…Businesses lose $1trn to Cyber crimes in 2018
…92.4% of attacks comes via email, says Sidmach
By Prince Osuagwu (Hi-Tech Editor)
Cybercrime has become the worst threat to every company in the world. It is estimated that about 54 per cent of companies globally, experience at least one cyber attack every year.
In Nigeria, it is even a menace that appears to have defied any solution. This is despite the array of solution providers in the market. Both large and small organisations in the country fall victim to cyber attacks on daily basis, losing valuable data, information and even money in the process.
Late January last year, the National Information Technology Development Agency, NITDA raised alarm over impending cyber attacks on many Nigerian companies.
The agency warned all Ministries, Departments and Agencies, MDAs and other government establishments as well as the private sector, to be wary of potential attacks in 2018.
The agency’s warning was based on the intelligence of its Computer Emergency Readiness and Response Team, CERRT, which it deployed in conjunction with other industry stakeholders, in their efforts at ensuring a safe and secure cyberspace.
The solution was said to have intercepted some signals of potential cyber-attacks targeting banking, health, power and transportation systems, as well as other critical national infrastructure.
Despite all that warning and the measures NITDA proffered to forestall the attacks, it is reported that in 2018 alone, about 60 per cent of Nigerian firms suffered cyber-attacks. Meanwhile, 43 per cent of these are small and medium enterprises, SMEs which form the backbone of the economy.
What this means is that Nigeria bore a greater percentage of the over $1 trillion loss to cyber attacks in 2018.
The shocking revelation, however, is that it could get worse this year if stricter security measures are not adopted. Unfortunately, only about 38 per cent of global organisations claim to have the right infrastructure to handle the kind of sophisticated cyber-attack anticipated to spring up this year.
This leaves many companies seriously vulnerable to attacks with dire consequences which even individual citizens will join the companies to share.
Attack mitigating security measures
Issuing the warning last year, Director-General of NITDA, Dr Isa Ali Ibrahim Pantami, said his agency has worked tirelessly to discover some of the measures which could forestall such potential attack and is pleased to release them to the public.
Pantami said the precautionary measures, which are still relevant till today, include ensuring that all data are encrypted, particularly ones containing sensitive information like personal details.
Others are to ensure that networks are fully secure through the use of wired network thereby protecting them from possible hackers who may easily capitalise on Wi-Fi security lapses to remotely break into computer systems.
He also advised that where Wi-Fi network is used, people should ensure that an up to date encryption standard is in use and turn off the service set identifier, SSID, broadcasting function on the wireless router if it is not needed
Also at a one-day Sidmach/ Sophos lunch and learn event in Lagos recently, Country Manager of Sophos (Nigeria), Mr. Jimi Falaiye said businesses are often concerned about security of data, when unfortunately, 95 per cent of security breaches are due to human error.
“Cyber-criminals and hackers will infiltrate your company through your weakest link, which is almost never in the IT department,” he added.
Meanwhile, he revealed that 92.4 per cent of malware is delivered via email, with ransomware that affects Small and Medium Businesses, SMBs.
Market Intelligence and Research Analyst at Sidmach Technologies Nigeria Limited, Mr Nathanael Odofin, also noted that about 22 per cent of organisations are winding up operations due to ransomware
He said: “Reports reveal that 81 per cent of businesses have experienced ransomware; 66 per cent have suffered a data breach; 35 per cent were victims of ransomware
“Meanwhile, anti-virus is not enough because most of them are reactive in nature.
Antivirus protects systems from classic dangers like known viruses, Trojans, and worms but it cannot protect without a signature database for detection.
“A study has found that a typical antivirus will only stop 30-50 per cent of new malware when it first appears. Unless the antivirus software has seen a particular threat in the past, it won’t necessarily protect your computer.
He reminded businesses in Nigeria that over half of all cyber breaches in 2017 included the use of malware which activities include: stealing credit card details; revealing passwords and spreading spam.
He advised Nigerian organisations to deploy software security solutions, which Sophos has developed to “keep a very close eye on what is happening inside your system, blocking both known and unknown malware threats. It also safeguards you against any potentially harmful programs.”
The Lunch and Learn event was aimed at assisting IT experts in different organisations to understand cost-effective security dynamics, and tools that mitigate latest threats while receiving insights to have complete visibility and control of their IT infrastructure.
Conscious security tips
Other tips that could help Nigerian companies be security conscious include:
*Ensure that free Wi-Fi connections as well as other wireless connections such as Bluetooth or infrared ports are not used unless where necessary;
*Ensure that operating systems and other software applications are regularly updated with the latest patches;
*Install anti-malware protection on all IT systems as this will help in protecting your organisation’s network from potential attacks through virus-laden software and email attachments.
* Put appropriate guidelines in place for connecting personal devices into the organisation’s network;
*Use credential vaults and multi-factor authentication instead of user passwords;
*Regularly back up organisation’s data and critical files.
*Carry out organisation-wide enlightenment campaign and awareness on measures to deal with cyber security threats as well as the procedures to always follow when using workstations.