Instead, attackers exploit simple, preventable security weaknesses that organisations repeatedly fail to fix.

Danny Mitchell, cybersecurity writer at Heimdal Security, examined high-profile breaches from the past decade and found that most began with stolen credentials, unpatched systems, or phishing attacks. 

When we examine the anatomy of major data breaches over the past decade, a clear pattern emerges,” Mitchell said. 

“Attackers consistently exploit the same entry points because organisations continue to leave these doors open. Understanding where breaches begin is the first step toward preventing them.”

1. Compromised Credentials

One of the most common vulnerabilities is stolen or weak credentials. In the 2013 Target breach, hackers accessed the network through a third-party HVAC vendor. 

Using these credentials, they moved across the system and stole 40 million credit card numbers and 70 million customer records. 

Mitchell says, “Organisations often grant excessive access to third-party vendors without implementing proper oversight or segmentation. Once attackers obtain valid credentials, they appear as legitimate users, making detection extremely difficult.”

2. Unpatched Systems

Equifax’s 2017 breach reveals another recurring issue, which is the failure to update systems. Attackers exploited a known vulnerability in Apache Struts, a patch that had existed for months. 

The breach exposed sensitive data of 147 million people. “Equifax was breached using a vulnerability that had a publicly available patch,” Mitchell notes. “This breach occurred not because the attack was unavoidable, but because basic patch management processes failed.”

3. Phishing and Email-Based Attacks

Email is an easy entry point for attackers. In 2011, Epsilon suffered a breach after phishing campaigns targeted client databases, affecting millions of customers from brands including JPMorgan Chase and Walgreens. 

Mitchell explains, “Email-based attacks work because they exploit human behaviour rather than technical vulnerabilities. Even with advanced security tools, a convincing phishing email can bypass technical defences if an employee clicks a malicious link or provides credentials on a fake login page.”

Why These Weaknesses Persist

Mitchell identifies three systemic reasons organisations remain vulnerable:

• Over-Privileged Accounts: Many employees and vendors retain access rights they no longer need.
• Poor Visibility: Security teams often lack tools to monitor unusual network activity.
• Tool Sprawl: Multiple disconnected security systems create blind spots that attackers exploit.

Steps to Reduce Risk

Mitchell suggests helpful measures to block attackers at the most common entry points:

• Enforce strict privileged access controls and multi-factor authentication.
• Use DNS filtering to block connections to malicious domains.
• Deploy endpoint detection and response systems for real-time monitoring.
• Implement automated patch management and prioritise critical vulnerabilities.

“Attackers will always choose the path of least resistance,” Mitchell concludes. “By closing these common entry points, organisations force attackers to use more sophisticated, and therefore more detectable, methods. While perfect security may be impossible, you can make your organisation a harder target than the alternatives.”

This is designed to avert a nationwide ban and settle long-running security challenges with Washington.

Under the binding agreement, ByteDance will cut its stake to 19.9%, while investors led by Oracle, Silver Lake and Abu Dhabi’s MGX will collectively take 80.1% ownership of a newly formed company, TikTok USDS Joint Venture LLC. 

The structure is intended to satisfy U.S. laws that demand the separation of TikTok’s American business from Chinese control.

The arrangement follows legislation passed by Congress in April 2024 that required ByteDance to divest TikTok’s U.S. operations or face a ban. The Supreme Court upheld the law in January 2025, setting a January deadline. This joint venture, due to close on 22 January, is meant to meet that requirement.

Ownership alone, however, has not ended the issue. The new entity will be run by a seven-member board, with Americans holding most seats. ByteDance will appoint one director. Oracle has been named the “trusted security partner” and will be responsible for auditing compliance and protecting US user data, which will be stored on Oracle’s cloud infrastructure inside the United States.

TikTok’s chief executive, Shou Zi Chew, told staff that the venture would “operate as an independent entity with authority over U.S. data protection, algorithm security, content moderation and software assurance,” according to an internal memo. 

He also said TikTok’s global US entities would separately handle “global product interoperability and certain commercial activities, including e-commerce, advertising, and marketing”.

Even so, there’s still uncertainty over the heart of the platform, its recommendation algorithm. Former U.S. officials and analysts say it is still not clear if the algorithm has been transferred, licensed, or remains under ByteDance’s control, with Oracle potentially limited to oversight rather than ownership.

Reports from Chinese media have suggested ByteDance may continue to play an operational role or receive revenue from the US business, leading to questions about Beijing’s influence despite the new structure.

President Donald Trump has openly credited TikTok with helping his re-election and maintains a large following on the app. His administration has also launched an official White House TikTok account. At the same time, Trump’s close ties to Oracle chief executive Larry Ellison have drawn criticism from Democrats.

Senator Elizabeth Warren has been among the most vocal opponents, saying: “Trump wants to hand over even more control of what you watch to his billionaire buddies. Americans deserve to know if the president struck another backdoor deal for this billionaire takeover of TikTok.”

Trump previously said high-profile investors, including Michael Dell and Rupert Murdoch, could be involved, though there are no reports about who ultimately joined the final deal.

This agreement ends the immediate threat of a ban, but not the argument around influence and control. 

Kehinde Ogundare, the country manager for Zoho (Nigeria), shares insights into how the company is driving growth, ensuring data security, and maintaining gender balance within its workforce. 

“The economy and the environment might not be suitable for some startups, but we are committed to providing support,” says Ogundare, stressing Zoho’s focus on helping the startup community scale despite the economic downturn.

Zoho’s Growth: The Numbers Tell a Positive Story Speaking on Zoho’s growth over the years, Ogundare noted that the company has steadily climbed in a positive direction, “In 2022, Zoho grew by 50%, which led to us acquiring an additional 100 customers. In 2023, we experienced a 31% growth, which still signifies an increase.” 

He explains that Zoho’s consistent expansion reveals the growing trust in the company’s products, with more businesses integrating Zoho solutions into their operations.

Empowering Startups Through Zoho for Startups Despite the economic challenges that have forced many startups to shut down, Zoho is focused on creating a sustainable ecosystem for entrepreneurs. 

Ogundare pointed to Zoho for Startups, a programme designed to support startup communities by offering free credits for software use.

“We offer $500 in credit to help startups pay for essential services such as CRM and operations,” Ogundare explains. This allows emerging businesses to focus on innovation without the burden of operational costs in their early stages.

Unshaking Data Security Standards In a period where data breaches are a constant threat, Ogundare assertively shares Zoho’s spotless record in data security. “To the best of my knowledge, we’ve never had any case of a data breach. Data security and privacy are at the core of our business, and we spend a lot to ensure that customer data remains safe,” Ogundare says. 

He further emphasizes that Zoho is compliant with several regulatory bodies, conducting annual security and privacy training for employees to minimize risks.

Zoho School of Learning: Training for Impact Zoho’s commitment to education is seen in its Zoho School of Learning, where over 1,600 individuals have been trained, with 75 currently employed at Zoho. “We train and we employ. But everyone is free to seek opportunities anywhere they want,” Ogundare notes. 

This initiative, although currently available only in India, has highly impacted the country’s job market and has also built a pipeline of skilled professionals who can contribute to the tech industry. Ogundare affirms that Zoho is working to expand the school of learning to other countries including Nigeria, sooner than later.

Gender Balance and Inclusion at Zoho Zoho also takes gender balance seriously, with a focus on ensuring equal opportunities in its workforce. Ogundare shares that the company’s recent 43% impact on the Nigerian job market achieved a 60:40 male-to-female ratio, and globally, Ogundare asserts that “more than 67% of our managers are women.” 

Gender equality, he stresses, is a core value at Zoho, and the company strives to reflect this in every aspect of its recruitment and management practices.

Zoho Analytics: Empowering Businesses with Data Zoho Analytics, the company’s business intelligence software, is another tool designed to assist both businesses and individuals in making informed decisions. “Whether you’re an individual or a business, Zoho Analytics helps you understand your data and make better business decisions,” Kehinde Ogundare explains. 

This innovative tool ensures that users can leverage the power of data to drive growth and efficiency.

Zoho’s Vision for the Future In its continued support of the Nigerian tech industry, Zoho’s mission to empower startups, ensure data security, and promote gender balance reiterates a huge focus to building a sustainable and inclusive future. 

For businesses and individuals alike, Zoho remains a reliable partner in scaling through the complexities brought about by economic limitations.

The increasing reliance on AI, the demand for robust data security, and the need for scalable and flexible solutions are just a few of the critical issues that require careful consideration.

As we continue to progress in this AI-driven world, it is imperative to address these challenges and understand the questions that should concern both software vendors and their clients.

Some of the challenges in risk enterprise management that software vendors and practitioners are currently facing include:

1. Data privacy and security:

Ensuring that sensitive business and financial data is protected from potential breaches and cyber-attacks.

2. Integration of AI and automation:

Leveraging artificial intelligence and automation tools to improve risk assessment and decision-making processes within enterprise management systems.

3. Regulatory compliance:

Adhering to stringent industry regulations and standards while also staying ahead of any potential changes or updates.

4. Scalability and flexibility:

Developing software solutions that can accommodate the changing needs and demands of businesses as they grow and evolve.

5. User-friendly interfaces:

Creating intuitive and easy-to-use interfaces that make it simple for clients to navigate and utilize risk enterprise management software effectively.

6. Customization and personalization:

Offering customizable solutions that can be tailored to the specific needs and requirements of individual businesses.

Some of the questions that should concern software vendors and their clients today include:

1. How can AI and automation be effectively integrated into risk enterprise management software to improve decision-making and streamline processes?

2. What measures are in place to ensure the security and privacy of sensitive data within the software solution?

3. How does the software address the evolving landscape of regulatory compliance and adapt to any changes in industry standards?

4. What level of scalability and flexibility does the software offer, and how does it accommodate the growth and development of businesses over time?

5. What steps have been taken to ensure that the user interface is intuitive and user-friendly for clients to use effectively?

6. How customizable and personalized are the risk enterprise management solutions, and how can they be tailored to the specific needs of individual businesses?

As this list is growing, permit me to expand some points with examples:

1. Data privacy and security: In today’s digital age, the protection of sensitive business and financial data is crucial. For example, software vendors need to implement advanced encryption protocols and access controls to safeguard data from potential breaches and cyber-attacks.

They also need to comply with regulations such as the General Data Protection Regulation (GDPR) in the EU or the Health Insurance Portability and Accountability Act (HIPAA) in the healthcare industry.

2. Integration of AI and automation: Software vendors are increasingly focused on integrating artificial intelligence and automation into risk enterprise management systems to improve risk assessment and decision-making processes.

For example, AI algorithms can be used to analyze large datasets to identify patterns and trends, while automation can streamline routine tasks such as data entry and report generation.

3. Regulatory compliance: The software must adhere to stringent industry regulations and standards. For instance, in the financial sector, software vendors need to ensure compliance with regulations such as the Dodd-Frank Act or the Basel III framework.

They also need to keep their systems updated to accommodate any changes in regulations, making it crucial to offer regular updates and support services.

4. Scalability and flexibility: As businesses grow and evolve, they require software solutions that can scale with their needs.

For example, a risk enterprise management system should be able to handle an increase in the volume of data and transactions as a company expands, without sacrificing performance.

5. User-friendly interfaces: The software should offer an intuitive and easy-to-use interface for clients. For example, a clean and visually appealing dashboard with customizable widgets and interactive charts can make it easier for users to navigate through complex data and make informed decisions based on risk analysis.

6. Customization and personalization: The software should be flexible enough to be tailored to the specific needs and requirements of individual businesses.

For example, a software vendor may offer different modules or add-on features that can be customized to meet the unique risk management needs of clients in different industries or with specific risk profiles.

In conclusion, as the realms of business, technology, and risk management continue to intertwine, the challenges facing software vendors and their clients are only likely to increase.

It is through a keen understanding of data security, regulatory compliance, AI integration, and user-centric design that software vendors can shape solutions that meet the ever-evolving needs of their clients.

By addressing these challenges head-on and adopting a forward-thinking approach, software vendors can play a pivotal role in shaping the future of risk enterprise management in this AI-driven world.

The Writer, Prof. Ojo Emmanuel Ademola is the first Nigerian Professor of Cyber Security and Information Technology Management, and the first Professor of African descent to be awarded a Chartered Manager Status.