• Friday, June 21, 2024
businessday logo

BusinessDay

ANALYSIS: Nigeria caught in wave of global cyberattacks

At the ongoing World Economic Summit meeting in Davos, business leaders expressed concern that geopolitical instability is exacerbating the risk of catastrophic cyberattacks.

In Nigeria, a complex brew of incompetent regulators, complicit bank officials, talent exodus and poor security practices leave individuals and businesses vulnerable to cyberattacks.

According to the Global Cybersecurity Outlook 2023 report, which was launched on Wednesday at the World Economic Forum (WEF) Annual Meeting 2023 in Davos, over 93 percent of cybersecurity experts and 86 percent of business leaders surveyed believe “a far-reaching, catastrophic cyber event is likely in the next two years” and there is a critical skills gap that is threatening societies and key infrastructure.

The report highlights the need to address the shortage of talent and skilled experts. Some 34 percent of cybersecurity experts said they lacked some skills in their team, with 14 percent saying they lacked critical skills.

This situation mirrors the challenge in Nigeria. Thousands of tech workers in banks have fled the country amidst rising spate of crime and criminality, cost of living crisis and government’s glaring incompetence at managing the economy.

So bank customers routinely wake up to fraudulent transactions on their accounts with their banks unable to provide an explanation. Oftentimes, the banks waive accountability by shifting the blame to their customers.

Chiamaka Agim recently posted on social media a harrowing account of how N4 million was transferred from her account without her authorisation. Her bank directed her to prove she didn’t make the transfer and obtained a court order to retrieve the balance of N850,000 they could salvage.

Yet Nigerians have been compelled to do all manner of biometric registrations and bank customers have a unique Bank Verification Number. Banks carry out KYC obligations on their customers, yet at the first hint of fraudulent transaction, they appear helpless. A message to the fraud unit at one of the banks over a suspicious transaction returns a computer generated response that it would be looked at after 12 hours – 11 and half hours more needed by a fraudster to empty a victim’s account.

Bank employees collude with fraudsters providing critical details needed to complete a transaction without the knowledge of the customer and when fraud occurs, bank management pretend this is not a possibility. Last year, a Lagos High Court remanded Unyime Akinmade to prison over alleged N16 million fraud.

The Central Bank of Nigeria (CBN), which regulates the sector offers little succour, because until days ago, its head was more or less a fugitive from justice. While pushing to deepen financial inclusion and force unbanked customers into the system, it is doing nothing to shield them against excessive bank charges or protect them against cyber fraud.

A victim has to devote hours and days to proving he didn’t steal from himself, writing to the CBN and the consumer protection agency, and the perpetrator, even with the full record of the transactions and his personal information available to the regulators, is often not disturbed. The structures set up at protecting privacy now seem to enable fraud.

A recent report by Kaspersky, a global cybersecurity and digital privacy company, said the number of Remote Desktop Protocol attacks surged by 89 percent to 303,500 attacks in the first four months of 2022 as against 161,000 in the same period of last year

“With the shift to remote working and the introduction of numerous advanced technologies in the daily operations of even small companies, security measures need to evolve to support these sophisticated setups,” Denis Parinov, security researcher at Kaspersky, said

Parinov said cybercriminals are already way ahead of the curve, so much so that virtually every organisation will experience a breach attempt at some point.

“For small companies today, it’s not a matter of whether a cybersecurity incident will happen but when. Having trained staff and an educated IT-specialist is no longer a luxury but a must-have part of your business development.”

Segun Opeke, executive director of Lagos business at Polaris Bank, in a speech at the 54th quarterly meeting of the Association of Chief Audit Executives of Banks in Nigeria in Lagos, last month, where he represented his principal, said cyber risks represent a major threat affecting the banking industry today.

The pervasive adoption of technology has led to an increase in the sophistication and frequency of cyber incidents with cyber threats everywhere and always changing, making it appear, in many instances, almost impossible to prepare for all threats or to keep up to date with best practices in cybersecurity, he said.

“Cybersecurity risk is the real pandemic of modern times. It is ever present, increasing like a virus, and we cannot inoculate ourselves against it. The fact is that the increasing connectivity results in greater security risks and hackings are becoming more frequent from a greater variety of actors,” he said.

Read also: Small businesses fret as cyberattacks surge 89% in 4months

Many individuals and business owners are often ignorant of these risks. Some are careless with their cards and banking information, some small businesses fail to invest in basic cybersecurity infrastructure including having anti-virus protection for their computers. Staff members visit compromised sites and introduce malware into their networks.

The Global Cybersecurity Outlook 2023 report says expanding the cybersecurity talent pool is needed to solve this problem. Several successful cybersecurity skills programmes are under way around the world, but many have difficulty scaling to large numbers. Greater cross-industry collaboration and public-private is needed to overcome this, the report said.

The report, written in collaboration with Accenture, says that awareness and preparation will help organisations balance the value of new technology against the cyber risk that comes with it.

Geopolitics is reshaping the legal, regulatory and technological environment. “As global instability increases cyber risk, this report calls for a renewed focus on cooperation. All stakeholders from public and private sectors who are responsible for our common digital infrastructure must work together to build security, resilience and trust,” Jeremy Jurgens, managing director of WEF, said.

Cybersecurity is also influencing strategic business decisions, with 50 percent of participants in the Cybersecurity Outlook 2023 research saying that cybersecurity was a consideration when they evaluated which countries in which to invest and do business.