In the latest Check Point Research Threat Intelligence Report for Nigeria, which benchmarks the country’s cybersecurity status against a global median, the magnitude of cybercrime is revealed.
Worldwide, the number of attacks experienced per business each week is 870 on average – alarmingly, in Nigeria, this weekly figure is 2 308 across all industry sectors collectively. The more-granular per-industry analysis reveals this figure is higher still for businesses in the finance and banking sector.
Finance and banking under siege
Mobile banking is one of the fastest growing sectors in the country. In fact, between May 2019 and May 2020, mobile payments grew by an incredible 391%. Financial inclusion, largely enabled by smart mobile solutions, has done much to drive Nigeria’s economy. However, cybercriminals are taking notice of this increasing reliance on mobile devices, exploiting the rapidly expanding finance sector.
Of all Nigerian businesses across sectors from health to education, the most targeted is finance and banking. “Over the last six months, the number of attacks against these institutions in Nigeria was 3 682 per week, while globally, this figure is far lower at 774,” says Pankaj Bhula, Check Point Software Technology Regional Director for Africa. “To protect this booming industry, more must be done to drive awareness around cybersecurity.”
RELATED 2022 Predictions On Cybersecurity, 5G, Cloud And More – By Strand Consult
The report also revealed that, over the past six months, 62% of Nigeria’s businesses fell victim to Remote Code Execution (RCE) attacks, making this the top class of vulnerability exploits. A cybercriminal can gain remote control to a device and the private data stored on it in an RCE attack. Considering the most targeted sector is finance, which holds a wealth of sensitive user data, the rise of RCE attacks is concerning.
Social engineering and deepfakes: 2022’s challenges
Check Point Software Technologies forecast several alarming cyber-threat trends for 2022, including the weaponisation of deepfake technologies by cybercriminals to create fake news campaigns as part of elaborate phishing attacks, predominantly carried out over email. In fact, in Nigeria, email was recorded as the origin point for 60% of cyberattacks over the last month, according to the report. As it’s the prevailing vector for delivery of malicious files, awareness around social engineering attacks like these must be bolstered.
On the topic of deepfake technologies, Remi Afon, president of the Cyber Security Experts Association of Nigeria, reiterated that it’s a huge area of concern in 2022. While the technology can be leveraged by criminals to scam and dupe victims, a more insidious purpose is using deepfakes to create political instability and scandal. For Afon, this technology and the resulting spread of misinformation could have far-reaching ramifications for Nigeria’s 2023 General Election, to be held next February.
Protecting Nigeria’s businesses from attacks
In November, 20% of businesses in Nigeria were impacted by an info stealer called Floxif. This malware, which was also responsible for the bulk of malware attacks in Kenya, caused large-scale devastation to even large tech companies in 2017 when it infected over 2 million users.
While big businesses may seem like more lucrative targets, the increasing prevalence of Floxif attacks on companies of all sizes shows that cybercriminals do not discriminate. Smaller companies must remain as vigilant as large enterprises.
To do this, it’s crucial that budgets are earmarked for effective IT security infrastructure that will enable a proactive rather than reactive approach to cybercrime. Proactive businesses are more resilient, have backups, and can protect sensitive data in stronger or more innovative ways. These companies also run the latest updates of their security software, web browsers, and operating systems to ensure any new vulnerabilities are patched to protect against attacks.
Of course, people are a large part of the cybersecurity equation. As such, businesses must equip staff with information on best practices for staying safe online when working in the office or remotely. Such information would promote vigilance around phishing emails and encourage the use of password managers and trusted Wi-Fi networks, while highlighting the dangers of accessing unsecured websites.
With the right security solutions in place, and a focus on cybersecurity awareness kept top of mind, businesses can prevent cyberattacks to keep Nigeria’s economy on track.