*Non-compliance to GDPR, major factor
By Juliet Umeh
Data management is becoming a big issue across the world and Nigeria is not exempted. Being one of the most populous African countries with over 200 million people, the country is generating a lot of data hence the need for proper management.
Organizations across the world have embraced cloud solutions at a phenomenal pace because the world is currently in the cloud revolution. And as the adoption of such solutions gains grounds, issues and problems have become unavoidable.
Unfortunately, some organizations, especially in the developing world like Nigeria, get too carried away by the economic advantages of the public cloud that most of them put the critical issue of data security on the back burner.
And, on several occasions, this has given room to cybercriminals to attack them.
For instance, a report from a global Cybersecurity Company, Sophos recently, revealed that more than eight in 10 Nigerian companies suffered public cloud security attack in the last one year.
The survey which was on ‘The State of Cloud Security 2020’ said eight in 10 represented 86 percent of organizations in the country. It stated the attacks include: ransomware, 34 percent; other malware, 43 percent; exposed data, 57; compromised accounts, 46 percent, and cryptojacking, 26 percent.
According to the report, organizations running multi-cloud environments globally are 50 percent more likely to suffer a cloud security incident than those running a single cloud.
It noted that Europeans suffered the lowest percentage of security incidents in the cloud, an indication that compliance with General Data Protection Regulation, GDPR, guidelines are helping to protect organizations from being compromised.
It also said India, on the other hand, fared the worst, with 93 percent of organizations being hit by an attack in the last year.
How attackers manipulate Nigerian companies
According to Sophos, the unintentional open door has been a major concern for organizations in Nigeria.
It said: “Accidental exposure has continued to plague organizations, with misconfigurations exploited in 64 percent of reported attacks in Nigeria. Misconfigurations drive the majority of incidents and are all too common given cloud management complexities. Despite this, only around a quarter of organizations, 25 percent from the country say a lack of staff expertise is a top area of concern.”
Data from Sophos Cloud Optix, a cloud security posture management tool, also revealed that globally 91 percent of accounts have over-privileged identity and access management roles and 98 percent have multi-factor authentication disabled on their cloud provider accounts.
However, further reports revealed that nearly all respondents, about 97 percent from Nigeria admitted to concern about their current level of cloud security.
It noted: “that it is an encouraging sign that its top of mind and important. Appropriately, “Identifying and responding to security incidents” tops the list of security concerns for nearly half of respondents, about 45 percent, followed by “managing access to cloud accounts” and “data leaks”, 32 percent and 32 percent respectively.
“Interestingly only 54 per cent of respondents from the country say they have full awareness of their cloud assets and 22 per cent say they are aware of only a minority,” the report revealed.
Principal research scientist at Sophos, Chester Wisniewski, said: “Ransomware, not surprisingly, is one of the most widely reported cybercrimes in the public cloud. The most successful ransomware attacks include data in the public cloud and attackers are shifting their methods to target cloud environments that cripple necessary infrastructure and increase the likelihood of payment.
“The recent increase in remote working provides extra motivation to disable cloud the infrastructure that is being relied on more than ever, so it’s worrisome that many organizations still don’t understand their responsibility in securing cloud data and workloads. Cloud security is a shared responsibility, and organizations.
To ensure that individuals’ data are not used for purposes they ought not to, data experts like Hitachi Vantara have continually canvassed proper data governance.
Also on its own part, European Union, EU, on May 28, 2018, set up General Data Protection Regulation, GDPR.
The regulation covers countries under it and those doing businesses with European countries. The regulation means that whoever is doing business with EU citizens must comply or else face the penalty in case of a breach.