• Friday, March 29, 2024
businessday logo

BusinessDay

Nigerian businesses suffer 2308 cyber attacks every week

How cyber-cops are taking the fight to online fraudsters

The recent Check Point Research Threat Intelligence Report for Nigeria reveals that the number of attacks experienced per business each week is 2,308 across all industry sectors collectively. The per-industry analysis reveals this figure is higher still for businesses in the finance and banking sector.

Mobile banking is one of the fastest-growing sectors in the country. Between May 2019 and May 2020, mobile payments grew by 391 percent, and financial inclusion, largely enabled by smart mobile solutions, has done much to drive Nigeria’s economy.

However, cybercriminals are taking notice of this increasing reliance on mobile devices, exploiting the rapidly expanding financial sector. Of all Nigerian businesses across sectors from health to education, the most targeted is finance and banking.

“Over the last six months, the number of attacks against these institutions in Nigeria was 3,682 per week, while globally, this figure is far lower at 774. To protect this booming industry more must be done to drive awareness around cybersecurity,” Pankaj Bhula, Check Point Software Technology Regional Director for Africa, said.

The report also revealed that, over the past six months, 62 percent of Nigeria’s businesses fell victim to Remote Code Execution (RCE) attacks, making this the top class of vulnerability exploits. A cybercriminal can gain remote control of a device and the private data stored on it in an RCE attack. Considering the most targeted sector is finance, which holds a wealth of sensitive user data, the rise of RCE attacks is concerning.

On social engineering and deepfakes in 2022, Check Point Software Technologies forecast several alarming cyber-threat trends for 2022, including the weaponisation of deepfake technologies by cybercriminals to create fake news campaigns as part of elaborate phishing attacks, predominantly carried out over email.

According to the report, email was recorded as the origin point for 60 percent of cyberattacks over the last month in Nigeria. As it is the prevailing vector for the delivery of malicious files, awareness around social engineering attacks like these must be bolstered.

On the topic of deepfake technologies, Remi Afon, president of the Cyber Security Experts Association of Nigeria, said that it’s a huge area of concern in 2022. While the technology can be leveraged by criminals to scam and dupe victims, a more insidious purpose is using deepfakes to create political instability and scandal.

Read also: Experts Urge Security Compliance against Cyber threats

For Afon, this technology and the resulting spread of misinformation could have far-reaching ramifications for Nigeria’s 2023 General Election, to be held next February.

Protecting Nigeria’s businesses from attacks

In November, 20 percent of businesses in Nigeria were impacted by an info stealer called Floxif. This malware, which was also responsible for the bulk of malware attacks in Kenya, caused large-scale devastation to even large tech companies in 2017 when it infected over 2 million users.

While big businesses may seem like more lucrative targets, the increasing prevalence of Floxif attacks on companies of all sizes shows that cybercriminals do not discriminate. Smaller companies must remain as vigilant as large enterprises.

The report highlighted what to do to protect Nigeria’s businesses from attacks including the importance of budgets earmarked for effective information technology (IT) security infrastructure that will enable a proactive rather than reactive approach to cybercrime.

Proactive businesses are more resilient, have backups, and can protect sensitive data in stronger or more innovative ways. These companies also run the latest updates of their security software, web browsers, and operating systems to ensure any new vulnerabilities are patched to protect against attacks.

Also, since people are a large part of the cybersecurity equation, businesses must equip staff with information on best practices for staying safe online when working in the office or remotely. Such information would promote vigilance around phishing emails and encourage the use of password managers and trusted Wi-Fi networks while highlighting the dangers of accessing unsecured websites.

With the right security solutions in place, and a focus on cybersecurity awareness kept top of mind, businesses can prevent cyberattacks to keep Nigeria’s economy on track.