As Nigeria’s digital landscape is expanding, tech operators have highlighted various ways for individuals and organisations to stay ahead of potential cyber threats and protect their digital assets.
At BusinessDay’s annual Future of Payment and Fraud Conference 2023 on Thursday, themed ‘Stanching the Leaks: Digitalisation of payment and cybersecurity solution’, stakeholders said organisations should share cyberattack experiences effectively to mitigate risks. According to them, underreporting is a big challenge in tackling cyberattacks in Nigeria.
Ene Okon, cybersecurity analyst at Federal Inland Revenue Service, said that Nigeria needed to do more to find ways to curb cyberattacks.
He said penalties should be given to companies that do not comply with policies on cybersecurity.
“If you look at the developed and western countries, they penalise people who fail to participate in these policies if they do not register and they have a data breach. Once you have the data breach and they come for forensic investigation, you will be charged for not complying. You will be told to pay €20 million fine or four percent of your earnings for the whole year,” he said.
“Nigeria is still a baby in terms of cybersecurity. Looking at the current trend, the money we have lost in cyberattacks is up to $20 billion,” he said. “We have a lot to do in terms of cybersecurity. The industry needs to step up. Cybersecurity is dynamic, and people have to improve. It is a continuous process.”
The Centre for Strategic and International Studies estimated that $600 million is lost to cybercrime each year. The study puts global losses at about $445 billion.
In Africa, cybercrime cases recorded a massive rise in the first six months of 2022, with phishing and scams hitting 438 percent and 174 percent in Kenya and Nigeria, respectively.
Adedoyin Odunfa, managing director and CEO of Digital Jewels Limited, said organisations should share cyber-threat experiences to mitigate risks.
“Sharing cyberattacks experience is important in tackling payment fraud. Sharing experiences is necessary to enable other companies to stay aware and updated. It has to be done effectively to avoid the loss of reputable clients and investors,” she said.
Caleb Izedonmi, senior risk manager, West Africa SSA at Visa, said that his company collaborates with their partners and shares information to mitigate risks.
“We can highlight trends which will help provide mitigations to combat cyber-attacks. In this way, we enable them to prepare, detect and deflect risk. We focus on securing growth and mitigating risks,” he said.
According to Odunfa, if the processes are not straightforward and not streamlined, there will be issues with the payment systems which exposes them to breaches.
“In cybersecurity, there are three major breaches from the people’s point of view: ignorance, malice and mischief. We often underestimate the importance of ignorance. They are vulnerabilities in people,” she said.
She said that there are holes in using applications, and patches are released to lock identified vulnerabilities. “But patch management needs to be done more effectively in many companies today. People are lazy about patches.”
“Cybersecurity focuses more on protection and detection. We need to talk about cyber resilience. We have to realise that no matter how much you try, there will still be some breaches,” she said.
Odunfa said that artificial intelligence and movement to the cloud have a big role in mitigating cyberattacks. “AI has become big, but it needs to be trained to be on track.”