The Great Lockdown which pushed a lot of interactions and work into virtual mode also brought with it the negative consequences of virtual lifestyles especially the rise in cyber related attacks on individuals and organizations across the world. A new report notes that companies around the globe are dealing with increased rates of cyberattacks and that African countries seem to be the major targets. This finding is in tandem with claims by Knowbe4, a security training solutions provider adds that the growth of digital services in Africa’s largely unregulated environment has made the continent an easy target for cyberattacks. The Report, from Sophos Group Plc, a British security software and hardware company, revealed that 86% of Nigerian companies fell prey to cyberattacks within the past year with Nigeria recording the highest percentage of such attacks after India and much higher than in South Africa with 64%.
The survey which made use of data from 65 Nigerian companies that host data on public cloud-based services like Azure, Oracle, AWS, Alibaba cloud, and others show that about 56 out of 65 companies fell prey to various forms of cyberattacks such as malware, ransomware, and data leaks over the past year. According to Sophos’ report, Nigeria had the highest percentage of data leakages worldwide, and ranks in the top five for other forms of attacks: Ransomware, malware, cryptojacking. Sophos’ survey which surveyed fewer companies in Nigeria as against South Africa and India found out that about 57% of Nigerian companies experienced data leaks through exposed data while 47% reported malware attacks and 34% of companies were hit with ransomware. Also, about 46% experienced stolen account credentials and 26% reported cryptojacking.
The surveyed companies according to the Report, got hacked through varying methods. For Nigeria, the major loophole was through a misconfiguration in the company’s server. About 64% of companies were attacked through this means, while 36% was through stolen credentials. This tallies with a 2019 report by Serianu revealed that Africa lost $3.5 billion to cyberattacks. In that report, Nigeria was the hardest hit with losses of $649 million, followed by Kenya with $210 million, and Tanzania with $99 million.
Also global consulting firm, Deloitte, asserts cyberattacks in Nigeria were fewer in 2019, but losses were much higher. A trend the global audit firm expects to continue in 2020. There are also similar reports that hackers now have access to data from some major Nigerian universities, and from our findings, none of them seemed to care. This is despite the existence of the Nigerian Data Protection Regulation (NDPR), that’s meant to make organisations handle data more responsibly.
Cybersecurity has been a pesky puzzle amongst Nigerian companies, and it has largely been treated with secrecy. Most of them hardly report data breaches, and companies rarely share information with each other when they happen. Deloitte highlights the need for Nigerian companies to begin to collaborate more to tackle issues of fraud and cyber threats in 2020, but so far, a few efforts have been made. A few months ago, Voyance, a Nigerian data science startup launched Sigma, a somewhat collaborative platform that could help fintech companies blacklist cybercriminals and share the information.
Sophos’ report reveals that European countries were the least attacked globally, a scenario the firm attributed to the continent’s General Data Protection Regulation (GDPR). Interesting strides have been made with Nigeria’s NDPR, but it appears more efforts towards implementation is needed to make Nigeria more resilient to cyberattacks. Also, as companies find ways to ensure that they are NDPR compliant, Microsoft recommends that employees are given sufficient training to make them the first line of defence against cyberattacks. Considering the effects of the pandemic, and the growing digital adoption, this should be taken seriously by both businesses and regulators alike.