection: This type of attack involves an injection of malicious code directly on a weak data-driven website to take control of and or steal information from the web.
Denial of Service (DOS): It’s an attack that floods systems, servers, or networks with traffic to exhaust resources and bandwidth so that online services are not available.
Impacts of Cyber-attack
Whichever type of cyber-attack is used, the following are the impacts it has on businesses:
1. Loss of valuable information assets e.g. financial and corporate information.
2. Disruption of key business activities or operations.
3. Inability to carry out transactions online.
4. Emptying of business or personal bank accounts.
5. Temporary or permanent loss of customer-sensitive data.
6. Lack of erosion of trust and confidence in the business brand.
7. Loss of customers leading to a reduction in sales and profits.
8. Complete collapse or winding up of a business.
9. Fines and regulatory sanctions over failure to adequately protect customer’s data.
10. Loss of money through payment of a ransom to recover stolen data.
11. Increased expenses as a result of repair of damaged computer systems and networks.
12. Increase in business liabilities because payments have to be made to the affected customers.
13. Loss of shareholders, investors, and revenue from contract.
Preventions and Solutions
These attacks are successful due to loopholes in system security or vulnerability in the system networks. Therefore, the necessary following preventive measures and solutions can be adapted for businesses that fall victim to cyber-attacks:
- Train and educate your staff about cybersecurity.
- Use secure and sophisticated hardware with a 2-way authentication password.
- Check your cybersecurity performance by using NIST framework and consider cyber insurance.
- Secure your business files by backing them up on an external hard drive.
- Report any cyber breach to the relevant authorities and stakeholders.
- Avoid opening an email attachment from anonymous senders.
- Secure your network with a very good network protector e.g. firewall.
- Install anti-virus or anti-malware to prevent the system and network from infiltration.
- Use a very strong login password for your devices and encrypt your business data.
- Clean up the affected systems.
- Avoid visiting an unsecured website.
- Create and test emergency protocols with information technology staff.
- Update software e.g. web browsers, operating systems, and apps regularly for the latest security improvement.
- Restrict vital transactions to a very secure communication method.
In any way you make use of the internet, it is high time everyone safeguards access code or password. The new normal is digitalisation across the globe, and no one should fall victim to hackers, fraudsters, or cybercriminals. Meanwhile, debit and credit card users also must be guided against common tricks used by fraudsters.