BY CLAUDIA ADUSEI BOATEMAA
Victimizing governmental and financial institutions, the last couple of years has not been easy ensuring IT security as a result of the proliferation of cyber-attacks on institutions and organizations. The massive hack of Yahoo’s email system with all 3 billion Yahoo email addresses effected in 2017 is enough harm and caution to the world as to how far cyber-attacks can travel.
Cyber-attack, also known as computer network attack, is an attack mostly launched from one or more computers against another computer or multiple computers and networks to commit fraud, identity theft or privacy violation. Attacks target the general public, government and corporate organizations and financial Institutions. These are initiated through the spread of malicious programs (viruses), unauthorized web access, fake websites and other means of stealing personal or institutional information from the target of the attack.
Cyber criminals have developed different technical methods of gaining access or disabling operations including ransomware, denial of service, main in the middle, phishing, among others.
Ransomware is one of the fast growing forms of cyber-attacks and has been behind a number of high-profile security breaches around the world. This type of attack is often delivered via emails which tricks the recipient into opening attachments and releasing malware onto their system. Once the computer has been affected, it locks up the files and encrypts them in a way that makes them inaccessible anymore. Attackers threaten to delete files and demand payment in bitcoins as ransom for release of the locked files. However, paying the ransom does not guarantee the recovery of all the encrypted data.
Man in the Middle (MITM) is also another form of attack that alters communication between two users, impersonating both victims in order to manipulate them and gain access to their data. The users are not aware that they are actually communicating with an attacker rather than each other.
Phishing is an attempt to access sensitive information such as passwords and bank accounts by posing as a trusted individual. This is done via electronic communication, most commonly by emails, and can inflict enormous damage on organizations.
Denial of Service (DoS) is an attack on a system’s resources, enabling the system incapable of responding to service attacks. DoS attacks are designed to disrupt normal web traffic and take a site offline. This is done by flooding a system, server or network with more access requests than it can handle. DoS attacks are often launched from numerous compromised devices, and are usually distributed globally through botnets.
It is however sad to note that, with every passing year, cyber-attack increases as it is seen as a lucrative way of gaining money by criminals. Cyber-attacks are estimated to be a $1.5 trillion industry, with some countries now basing their economy around it. Market Research Engine predicts that the cyber security market will grow into a $170 billion industry by 2022 worldwide.
Over the past 5 years, security breaches have increased by 67% according to Accenture’s global survey. According to their survey, the average cost of cybercrime for an organization is estimated to be $13 million per year.
Ghana is no exception to the proliferation of cyber-attacks around the world. However, financial institutions are mostly prone to these attacks in the country. A study in 2016 indicated millions of cyber-attacks were recorded that year in the financial sector. It further disclosed more than 400,000 Malware incidents, 44 million spam incidents, and 280,000 bot incidents within Ghana’s financial sector.
Reports available at the Cybercrime Unit of the Criminal Investigative Department of the Ghana Police Service revealed that $30.7 million was lost to cybercrime in 2016, £28million in 2017 and $97 million at the end of August 2018.
A 2017 report on cyber security released by 3T Solutions Consulting revealed that banks and financial institutions in Ghana are most vulnerable to cyber-attacks. Findings of the report also indicated that the common feature with which cyber criminals’ use on their unsuspecting victims is to hack into their email and get hold of the correspondences and instruct the banks to transact businesses on their behalf. Another common feature associated with cyber criminals is the use of ATM cards to defraud their victims by cloning the cards.
These statistics indicated clearly that any organization can easily be victimized if proper cyber security measures are not employed. It is worthwhile for every organization to assess its level of cyber security. This will identify flaws and guide management to take initiatives that will ensure full protection against cyber-attacks.
Also advanced anti-virus software makes it is possible to remove all forms of virus from the computer including malicious software introduced by cyber criminals. These Anti-virus software prevent malicious software programs from embedding on computer and works to disarm any virus if detected.
Organizations can also protect themselves against such attacks through the installation and update on anti-spyware technology. A spyware, as the name suggests, is a software that is surreptitiously installed on the computer to let others peer into activities on the computer. Some spyware collects information about you without your consent or produces unwanted pop-ups on your web browser.
Computer operating systems should be periodically updated to stay in tune with technology requirements and to fix security holes and ensure that the computer has the latest protection.
With the growth of high-speed internet connections, many opt to leave their computers on and ready for action. The downside is that being “always on” render computers more susceptible. Turning the computer off effectively dissolves an attacker’s connection, be it spyware or a bonnet that employs the computer’s resources to reach out to other unwitting users.
The upsurge of cyber-attacks on banks and financial institutions is a wake up call to all other governmental and corporate bodies to adopt strategies to increase cyber security in Ghana.
Financial institutions in Ghana should also endeavor to organize cyber security training for their management and employees to increase their knowledge on cyber-attacks and best ways of fighting these attacks.