By Arasha Soila
Nairobi Kenya: Threat actors look for weaknesses that they can exploit to achieve their goals. Nation-states, cybercriminals, hacktivists, terrorist groups, thrill-seekers, and insider threats are some of the threat actors. These actors start by gathering information on potential targets and use various techniques to build trust with the targets depending on the attack. They exploit the trust earned to attack and then utilize the information they have gained for whatever motive they have, whether for financial gains or disruption of services.
Some of the common threats we may be familiar with are malicious software like viruses, spyware, backdoors, and ransomware. However, some of the threats are automated threats. Denial of Service, brute force, and exploits are some of the automated attacks intentionally caused by malicious actors.
Social engineering is another threat that affects digital security. With social engineering, attackers leverage non-technological strategies to attack information systems through impersonation, tricks, bribes, and blackmailing people.
Speaking during a digital security webinar, Samaila Bako, Security Evangelist at Code for Africa urged organizations to always conduct continuous training with their employees on how to identify and handle security threats. “Training should not be a one-off, it needs to be regular. If employees are not able to identify these malicious threats then they wouldn’t know they are being attacked,” he emphasized. He continued by stating that employees should always report to the technical team in case they come across these threats.
The cybersecurity awareness trainer, further expounded that from an individual standpoint, one needs to verify information via another means for certainty. Additionally, he advised one should also leverage tools like anti-malware solutions, disk encryption, and VPNs to protect data. “These tools will help you achieve things like scanning attachments as one may not even know how to crack down the codes. We also need to adopt secure authentication by using strong passwords, multi-factor authentication, and password managers,” he affirmed.
Taking into account, recommended strong passwords contain a minimum of six or eight characters, numbers, both upper and lower case alphabets, and symbols. Weak passwords expose our accounts to getting hacked as they are easy to crack.
Multi-factor authentication may include leveraging other security options like using biometrics such as fingerprints, facial, and even voice recognition though attackers are even replicating these features nowadays. One can employ both a username and password pair and incorporate it with the biometrics just to be safe. Password managers on the other hand automatically generate passwords based on criteria you set, store them securely, and can be used across devices.
Other steps to ensure account security are reviewing our account activity, by doing so you are able to see the relevant actions that have taken place including detecting a breach such as password change. Enabling login notifications and managing app permissions is also recommended.
Typically, we tend to prevent unauthorized access to our accounts according to the sensitivity of what we protect. Our efforts to ensure account security is determined by the impact of exposure ignoring other accounts we may have.
Therefore, digital security involves protecting digital assets including the ability to prevent, detect, respond to, and recover from attacks. The common narrative people tend to have is that having strong passwords is enough to keep their data safe. Digital security helps to safe-keep our personal data to avoid identity theft, protects third parties from interception or access to our data, and also protection from censorship.