Bracing up for radical shifts in cyber security
The trend of cyber attacks has assumed a new status far from its hitherto known posture, prompting experts to sound the warning note louder as imminent cyber threats continuously mount on private and corporate targets, OMOBAYO AZEEZ writes.
The perpetual war against cyber attacks is getting tougher by the day as new threats rear their ugly heads on daily basis, making life on the internet a sweet-sour experience for users in Nigeria, and the world over.
As more people and businesses migrate to the internet space to enjoy social interactions and broker business transactions, culprits, who exploit the magical power of the information superhighway for dubious reasons have equally scaled up to remain perpetually in the game.
In Nigeria for instance, the total number of telephone subscribers have surged in the last decade by 147.89 per cent from 74.51 million in 2019 to 184.7 million in December, 2010.
Similar traction has been recorded in internet subscriptions in the country. At the end of 2019, statistics from the Nigerian Communications Commission (NCC) put internet users in the country at 126 million.
At individual level, the more the subscriptions to telephony and internet, the higher the incidence of cyber attacks and e-fraud as the subscriber identification modules (SIMs) used by millions of telecoms users in the country are also linked directly to their bank accounts. It is a bottleneck to fintechs and financial inclusion.
The same fate befalls corporate organizations and government parastatals that now find the needs to host their data in the cloud. According to experts, the cloud has been a major motivation for hackers.
E-fraud, identity theft, cyber bully, data breach, cyber terrorism among others have become major concerns keeping players in the public and private sectors on their toes and giving them sleepless nights.
This is explicable given the rising profile of losses to cyber attacks on yearly basis. In 2018 for instance, Nigeria lost a whooping sum of $800 billion to internet related cases, according to the latest Africa Cyber Security Report – Nigeria.
The report, launched by Demadiur Systems Limited even indicated that the figure reflected an increase of 27 per cent in cyber attach trend in 2018, compared with $649 million lost to the scourge in the previous year, 2017.
In the same year, a report by Sidmach said that 60 per cent of Nigerian businesses experienced cyber attacks, while 54 per cent were hit by the menace globally. The global lost to the scourge in the year was estimated at $1 trillion.
Just last week also, the Chartered Institute of Forensic and Investigative Professionals of Nigeria (CIFIPN) disclosed that Nigeria had lost about N5.5 trillion to fraud and cybercrimes in the last 10 years. This is more than half the federal government’s N10.59 trillion budget for about 200 million people in the country for 2020.
Alarming projections
Experts have given expectations of cyber attacks and cyber security in Nigeria and none of the projections made so far has been heartwarming or shown any respite.
For instance, latest surveys by the Telemanagement Forum and Communications Fraud Control Association have alarmed that Nigeria telecom industry alone may lose N141.1 billion to frauds in 2019.
Industry experts say telecoms fraud is often perpetrated by insiders or hackers who use unlawful methods to obtain call or data services without paying. They are said to ride on the same cost, marketing, pricing, network design and operations of legitimate network operators.
TM Forum estimated that revenue leakage for Africa in 2018 was five per cent of the annual revenue of operators while the CFCA put revenue loss at 1.27 per cent of the total revenue of operators, according to report.
Kaspersky Lab, a leading global cyber security firm, warmed that starting from 2020, Nigeria alongside other countries in the Sub-Saharan Africa, is now attack target of a Russian hacking group.
Researchers at the multinational cyber security and anti-virus provider headquartered in Moscow, said they have discovered thousands of notifications of attacks on major banks in Sub-Saharan Africa.
The malware used in the attacks indicates the threat actor is most likely to be the notorious silence hacking group, infamous for the theft of millions of dollars from banks around the world, Kaspersky researchers warned.
Leading accounting and consulting firm, Grant Thornton, said in its ‘Cyber Trends in 2019 and Predictions for 2020’ report that cyber attack would continue to rise. It noted that with 5G and Internet of Things (IoT) devices arriving on the horizon, data speed will increase but the speed of cyber attacks would also rise.
“Cyber attacks are on the rise and will continue to rise. It’s not a matter of if but a matter of when. A framework-driven approach with continuous monitoring will help companies mature their cybersecurity posture and address incidents proactively,” said Akshay Garkel, , Cybersecurity & IT Risk Advisory, Grant Thornton India LLP.
The new landscape, pattern
According to Olumuyiwa Awosile, managing director of Tros Technologies Limited and a cyber security experts, many things have changed in the cyber security landscape as everyone, whether business or private is now a potential victim.
He emphasized the commercial underpinnings of cyber attacks as there are now people who develop malwares of varying functions and then sell to those who will use them to attack their victims.
Awosile also stressed that more than ever before, Micro, Small and Medium Enterprises (MSMEs) are becoming regular victims of hacking even more than big corporations and financial institutions who in most cases have resources and experts in place to fight back.
“What the hackers do nowadays is attack many small businesses business and hold their data to ransom until they pay varying amounts. The mindset of the hackers is that instead of trying, sometimes unsuccessful, to attack bigger companies, they have shifted their focus small businesses. By attacking many SMEs, they make big money at the end of the day,” he said.
Meanwhile, experts have predicted an increase in targeted cyber attacks that will affect individuals, Internet Service Providers (ISPs), Government Ministries, Department and Agencies (MDAs), Telecommunication Companies and Banks.
Specifically, they highlighted the attacks to watch out for in Nigeria from 2020 to include business email compromise (BEC), social engineering in form of phishing campaign, ransomware, supply chain attacks, insider threats, and attack on free public Wi-fi.
In addition, Attacks that will continue to originate from Nigeria cybercrime gangs with their international collaborators in 2020 and beyond will continue to be wire fraud vis-à-vis BEC, identity theft, romance scams, fraudulent-check scams, gold-buying scams, advance-fee scams and credit card scams.
Increase spending on prevention
Since the trend of cyber attacks has refused to abate, preventing it has become inevitable. Findings by experts have shown that corporate organizations only show interest to increasing spending on prevention of hacking and data breach after they might have tasted the bitter pill of being attacked.
To emphaise importance of taking preventive measure against cyber attacks, Tros Technology boss, Olumuyiwa said no amount is too much to prevent what is capable of taking everything away from a business.
The financial commitment to fighting back hackers should be focused on acquisition of relevant resources, training of personnel, hiring internal cyber security experts and outsource the monitoring of their networks to firms that offer cyber security firms such as Tros technologies which specializes in providing such services to SMEs in the country.
Already, available statistics shows that over 70 per cent of firms operating in Nigeria lack cyber security personnel even as they often mistaken their information technology ‘guy’ for cyber security experts.
Furthermore, Nigeria was reported by Demadiur Systems Limited to spend a sum of $270 million on cyber security in 2018. The reported amount was spent by banks, insurance companies, and government institutions in Nigeria to procure Antivirus, load balancer, network access controls, among others. More funds should be appropriately deployed.
Time for new cyber security policies
As government’s efforts championed by bodies such as the NCC, Nigeria Information Technology Development Agency (NITDA), Central Bank of Nigeria (CBN) among others, continue, experts have advocated new game-changing policies.
Cybersecurity professionals advised Nigerian leaders to take proactive steps in tackling cyber attacks in the country, while also urging national and corporate leaders to strategise and implement new policies to solve the challenges of cyber security.
At a Stakeholders Meeting on Nigeria’s Cyber security Challenges held in January this year Nigeria Computer Society in Lagos, Abdulhakeem Ajijola, commissioner for the global commission on the stability of cyberspace noted that changes and emerging technologies in cyberspace called for new strategies to address the attendant challenges.
“We need to harmonise our philosophy, ethics and policies to suit the present situation of the country. Most of the cybersecurity infrastructure we have today is owned by the private sector. There is a need for more collaboration between the private and the public sectors in terms of combating cyber attacks,” Ajijola said.
Last Line
Cyber attacks are a perpetual war with no tendency of being exterminated. However, stakeholders should always be on the move to block threats before they turn to actual attacks and create victims.