Security threats and mitigation

• - definition of cybersecurity terms

• Attacks on various e-learning platforms
• Protection mechanisms against attacks
• Channels of reporting cybersecurity attacks
• Attack statistics in kenya
• Mitigation strategies – KE-CIRT/CC
Definition of terms
• Threat: a threat is any potential danger to information or systems
• Threat agent: is the person or process attacking the network through a vulnerable
port or firewall, or a process used to access data in a way that violates your
security policy
• Vulnerability: is a software, hardware or procedural weakness that my provide an
attacker or threat agent with an opportunity to enter a computer or network and
gain unauthorized access to resources within the environment
• Risk: is the likelihood of a threat agent taking advantage of a vulnerability. It is the
potential for loss or the probability that a threat will exploit a vulnerability.
• Exposure: An exposure occurs when a threat agent exposes a company asset to
potential loss. A vulnerability can cause an organization to be exposed to possible
damages.
Threats to data and information
• Spyware
• Malware
• Phishing
• Data breaches
• Computer viruses
spyware
• Also known as adware, is a software that reacks a users browsing
history. Their purpose is to invade privacy
• Mitiagation measure: do not allow permission to websites to track
data. Also install firewalls as a precautionally measure. A firewall is a
hardware or software that filters information exchanged between two
networks. Most operating systems have a firewall feature.
• If a spyware invades your system, it is not only harmful for your
system, but it can also track your passwords, addresses, names and
other confidential information
malware
• Malware(malicious software) are programs that may affect the
running of a system or perform illegal activities such as secretly
collecting sensitive information from unknowing users. Some of the
common types of malicious programs include: Boot sector viruses, file
viruses, hoax viruses, trojan horse, worms, etc
Measures against viruses
• Install the latest versions of antivirus software on the computers. Also
ensure that you continously update the anti-virus software with new
virus definitions to counter new viruses
• Always scan removable storage media for viruses before using them
• Scan attachments for viruses before opening or downloading an
attachment. Links that you receive via email usually carry malware to
infect your system or data
Phising/smishing
• Phishing is a social breach that comes through instant messages and
email. Usually, you are made to click on links that try to gain access to
your personal data or information.
• Sensitive information can be kept safe from phishing if users avoid
opening links from people they do not know.
Data breaches
• Data breaching is when the safety and infromation stored in the
system have been compromised. When unauthorized people have
access to data, systems and networks, they can view secured data
that is kept hidden, it is called a data breach. It happens only when
vulnerable points in the system or unuathorized persons have taken
control to your system unethically with malicious intentions.
How to protect data from breaches
• Downloard registered software (genuine and legitimate software)
• Update software when they get old.newer versions have more
security features
• Encypt your data, so that even if it is stolen, it can not be accessed
• Use strong passwords and credentials for all your online accounts.
Avoid common passwords or based on your visible information(birth
date, child, pet name, etc)
• Change your passwords regularly and make sure they are strong and
not easy to guess.
• Set up two factor/multi-factor authentication on every account that
allows it
2 factor/multi factor authentication
• Addition of another layer of protection to prevent fraud, account or
identity theft. Identification process consists of two steps:
• Identification: climing identity (user name, mobile no, ID, email,etc)
• Authentication: backing up identity by using two of the following factors
Something you know: password, PIN, verification question
Something you are: fingerprint, face recognition, iris
Something you have:phone, smart card, etc
Protecting office devices
• Always lock your devices with a strong password, PIN, pattern lock,
biometric means
• Make sure your computer and mobile devices have regular and often
backups. In addition save backups often on offline means (hard disk/ cloud)
• Make sure that you have an automatic update for your operating system,
software and browser
• Avoid connecting external devices from unknown sources. Use only your
own fixed device, which is approved and provided by your
organization/institution
• When leaving the office or at the end of the workday, remember to logout
from your digital accounts and lock your computer.
Using external storage devices

• Usage of external storage devices can allow an attacker to access

devices data and even use the computer as a potential gateway into
the organization. Avoid connecting external devices(CD, USB devices,
mobile phones) from unkown sources. Use external storage devices:
 Only if necessary and with permission of an authorized factor in the
organization
 After examination or “whitening” process
 From reliable or permanent external media
Protecting emails
• It is important to have two separate accounts: personal and organizational
• Don’t click on links or open suspicious attachments from an unknown or even a known source
• Be suspicious of emails that require an immediate/ urgent action. If necessary, contact the
sender through alternative means (phone call)
• Avoid sending corporate or sensitive information to an out-of-network email box. If necessary,
use email encryption solutions
• When sending an attachment email, make sure the attachment is indeed what you intended to
send
• Take not of the sender’s address, it could be an impersonator e.g. paypal.com or paypa1.com.
• When mailing to a widespread mailing list, prefer to add all receipients In a hidden copy (BCC)
• Do not forward/send usernames and passwords by e-mail or by any public channel
• If you already clicked on a link/attachment you received – do not delete the message so that it
can be investigated.
Safe internet use
• Note that the URL starts with https (s for secure) and a closed lock
icon appears next to it, which signifies that it is a secure site.
• notice whether the site is unprofessionally designed, contains
misspellings or poor linguistic wording, contains too many links or is
characterized by multiple advertisements
• Check if the website name matches its content and whether the
website extension is strange/suspicious
• If the site does not include “contact us”/”about us”/”privacy policy” –
is a suspicious sign
• In any case of concern or suspicion – avoid entering personal or bank
details information on the website.
Report an unusual event
• When there is a certain or suspected information security breach
• When there is an identification or suspicion of an operational
malfunction, which could cause information security breaches
• When there is identification or suspicion of a suspicious action by a
colleage or opponent
• When an organization computer/ end-point or personal mobile which
can be used to enter the corporate email –are stolen
• The presence of a suspected or unauthorized party in the
organization’s premises.
Summary of measures against data
breaches:firewall
• A firewall is a device or software that filters the data and information
exchanged between different networks by enforcing the networks
access control policy. The main purpose of a firewall is to monitor and
control access to or from protected networks resource
• People who do not have permission can not access the network and
those within can not access firewall restricted sites outside their
network
Channels of reporting cybersecurity
attacks
• In Kenya, you can report cybercrime to the National Kenya Computer
Incident Response Team Coordination Centre (KE-CIRT/CC),
• the Directorate of Criminal Investigations (DCI),
• the Communications Authority of Kenya (CA).
KE-CIRT/CC
• IS a multi-agency framework that coordinates response to cyber
security matters at the national level
• The agency detects, prevents and responds to various cyber threats
targeted at the country and acts as the interface between local and
international ICT service providers.
Data encryption
• Data on transit over a network faces dangers of being tapped, listened
to or copied to unauthorized destinations. Such data can be protected
by scrambling it into a form that only authorized sender and reciever
can read it. This process is called encryption.
• There exist several algorithms for encryption of data.
• Two keys are normally used (encryption key an decryption key)
Security monitors
• Security monitors are hardware or programs that monitor and keep
track of all the activities performed using computer systems.
Global cyber threat landscape
overview
• Malware
• Mobile malware
• Phishing and social engineering
• System attacks
• DDoS attacks
Total cyber threats detected in
kenya between july and sept 2024 –
657,843,715
• System attacks – 583, 696 ,090
• Brute force attacks – 38,135,186
• Malware attacks -33, 894,268
• DDoS attacks – 1,826,259
• Web application attacks – 174,251
• Mobile application attacks – 117,661
The cyber attack vector trend in kenya shows that system attacks were
most prevalent while mobile application attacks were least prevalent
Top targeted systems
• End – user devices
• Internet of things (IoTs)
• Web applications
• Networking devices
Top targeted industries
• Internet service providers
• Cloud service providers
• Government ministries
• Academia/education
Mitigation strategies against attacks
– KE-CIRT/CC
• Security by design: include security during development of software
• Deployment of domain protection tools such as Domain-based message
authentication reporting and spam filters
• Upgrading end-of-life products
• Application of relevant patches and updates as provided
• Disconnect devices from the network if not in use
• Update software to the latest version
• Download applications from trusted sources
• Check application permissions
• Implementing firewalls and intrusion detection systems
• Use of strong passwords and multi-factor authentication