The Nigerian Communications Commission has issued at least six cyber-attack warnings since the beginning of 2022.
This is due to the rising incidence of cyber-attacks globally and locally. In a report, the Senior Manager, Cyber Risk Services, Deloitte, Ms Funmilola Odumuboni, disclosed that cyber-attack occurs every 39 seconds, and cybercrimes increased by nearly 300 per cent since the onset of the COVID-19 outbreak.
Different studies have proved that the pandemic led to increased digitisation and adoption of technology, leading to a surge in Internet usage albeit creating a feasting ground for cyberattacks.
According to the NCC, data consumption increased from 123,648TB in December 2019 to 205,880.4TB by December 2020. A study by Sophos revealed that 71 per cent of Nigerian organisations were hit by ransomware in 2021 while 44 per cent of those affected firms had to pay ransoms to get their data back.
A recent report by Check Point Research’s Threat Intelligence Report, disclosed that Nigerian businesses experience about 2,308 attacks across all industries sectors weekly.
It stated that over a six-month period, 62 per cent of Nigerian businesses fell victim to attacks that allowed cybercriminals to gain remote control of devices and the private data stored on them. It said emails were most prominent origin point for 60 per cent of cyberattacks over.
To address the rising cases of cybercrime, the NCC created an incidence response facility to address incidences of cybercrimes towards the end of 2021.
At the inauguration of the Centre for Computer Security Incident Response, the Executive Vice Chairman of NCC, Prof. Umar Danbatta, said that increasing growth in Internet usage, as a result of the pandemic had led to a surge in cyber incidents and criminal activities.
He said, “Thus, the commission recognises that with the borderless nature and pervasiveness of these incidences, relentless and concerted attention is required to protect Internet users as well as the Critical National Information Infrastructure and ensure they are resilient.
“The CSIRT’s services will commence with four main thrusts, namely: monitoring, incident management, communication, and alert and warning.
“The devices for handling these four areas will be scaled up and expanded as the centre’s operations grow in order to enhance the digital economy and ensure it yields great dividends to Nigerian citizens.”
Identified cyber threats have ranged from those targeted at harvesting sensitive information from mobile devices to those that can hack and steal vehicles.
In its recent advisory, the NCC-CSIRT, issued a warning to organisations and employees after Yanluowang threat actors gained access to Cisco’s network using an employee’s stolen credential.
It advised organisations’ employees to use strong, unique passwords for every account and to enable multi-factor authentication as it helps to prevent ransomware attacks.
It said, “The first step to preventing ransomware attacks is to ensure that employees are using strong, unique passwords for every account and enabling multi-factor authentication (2FA) wherever it’s supported.”
“User education is critical in thwarting this type of attacks or any similar attacks, including ensuring that employees are aware of the legitimate channels through which support personnel will contact users, so that employees can identify fraudulent attempts to obtain sensitive information. Organisations should ensure regular systems backup.”
According to the NCC, Nigeria loses about $500m yearly to cybercrime.
Deloitte’s ‘Nigeria Cybersecurity Outlook 2022 (January 2022)’, said Nigeria was ranked 16th on its countries mostly affected by Internet crime in 2020 by the Federal Bureau of Investigation.
It said, “It is no longer news that cybercrime is increasing in Nigeria, even though some of these crimes go unreported. Nigeria was ranked 16th among the countries most affected by Internet crime in the world in 2020, according to the FBI in its 2020 Internet crime report.
“These crimes come with associated costs to organisations. In 2021, the Special Fraud Unit of the Nigerian Police Force arrested a man for allegedly hacking into the server of a Nigerian bank to steal N1.87bn.”
Experts in the cybersecurity space believe that while cybercrime is growing more sophisticated efforts to curtail it are almost non-existent in the nation.
Commenting on the increasing cyberattack advisory by NCC, ICT expert and Senior Partner of e86 Limited, Olugbenga Odeyemi, said, “We’re witnessing more cyber-attacks and this is related to the growth we’re seeing in the area of technology.
“More businesses are coming online, operating remotely, and setting up technology infrastructures that were not desired a few years ago. It is that growth that is leading to more attacks and the sophistication of such attacks.”
Adding suggestions on the role of individuals, he stated, “Individuals should continue to educate themselves about cyber security.
“The attacks vary and are constantly changing, becoming more sophisticated. Be careful about the information you share online and be careful of the links you click on. If information is too good to be true, verify it by checking if the same information is available on popular news sites on the internet.
“CBN will not call you, your bank will not call you unless they want to invite you to the bank. The more an individual is informed, the more the person is capable of avoiding falling prey.”