By Patrick Ndegwa
Technology is playing an increasingly significant role across almost every business sector. The pace of digital innovation is accelerating but, with the proliferation of IoT devices, cloud-based networks, and other business-critical ICT infrastructure, comes a much larger attack surface for cybercriminals. Governments, educational and financial institutions, global enterprises, and even small businesses are all potential targets of ransomware, malware, Distributed-Denial-of-Service (DDoS) attacks, and social engineering. And as these different forms of cyberattacks continue to become more sophisticated, it’s becoming more crucial than ever that organisations are adequately protected.
During 2021, global cybersecurity companies such as Kaspersky and Cloudflare have highlighted an unprecedented evolution and growth of DDoS attacks. Even global tech giants such as Google and Microsoft have had to fend off large, coordinated attacks against their services in recent years. These attacks are getting bigger, smarter, expertly tailored according to their targets, and intelligently exploiting specific gaps in cybersecurity. And, unfortunately, they’re coming closer to home.
Understanding the threat of DDoS attacks
A DDoS attack is a malicious type of cyberattack that targets a network, server, or services with the goal of overwhelming a network (or connected IT infrastructure) with a flood of requests. This is often done with the use of a botnet, which is a group of devices that automatically perform such actions over the Internet, causing a network or service to slow down or stop functioning completely. This can make a service inaccessible to both users and employees, resulting in high recovery costs, downtime for critical business functions, or – in the case of an e-commerce site that stops working – the loss of income and reputation.
Importantly, DDoS attacks can also make a network vulnerable to further attacks, resulting in even costlier data breaches. DDoS attacks are often part of a wider strategy that is coordinated to exploit more than one vulnerability in a business network. And, with the sudden shift towards remote working since the start of the pandemic, cybercriminals have a much larger attack vector on unsecured at-home networks.
What’s the situation in Africa?
Across Africa, technology is being rapidly adopted as we move into a more urbanised and digitally-driven age, but with the growing pains of digital transformation comes greater vulnerability. Our figures revealed that DDoS attacks in Africa have increased by 300% in 2021, compared to the same period in 2019. There were a total of 382 500 DDoS attacks across the continent between January and July 2021. Kenya, specifically, saw an astounding 2 400% increase in attacks over the same period, and the number of these attacks are not expected to slow down.
According to the cybersecurity report by Communications Authority of Kenya, there were 38 776 699 detected cyber threats in Kenya between April and June 2021. This figure increased by an alarming 37.3% in only one quarter of 2021, and 29.1% of these threats were DDoS attacks. It’s clearly becoming increasingly vital that every organisation, especially at the start of their digital transformation journey, ensure every aspect of their IT infrastructure is protected.
How can businesses protect themselves?
Cybersecurity has multiple layers and is always an on-going process. Security measures should, therefore, be implemented from the ground-up, and not added as an afterthought. In this current climate, organisations need to be sure they can stay up to speed with ever-evolving and increasingly complex cybersecurity threats. Cyberattacks may be getting more sophisticated but, thankfully, so are the ways that businesses can prevent them.
A DDoS attack, for example, can be mitigated by services that remove malicious traffic and only let legitimate traffic pass through, thereby protecting the network and ensuring that operations or services don’t grind to a halt. Advanced intrusion prevention and threat management systems can utilise next-generation firewalls, Virtual Private Networks (VPNs), load balancing, content filtering, and other security mechanisms to prevent DDoS attacks from impacting a network. The right combination of tools and technology can place your business on more solid ground when it comes to fending off cybersecurity threats in general, and DDoS attacks in particular.
One of the major pitfalls in cybersecurity is that not every organisation has the expertise or a dedicated security team that can provide up-to-date, enterprise-class protection. And the statistics are clear: cybercrime is on the rise. Now, more than ever, it’s essential that organisations find a dedicated cybersecurity partner whose sole objective is to keep their business safe from the various kinds of modern cyberattacks. Cybersecurity should be proactive rather than reactive and, with the help of managed security services, businesses can rest assured that when an attack occurs, they’ll have all the protection and processes already in place. Peace of mind is something to be prized.