By Prince Osuagwu (Hi-Tech Editor) & Juliet Umeh
There is a growing concern over the rising trend of electronic fraud across key sectors of the Nigerian economy. The menace which follows wide acceptance of new methods of mobile money and electronic banking and payment systems has been discovered to cost the country a whopping N197.9 billion annually.
The troubling development finds a fertile ground in more than 90 per cent Nigerian organisations found to be operating below the poverty line, which significantly exposes them to cyber security risks.
This affects almost all the key sectors, putting the whole economy at the risk of collapse if nothing is done fast to checkmate the tide.
Sectoral cyber attacks:Banking
Hacking has become a real menace for banks as they have become targets both internally and externally, experiencing losses in billions of naira.
Recently, Nigerian banks were among the ones targeted by the North Korean hacker, Lazarus. The Central Bank of Nigeria, CBN, rates e-fraud as the biggest risk in the sector which has widely incorporated electronic payment solutions such as Automated Teller Machines, ATMs, NIBBS Instant Payment, NIP, and mobile banking.
Customers are experiencing losses and inconveniences, after their banks become targets of cyber frauds. Some innovations and banking applications, particularly, those that have single interface that can be used across multiple banks, are said to be part of the solutions heightening e-fraud in the sector.
However, the banking sector has been advised to invest more on intelligence gathering and information sharing if there is any hope of mitigating cyber frauds that come with digital banking and payment solutions.
The telecommunications sector is not also spared in the raging storm stoked by cyber fraudsters across the country. Cyber experts say that attackers are now targeting telecommunications companies with the intent to disrupt service delivery and infiltrate their data bank.
There are reports that SIM swaps and Unstructured Supplementary Service Data, USSD e-payment frauds, are currently some of the serious cyber threats in the telecom industry.
Fraudsters conduct SIM swaps of targeted individuals and then, conduct USSD-based transactions which cost victims huge losses.
Although the Nigerian Communications Commission, NCC, says it is collaborating with the Central Bank of Nigeria on building frameworks that will enable financial organisations to detect and possibly prevent these kinds of frauds, there are strong indications that the telecom sector still habours potential vulnerability that hackers are exploiting.
Another sector that hosts cyber fraudsters is the education sector. Fraudsters are seen compromising and defacing websites used for various key processes by academic institutions.
For instance, the JAMB website was recently reported to have been compromised by a number of hackers from different states who had tampered with the registration of the Unified Tertiary Matriculation Examination, UTME.
This growing menace has restrained some academic institutions that use their websites for grading, examination administration and registration from having total reliance on e-tools.
Meanwhile, the education sector has been advised to ensure adequate website security and as well put measures in place to detect and respond to such incidences.
Mobile services, particularly mobile money is growing across Africa and becoming one of the new technologies widely accepted for financial services. This acceptability has seen it deployed into other sectors including the hospitality, banking, transportation, telecommunications, e-commerce, government and other sectors.
This positive development poses its own dangers as fraudsters have discovered a safe haven in compromising the platform. Hackers are now, exploiting the weak security controls around the mobile money platform to steal millions of dollars from hapless victims.
Cyber Security Report
A 2017 Cyber Security Report released last week, has also raised serious alarms at the level of vulnerability among many organizations and government agencies across the country. The report also gave a damning verdict of the country’s future if measures are not put in place to arrest the current trend, even as it broke down the country’s losses annually, to cyber attacks.
The report put together by some ICT industry stakeholders was supported by the Nigerian Communications Commission, NCC, Central Bank of Nigeria, CBN, security agencies and various telecom organisations and associations.
The report revealed that: “Over 90 per cent of people affected by cyber bullying ranged from the common citizen to media personalities and even government officials, while over 81 per cent of cyber security incidents either goes unreported or unsolved.”
As a result of these factors, Nigeria loses $649m annually to cyber attacks even with a worrisome record of having the lowest number of cyber security experts, according to the report.
Key findings of the 2017 Cyber Security Report are that the cost of cyber crime in Nigeria in 2017 was $649 million, (approximately N197.9 billion) with the banking sector still the most targeted industry in the country.
A breakdown of the cost shows that Insider Threats is $194 million, representing 30 per cent; attacks on computer are valued at $130million, representing 20 per cent; social engineering and identity theft costs Nigeria $97 million, representing 15 per cent, while email spam and phishing frauds are put at $78 million, representing 12 per cent.
Others are data exfiltration – $65 million, representing 10 per cent; online fraud scam – $52 million, representing 8 per cent and Ramsomeware – $33 million, representing 5 per cent.
The report also finds that Fake News, Insider Threat, Ransomware, Cyber Pyramid Schemes and Phishing are the top trends and issues in the cyber security ecosystem.
The objective of the 2017 Cyber Security Report is to provide a view of the ever-changing cyber security threat landscape and enable organisations to make informed risk management decisions.
Presenting the report, Chairman of Demadiur Systems, Mr. Ikechukwu Nnamani, said that Nigeria’s lowest ranking among countries with cyber security expertise, was a combination of two things: “Lack of knowledge: Except reports like this come out, people will not know because if you don’t have data, you won’t be able to know where you stand and what to do.
“Secondly, there is no clear cut program to train people and get them certified to secure the system. Before now, programmes on cyber security have never been a priority to the country. However, people are now beginning to push that Nigeria must raise the level of cyber security awareness.”
Nnamani said that the reason people and organisations conceal cyber attacks could be to protect their reputation, knowing how people will feel on discovering how unsecured they are.
He, however, added that “some of the companies don’t even know till after the attack; they don’t want to feel embarrassed when people know such a thing happened to them. Also, if it is an insider source, they would want to keep it in-house, which is unfortunate. But I think such organisations can open up to us strictly on confidentiality condition,” he advised.
CBN in control
Considering that all these attacks have to do with financial transactions, one begins to wonder how well the CBN is carrying out its mandate of providing a credible, reliable and efficient payment system in the country, as enshrined in the CBN Act, 2007.
However, an official of CBN’s Banking and Payment Systems Department, Mr Taiwo Oladimeji, shares with Hi-Tech some of the measures the apex bank has put in place to clean the system and ensure financial transactions in the country are done with peace of mind.
Oladimeji listed them to include the introduction of Chip and PIN technology in 2009, which has a far more secure interface than the magnetic stripe technology used prior to the time, with its attendant easy identity and authorisation manipulation.
He also said that in addition to the Chip and PIN tech, CBN in 2016 also introduced Second Factor authentication for internet banking processes, mandating all banks to comply immediately. Second Factor authentication means allowing internet bank customers to have alternative key measures apart from passwords, which can also authenticate them.
The third strategy Oladimeji listed was the Non-EME environment which means environments in customer’s debit cards that could also allow them use the magnetic stripe technology wherever it is accepted.
He contended that “besides all these, the CBN also established the Nigeria Electronic Fraud Forum, NeFF, to combat fraudulent activities in the banking industry, particularly those associated with increased use of electronic payment systems.
“The Forum set up effective mechanisms for receiving and responding promptly to fraud alerts, to help manage and reduce electronic payments fraud in the country’s banking industry. It also mandated banks and payment service providers to put in place a 24/ 7 industry fraud desk with dedicated telephone lines for faster resolution of customers’ complaints.
“We also put in place BVN. It is an initiative that has become successful and popular in Nigeria and it spells out a number of infractions and penalties for different categories of infractions, even as we have been training more enforcement agencies as well as coordinating awareness campaign in the industry,” he added.