Data protection: Expert proffers solutions to cyber attack
From Okwe Obi, Abuja
An Information and Digital Forensic Expert, Benedict Joseph Oluwaseun, has advised business owners to use advanced technologies, utilize cyber threat intelligence, implement governance, risk and compliance (GRC) solutions, and conduct frequent cyber crisis simulation exercises, in order to combat cyber attacks.
He explained that one simple attack pattern commonly used by cybercriminals is the compromise of end-user accounts, adding that it is often achieved through phishing scams, where employees are tricked into clicking on malicious links, downloading malware-infected software, or providing their login information on fake websites.
Oluwaseun, in a statement yesterday, there is a pressing need to increase added that agencies should increase cyber security awareness and strengthen security measures.
He said: “One simple attack pattern commonly used by cybercriminals is the compromise of end-user accounts.
“This is often achieved through phishing scams, where employees are tricked into clicking on malicious links, downloading malware-infected software, or providing their login information on fake websites.
“Once an employee’s account is compromised, cybercriminals can escalate their privileges and gain access to the network, allowing them to move around undetected for extended periods of time, spreading malware or stealing sensitive data.
“It is evident that many businesses, especially small and medium-sized enterprises, were not adequately prepared for the surge in sophisticated cyber-attacks brought about by remote working.
“There is a pressing need to increase cyber security awareness and strengthen security measures. In the rush to enable remote working capabilities, cyber security was often not given sufficient priority.
“For instance, some companies failed to ensure that personal devices used by employees had standard security protections in place.
“While virtual private networks (VPNs) are commonly relied upon for secure remote access, they should not be solely relied upon as they have limitations.
“Instead, companies can implement security measures that are non-intrusive, such as host checking, which validates individual requirements on personal devices before allowing access to corporate applications.
“It is also important to promptly apply patches to address vulnerabilities in VPNs when they are discovered.
“Employees should install antivirus and malware software on their personal computers, be educated about best practices for handling emails and other content, and exercise caution when it comes to identifying phishing attempts.
“They should also secure their home Wi-Fi networks with strong passwords and consider using VPNs for an additional layer of protection.
“Companies, on the other hand, can adopt basic cyber security strategies such as identifying and patching vulnerabilities, conducting regular cyber security risk assessments, and updating business continuity plans to include cyberattack scenarios.
“More advanced measures include implementing new technologies and tools, utilizing cyber threat intelligence, implementing governance, risk and compliance (GRC) solutions, and conducting frequent cyber crisis simulation exercises.”