It’s the year of the pandemic, and besides the ensuing economic effects, it appears companies around the globe are dealing with increased rates of cyberattacks. Unfortunately, African countries seem to be major targets.
As businesses embrace emerging technology solutions like Internet-of-Things (IoT), Artificial Intelligence, and cloud computing, their exposure to cyberattacks has increased.
In a recent survey (PDF), Sophos Group plc, a British security software and hardware company, revealed that 86% of Nigerian companies fell prey to cyberattacks within the past year. The second highest percentage recorded globally after India and much higher than in South Africa with 64%.
This survey made use of data from 65 Nigerian companies that host data on public cloud-based services like Azure, Oracle, AWS, Alibaba cloud, and others.
This means, about 56 out of 65 companies fell prey to various forms of cyberattacks such as malware, ransomware, and data leaks over the past year.
According to Sophos' report, Nigeria had the highest percentage of data leakages worldwide, and ranks in the top five for other forms of attacks: Ransomware, malware, cryptojacking.
Here is the percentage breakdown of cyberattacks on Nigerian companies according to Sophos' survey.
- Data leaks: 57% reported exposed data
- Malware - 5th: 47% reported malware attacks
- Ransomware - 5th: 34% of companies hit with ransomware
- Stolen account credentials - 2nd: 46% reported stolen credentials
- Cryptojacking - 2nd: 26% reported cryptojacking
It is important to note that fewer companies were surveyed in Nigeria compared to several others on the list like South Africa (157) or India (227)
How were companies attacked?
The surveyed companies got hacked through varying methods. For Nigeria, the major loophole was through a misconfiguration in the company’s server. About 64% of companies were attacked through this means, while 36% was through stolen credentials.
While this is not good news, this trend is hardly surprising. Other research bodies also tell similar stories.
A 2019 report by Serianu revealed that Africa lost $3.5 billion to cyberattacks. In that report, Nigeria was the hardest hit with losses of $649 million, followed by Kenya with $210 million, and Tanzania with $99 million.
Global consulting firm, Deloitte, asserts cyberattacks in Nigeria were fewer in 2019, but losses were much higher. A trend the global audit firm expects to continue in 2020.
Why is this happening?
Knowbe4, a security training solutions provider, asserts that the growth of digital services in Africa’s largely unregulated environment has made the continent an easy target for cyberattacks.
In our earlier piece, we revealed that hackers now have access to data from some major Nigerian universities, and from our findings, none of them seemed to care. This is despite the existence of the Nigerian Data Protection Regulation (NDPR), that’s meant to make organisations handle data more responsibly.
Cybersecurity has been a pesky puzzle amongst Nigerian companies, and it has largely been treated with secrecy. Most of them hardly report data breaches, and companies rarely share information with each other when they happen.
Deloitte asserts that in 2020, Nigerian companies will begin to collaborate more to tackle issues of fraud and cyber threats, and so far, a few efforts have been made.
A few months ago, Voyance, a Nigerian data science startup launched Sigma, a somewhat collaborative platform that could help fintech companies blacklist cybercriminals and share the information.
Another Nigerian Startup, Karma.ng also operates a similar method to help tackle fintech fraud.
On training employees and serious regulatory backing
However, in our discussion with a founder of a defunct fintech startup, such initiatives will also need the efforts of regulators to yield the desired results.
Small companies, as well as large organisations, still experience cyberattacks, and solutions might not be arrived at in individual bubbles.
Sophos' report reveals that European countries were the least attacked globally, a scenario the firm attributed to the continent's General Data Protection Regulation (GDPR).
Interesting strides have been made with Nigeria's NDPR, but it appears more efforts towards implementation is needed to make Nigeria more resilient to cyberattacks.
Also, as companies find ways to ensure that they are NDPR compliant, Microsoft recommends that employees are given sufficient training to make them the first line of defence against cyberattacks.
Considering the effects of the pandemic, and the growing digital adoption, this should be taken seriously by both businesses and regulators alike.
Featured Image Credit: Visual Content Flickr via Compfight cc