Cybersecurity

Nigerian companies record 2nd highest percentage of global cyberattacks

July 17, 2020 · 3 min read
No Image

It’s the year of the pandemic, and besides the ensuing economic effects, it appears companies around the globe are dealing with increased rates of cyberattacks. Unfortunately, African countries seem to be major targets.

As businesses embrace emerging technology solutions like Internet-of-Things (IoT), Artificial Intelligence, and cloud computing, their exposure to cyberattacks has increased.

In a recent survey (PDF), Sophos Group plc, a British security software and hardware company, revealed that 86% of Nigerian companies fell prey to cyberattacks within the past year. The second highest percentage recorded globally after India and much higher than in South Africa with 64%.

This survey made use of data from 65 Nigerian companies that host data on public cloud-based services like Azure, Oracle, AWS, Alibaba cloud, and others.

This means, about 56 out of 65 companies fell prey to various forms of cyberattacks such as malware, ransomware, and data leaks over the past year.

According to Sophos’ report, Nigeria had the highest percentage of data leakages worldwide, and ranks in the top five for other forms of attacks: Ransomware, malware, cryptojacking.

Here is the percentage breakdown of cyberattacks on Nigerian companies according to Sophos’ survey.

  • Data leaks: 57% reported exposed data
  • Malware – 5th: 47% reported malware attacks
  • Ransomware – 5th: 34% of companies hit with ransomware
  • Stolen account credentials – 2nd: 46% reported stolen credentials
  • Cryptojacking – 2nd: 26% reported cryptojacking

It is important to note that fewer companies were surveyed in Nigeria compared to several others on the list like South Africa (157) or India (227)

Countries surveyed in Sophos’ report; Source: Sophos

How were companies attacked?

The surveyed companies got hacked through varying methods. For Nigeria, the major loophole was through a misconfiguration in the company’s server. About 64% of companies were attacked through this means, while 36% was through stolen credentials.

cyberattacks
How companies across the globe were attacked. Source: Sophos Whitepaper

While this is not good news, this trend is hardly surprising. Other research bodies also tell similar stories.

A 2019 report by Serianu revealed that Africa lost $3.5 billion to cyberattacks. In that report, Nigeria was the hardest hit with losses of $649 million, followed by Kenya with $210 million, and Tanzania with $99 million.

Global consulting firm, Deloitte, asserts cyberattacks in Nigeria were fewer in 2019, but losses were much higher. A trend the global audit firm expects to continue in 2020.

Why is this happening?

cyberattack cybercriminal
Photo by Bermix Studio on Unsplash

Knowbe4, a security training solutions provider, asserts that the growth of digital services in Africa’s largely unregulated environment has made the continent an easy target for cyberattacks.

In our earlier piece, we revealed that hackers now have access to data from some major Nigerian universities, and from our findings, none of them seemed to care. This is despite the existence of the Nigerian Data Protection Regulation (NDPR), that’s meant to make organisations handle data more responsibly.

Cybersecurity has been a pesky puzzle amongst Nigerian companies, and it has largely been treated with secrecy. Most of them hardly report data breaches, and companies rarely share information with each other when they happen.

Deloitte asserts that in 2020, Nigerian companies will begin to collaborate more to tackle issues of fraud and cyber threats, and so far, a few efforts have been made.

A few months ago, Voyance, a Nigerian data science startup launched Sigma, a somewhat collaborative platform that could help fintech companies blacklist cybercriminals and share the information.

Another Nigerian Startup, Karma.ng also operates a similar method to help tackle fintech fraud.

On training employees and serious regulatory backing

Photo Credit: weiss_paarz_photos Flickr via Compfight cc

However, in our discussion with a founder of a defunct fintech startup, such initiatives will also need the efforts of regulators to yield the desired results.

Small companies, as well as large organisations, still experience cyberattacks, and solutions might not be arrived at in individual bubbles.

Sophos’ report reveals that European countries were the least attacked globally, a scenario the firm attributed to the continent’s General Data Protection Regulation (GDPR).

Interesting strides have been made with Nigeria’s NDPR, but it appears more efforts towards implementation is needed to make Nigeria more resilient to cyberattacks.

Also, as companies find ways to ensure that they are NDPR compliant, Microsoft recommends that employees are given sufficient training to make them the first line of defence against cyberattacks.

Considering the effects of the pandemic, and the growing digital adoption, this should be taken seriously by both businesses and regulators alike.

Featured Image Credit: Visual Content Flickr via Compfight cc

Emmanuel Paul

Emmanuel Paul

Author

Writer and Narrator.  Tech, business and policy analysis is my daily bread. Looking to chat? Catch up with me, @eruskkii, on Twitter or send a mail to emmanuel@techpoint.africa

Latest Stories

Loading...

Techpoint Logo Footer
location

43b, Emina Cres, Allen, Ikeja.


Techpoint instagramTechpoint twitterTechpoint facebookTechpoint youtubeTechpoint linkedin

© 2022 Techpremier Media Limited. All rights reserved