Results from a research carried out by cyber security team of Deloitte Nigeria has revealed that organisations in the financial services industry (FSI) had the highest number of phishing websites and emails, followed by organisations in the telecommunications media and technology (TMT) industry in 2015.
Phishing refers to a fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit numbers, online. A phishing email will typically direct the user to visit a website, where they are asked to update personal information, such as password, credit card, or bank accounts that the legitimate organisation already has.
The survey titled ‘Social Engineering Survey for Nigerian Cyberspace: Examining the people side of security’ was released in November 2016 and made available to BusinessDay. The social engineering survey analysed the internet presence of over 200 Nigerian organisations that are quoted on the Nigerian Stock Exchange (NSE).
Speaking on the survey, Fatai Folarin, CEO, Deloitte West Africa said, “The objective of the survey was to assess the people side of security and carry out a passive review of information readily available on the internet to identify if the information was enough to compromise the target or plan malicious attacks on the target.”
Detailed findings from the survey showed that among the organisations exposed to phishing emails and websites, the FSI accounted for 83 percent, TMT 9 percent and online services 6 percent.
“Our analysis revealed that unintentional disclosure of user or customer information was the most prevalent social engineering exposure among the industries reviewed,” the authors of the survey wrote.
Companies suffered the most exposure from the people side of security often out of ignorance, the survey noted. It warned that once these exposures happen and are not checked immediately, an attacker can use the information exposed to perform malicious activities on the websites of these organisations.
Other potential security breach spots examined by the survey included administrative pages, social media pages, personal information etc. The consumer and industrial products (C&IP) sector accounted for 58 percent of the organisations reviewed with exposed administrative pages. The FSI followed with 30 percent.
For social media accounts of the selected organisations, the TMT and online services (retail) industry accounted for the least number of fake social media accounts. On the other hand, the FSI was the industry with the highest number of fake accounts with 46 percent.
“In an era of tight competitiveness and global information sharing, publicly available confidential and sensitive information can pose a serious threat to the profitability of an organisation. Attackers can use the knowledge acquired from the internet to plan attacks,” the authors wrote.
Attacks could result in loss of intellectual property, unauthorised access to confidential systems and servers; financial losses to customers or the organisation; regulatory compliance fines; and reputational damages.
The survey had some recommendations such as companies carrying out awareness programs which include information security tips via a channel that is convenient and most appropriate for employees. The key to a successful security awareness campaign is selecting the most medium of communication. Another recommendation is to create social media and internet policies that would stipulate how employees should behave on the internet and the kind of information about themselves and the organisation that can be released.
FRANK ELEANYA
Join BusinessDay whatsapp Channel, to stay up to date
Open In Whatsapp
