•Govt agencies, banks major victims of dark web

By Prince Osuagwu

Nigeria’s growing vulnerability to digital threats continued till the year 2024 wound down yesterday. 

In the first half of 2024, Nigeria saw 2,721 incidents, with the telecom sector, computer services sector, Data processing and hosting companies, and even local beauty salons having a fair dose of the attacks respectively.

At the time, experts attributed the rise in cyberattacks to digital transformation initiatives the country was carrying out such as adoption of digital technologies, including Artificial Intelligence, AI, machine learning, 5G communication technology, among others. 

Although government institutions like the National Information Technology Development Agency, NITDA, the Nigerian Communications Commission, NCC and the Ministry of Communications and Digital Economy, admitted that increased digitalisation has the potential of escalating cybersecurity risks and promised country-specific defenses to protect  foundational industries and institutions, such localised cybersecurity strategies apparently haven’t materialised. 

This is because the second-half review of cybersecurity landscape in Africa, by Positive Technologies, a result-driven cybersecurity analyst, still shows Nigeria at the top of vulnerability to digital threats.

The alarming aspect of the report is the revelation that there has been a rise in attacks on government sector and financial companies. The report said these attacks are often carried out by organised hacker groups aiming for financial gain and espionage, as well as by hacktivists. However, Nigeria is not alone in the vulnerability as South Africa and Algeria also had a fair share of the attacks.

According to Positive Technologies, more than half of the databases related to African countries are distributed for free on the dark web, while access to corporate networks can be bought for an average of $2,970.

Senior Analyst at Positive Technologies,  Anastasia Bezborodko said: “In Africa, government and financial institutions make up 29% and 22% of all successful attacks on organisations, respectively. The analysis of messages on the dark web forums confirmed that these sectors attract cybercriminals the most. They account for 19% and 13% of all the darknet listings.

One in 10 successful cyberattacks on organisations in the region targeted the industrial sector. The main goal of these attacks was to disrupt production processes and steal confidential information. Another 10% of attacks targeted telecommunications. Cybercriminals are drawn to the vast amounts of personal data and customer payment information.

Bezborodko added that: “Cybercriminals’ primary target of government institutions in Nigeria grew to 27%, Algeria 17% , Ethiopia 12% , and South Africa 12%, going by dark web data. 

This is as attacks on the financial sector also increased, rising from 18% to 22% of all successful attacks.

Nigeria appears to have a special attraction for cyber criminals and hackivists who are said to unleash their growing sophistication on critical sectors of the economy. Cyber security experts say attackers are increasingly using complex methods, as many as 23 different attack vectors in a single event in Nigeria. 

Bezborodko admitted that in recent years, digital technologies have been implemented across various sectors in Africa, opening up new opportunities for cybercriminals and that to increase the region’s cybersecurity and thwart future cybercrimes, there should be protective measures, such as developing and timely updating of cybersecurity strategies and identifying critical information infrastructure, the disruption of which could cause non-tolerable events at industry and national levels. 

She said that to ensure cyber resilience in 2025, countries like Nigeria and most targeted organisations should conduct risk analysis, put together a list of events that could cause irreparable damage, regularly update systems and applications, and continuously check the effectiveness and relevance of security mechanisms and tools in place. Organisations should also host educational events to teach employees basic security rules and allocate budgets for training cybersecurity specialists.

It was also her opinion that forging strong partnerships between the government and private sector as well as strengthening international collaboration, sharing knowledge, and exchanging experiences on current cyberthreats and protective measures, are also crucial.