The federal government recently announced that it has developed cyber security toolkits for more than 41 million micro, small and medium-sized enterprises (MSMEs) in Nigeria to protect their online activities.
Retired National Security Advisor Major General Babagana Monguno (rtd) shared the information at the 9th session of the Cybercrime Advisory Council held recently in Abuja.
A pilot launch of the cybersecurity toolkits took place in February, with over 200 MSMEs participating.
The main launch of the toolkits was in collaboration with the United Kingdom Foreign, Commonwealth and Development Office (FCDO) with the aim of protecting MSMEs from cyber threats.
Cybersecurity has emerged as one of the most threatened components of national security, and countries are building cyber defenses and resistance to any attack.
Cyber criminals and hackers have expanded targeted attacks on national critical infrastructure, businesses and telecommunications facilities for either ransom or acts of terrorism.
For example, in July 2021, between 800 and 1,500 companies around the world were affected by a ransomware attack focused on US information technology company Kaseya.
The company provides software tools for IT outsourcing companies – companies that typically perform back-office tasks for companies that are too small or lacking in resources for their own IT departments.
The hackers who claimed responsibility for the breach demanded $70 million to recover the data of all affected companies.
In 2021 alone, malicious and targeted attempts to disrupt traffic to a specific server, service or network, known as distributed denial-of-service, have skyrocketed worldwide.
Experts attribute the exponential increase in cyberattacks to the adaptability and ability of hackers to use new attack patterns that can target telecom and internet service providers without being detected by signature-based methods.
In the past, countries have witnessed cyberattacks on oil pipeline companies, meat supply chains, schools and hospitals and have become a major concern for corporate and government data security.
However, experts say that cybersecurity threats have taken on a much more important dimension of national security in recent years and that governments and businesses should step up protection of their digital footprints.
Of the 206,000 mobile malware detected and blocked by a specific cybersecurity provider serving the Middle East, Turkey and Africa between January and June 2021, over 14,071 originated in Nigeria.
Also in the 2020 Global Cyber Security Index, which is a snapshot of cybersecurity measures taken by countries, Nigeria was ranked 47th out of 182 countries worldwide and fourth in Africa after Mauritius, Tanzania and Ghana.
In response to the cybersecurity threat challenge, the Nigerian government, through the Office of the National Security Advisor, announced plans to implement the National Cybersecurity Policy and Strategy (NCPS).
One of the aims of the NCPS is to develop a sector-based protection plan for critical national assets and infrastructure (CNAI) and for private companies.
NCPS also aims to provide information, strengthen cybersecurity governance and coordination, and build the capacity of relevant stakeholders in relation to their responsibilities across seven sectors.
These sectors are Telecom, Defense & Security, Education, Financial & Capital Markets, Energy, Professional Associations, Private Sector and Justice.
In fact, just like national security in general, cyber security threats are constantly evolving and getting more insidious as they no longer consist solely of hackers launching ransomware attacks.
In its Nigeria Cyber Security Outlook 2022, Deloitte reported that no organization, private or public, is immune from cyberattacks, especially with the help of insiders.
“The year 2021 has been exciting in cybersecurity both locally and internationally. Cyber breaches and attacks have been experienced in the public, private, financial and non-financial sectors of the economy.
“A significant trend was that no organization seemed immune to cyberattacks. Even financial institutions that had made significant investments in cybersecurity experienced high-profile attacks.
“It was noted that Nigeria would be in the spotlight and attackers would have more tools, skills and scope,” Deloitte said in its report.
It also said cyber attacks in the country would involve insider threats.
Citing a report by Threat Post and Krebs, Deloitte said cybersecurity threat actors have been promoting profit-sharing incentives for company employees willing to help them spread malicious software within their organizations.
“Specifically in Nigeria, these threat actors have sent out an open communiqué to employees willing to harm their organizations.
“We anticipate that would be a major problem. There could be a surge in cyberattacks when there is successful collaboration between external threat actors and malicious insiders/collaborators.
“It can also be difficult to detect such instances as the attackers use valid credentials/access to carry out their activities,” it said.
A new attack
Perhaps one of the most obvious manifestations of the threats to Nigeria’s cyberspace is the recent attack on one of its largest commercial websites.
In April, the management of sports betting platform Bet9ja announced that its website had been hacked by Russian Blackcat hackers.
The company also confirmed that the hackers ransomed a huge amount of money in digital currency.
Therefore, it is imperative for the public and private sectors to engage in an effective partnership to protect facilities and critical national infrastructure and assets.
This should include collaboration to exchange information, processes, technologies, innovations and ideas between private sector entities such as industry, non-profit organisations, think tanks, non-governmental organisations, academia, the financial sector and technology institutes.
MSMEs are particularly vulnerable to cyberattacks as they lack adequate preparation, resources and know-how to protect their digital activities.
It is therefore commendable that the government has developed and rolled out cybersecurity toolkits to more than 41 million MSMEs. However, access to resources and staff should be prioritized.
NITDA’s Cybersecurity Department, which is tasked with standardizing the establishment of cybersecurity structures in both the public and private sectors, should continue to educate itself and strengthen the capacity to defend Nigerian cyberspace.
Also, sub-national governments should be encouraged to adapt and adopt relevant provisions of the NCPS to mitigate cyber security threats.
#Robust #Cybersecurity #Nigeria