Have you ever lost a social media account, money from your bank account and mobile money?

Well, your computer or phone may have suffered from what is known as a cyber attack.

All the information and money you lost was caused by a third party known as a hacker.

A cyber-attack is more of an offensive act that is impacted to a computer to manipulate in order for the hacker to access the computer like it’s his own.

According to the Africa Cyber Security report 2019/20, Uganda is registering an increase in cybercrime.

The targets are mostly corporate organisations, including commercial banks and telecom companies, with mobile money the most targeted, according to the report.

The Uganda Police Annual Crime and Road Safety Report of 2019, indicates that more than Shs41 billion was lost to criminals through pyramid schemes and other cybercrimes such as swapping SIM cards and hacking digital financial accounts.

Both personal and non-personal computers are equally prone to these attacks.

So in this article, we look at the most common cyber-attacks and practices that expose many institutions to cybercrime and how to avoid them.

Common cyber attacks

Phishing attack
This usually happens in form of messages, especially emails, where a hacker sends a convincing email, asking you to either share your account details or change your password. Most victims only get to realise it after the damage has been done.


Password attack
This affects those that hold weak passwords to the company details, for example, birth dates and names.


Emmanuel Chagara, the chief executive of Milima Technologies Uganda, says it is important to enable strong passwords and account lockouts, use two-factor authentication and regulate and limit internal and external remote connections.


Malware attack
We have all heard familiar words like ransomware, viruses and worms. All these make up an attack known as Malware.

 It’s a computer software designed to disrupt, disable or take control of your computers. It comes in form of a file you are downloading or even a harmless app.


It functions by taking advantage of technical errors, vulnerabilities in hardware and operating systems. Any business can be vulnerable.

How companies become vulnerable to cyber attacks

Being vulnerable in a business puts you in a position where your data, financial details or anything confidential in your business can not only be accessed by a hacker but also stolen.


Mistakes is a core part of the human experience but unfortunately, human error in the computer worId is the cause of 95% of cyber-attacks and threats, according to a study by IBM. Here are the errors.

Failure to prioritise technology investment

When you back up information from the computer system or systems, you’re storing a copy of the data in a different place so that in case you lose the data in the computer system, you can easily access the other copy of the information.

Mr Kassim Walyaulya, an expert in IT management, monitoring and security, says several corporate companies have not prioritised investment in technology.

He says many organisations are using defunct technology because they want to provide services cheaply.

But for financial services providers such as banks and network solutions providers such as telecommunications companies, so much is at stake in terms of data, content and finances.
In this case, Mr Walyaulya says the bank and the telecom company will need to outsource an aggregator to secure safe and robust interaction between themselves to render proper services to clients.
“When this happens, it is critical that all the parties involved commit to ensuring data confidentiality, integrity and guaranteed availability,” Mr Walyaulya says.

Using weak passwords.
Mr Ignus de Villiers, the group head of Cyber Security at Liquid Intelligent Technologies, says poor password hygiene is a significant contributor towards compromises.

He says it is going to be very easy for a hacker to guess a password that contains your name or birthday.
He advises that one should use a combination of upper and lower key letters, numbers, and symbols in your password.


Using outdated software.
One of the reasons we are told to update our software regularly is because these updates come with patches. Patches fix security holes hence making your security stronger.

Employee negligence
Mr Ishmael Muli, the head of Dimension Data Intelligent Security business unit in East Africa, says although insider threats are largely attributed to malicious employees and contractors, data from the company’s Threat Intelligence Centre indicates most cyberattacks originate from employee negligence and other close associates ignoring corporate cyber security policies, misuse of data and installing unauthorised applications, among others.

Installation of unauthorised applications

Mr Muli says cyberattacks largely originate from ignoring corporate cybersecurity policies and installation of unauthorised applications.

He adds that insiders take advantage of organisations that lack the ability to investigate successful cyberattacks, due to limited access controls to detect unusual activity once someone breaches their network.

Daniel Ngobi, a software development manager at Tracecorp Solutions, says some of these attacks involve manipulation of transactional data, tampering of logs to limit tracing, as well as framing legitimate users.

Outsourcing cyber-security roles

Leonah Mbonimpa, who works with National Information Technology Authority Uganda (NITA-U), says outsourcing the cyber-security role to a third party creates more risk to an organisation since there is ceding of control over the organization’s information assets.

“Concerns of assurance of confidentiality, integrity and availability arise in this set-up. The cyber-security perimeter becomes blurred and creates opportunities that threat actors can target causing damage to an organisation,” she explains.

Use of personal devices at work

Ms Mbonimpa says increased use of personal devices such as laptops and smart phones for official work will increase information exposure.

She adds that insiders are increasingly using their personal devices for work purposes which presents a new risk angle for cyber-security teams since most focus is attached to official systems and equipment.

“Cybercriminals are increasingly targeting such devices as an entry point into corporate networks. Organisations need to evaluate the use of personal devices within the workspace to reduce their exposure of information at both application and device level,” she explains.

Way forward

Cerinah Nalwoga, who works with Milima Technologies, says company boards of directors should take a lead role in mitigating cyber-attacks by implementing cyber policies in organisations and supporting their staff in acquiring security training.

“This will in the long run create a ‘cyber smart security culture’ within the workforce and curb some of the threats within the organisation,” she says.

Mr Raymond Amumpaire, a tech lawyer and digital rights activist, says the government should work on a legal framework to make cyberspace a more secure and enjoyable experience for all.

H urges government to urgently ratify the African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention).

“This will shows its commitment towards building a credible digital space for electronic transactions, personal data protection and combating cybercrime,” he explains.