According to recent findings, businesses with less than 200 employees lose an average of $2.5 million each due to cyber threats and Nigerian SMEs are currently highly subjected to cyber-attack. This necessitates an understanding of the most serious cyber security threats facing businesses in Nigeria, as well as strategies for mitigating them.
Most Nigerian businesses have less severe technical defenses, are less aware of risks, and have fewer time and resources to dedicate to cybersecurity. Certain industries, such as banking and the financial organizations, are frequently targeted by cyber attackers, necessitating high security standards. Cybercriminals frequently target small businesses in Nigeria because they are always unprepared for the threat even when they are aware of their vulnerabilities.
Less than a quarter of Nigerian businesses have a dedicated IT security staff member or provider, and despite facing as many threats as the larger companies, do not have the resources or training to address and mitigate the risks adequately. However, these businesses are not any less lucrative targets for cybercriminals. Even the smallest businesses in Nigeria might deal with huge sums of money or have access to massive amounts of customer data that they must safeguard. Small businesses in Nigeria frequently collaborate with larger companies, thus they may be exploited by hackers to target such companies.
Nigeria SMEs, perhaps, stand to lose the most if they are subjected to a severe cyber-attack. Losing so much money in a cyber-breach is catastrophic for small businesses, not to mention the reputational harm caused by a cyber-attack. For these reasons, Nigerian businesses must be aware of the dangers and know how to counteract them.
What is Cyber Threat?
A cyber security threat is any harmful attack that attempts to gain unauthorized access to data, disrupt digital activities, or damage data. Corporate spies, hacktivists, terrorist groups, hostile nation-states, criminal organizations, lone hackers, and disgruntled employees are all examples of cyber threats.
Several high-profile cyber-attacks have resulted in the exposure of sensitive data in recent years. The 2017 Equifax data breach, for example, exposed the personal information of around 143 million people, including birth dates, addresses, and Social Security numbers. Marriott International revealed in 2018 that hackers gained access to its servers and stole the personal information of nearly 500 million clients. The inability to develop, test, and retest technical measures such as encryption, authentication, and firewalls facilitated the cyber security threat in both cases.
Cyber attackers can utilize sensitive data to steal information or get access to a person’s or company’s bank accounts, among other potentially devastating acts, which is why cyber security professionals are so important for keeping private data safe.
What is Cybersecurity?
Cybersecurity ensures that your company’s data is protected from both internal and external threats. It can refer to a collection of technologies, processes, structures, and procedures for safeguarding networks, computers, programs, and data against unwanted access or damage. Any cybersecurity strategy should aim to secure data confidentiality, integrity, and availability.
There are a number of ways that cybersecurity vulnerabilities can harm (or even destroy) an organization’s reputation. A hacker could potentially get sensitive information such as bank account or credit card numbers. On the “dark web,” there are open markets for such information. If outsiders have access to such sensitive information, the organization’s banking or credit card services may be revoked, or it may be found in violation of privacy regulations. Every month, high-profile data breaches affecting individual data are revealed around the world.
A second, but related risk is that if a hacker acquires sensitive information about the company, the company’s reputation could be harmed. Only few Nigeria businesses can afford the reputational damage that losing data can create. The harm to one’s reputation and goodwill may be more devastating than the data loss itself. The loss of client data could result in legal or regulatory action being taken against the company.
Ransomware is the most recent and worrying part of cybersecurity that is causing significant problems for businesses. Reports of ransomware attacks using commercially driven business strategies date back to 2012.
In many circumstances, malware is disguised and inserted within another sort of document, waiting for the target user to execute it. Upon execution, the virus may encrypt the data of the organization with a secret 2,048-bit encryption key or interact with a centralized command and control server to await the adversary’s instructions.
Once attacked, the data of the organization is encrypted using the attacker’s encryption key, making it unavailable. Once all accessible data has been encrypted, including backup data and systems in many cases, the business will be given instructions on how to pay a ransom within days, otherwise the adversary will remove the encryption key and the data will be lost. The enemy literally holds the data hostage—hence, ransomware. The encryption key is so strong that cracking it rather than paying the ransom is uneconomic—some estimate that decrypting the data without the key would take five quadrillion years on an average desktop computer.
In other circumstances, the target business may be able to hope that some researchers have identified a means to decrypt the data via a design defect. Otherwise, the firm will have to restore the systems and data from a secure backup or pay the ransom. Keep in mind that even restoring data does not preclude the possibility that the ransomware will not be re-enabled or returned due to the compromised environment’s integrity.
The Top Cyber Security Threats Facing Nigerian Businesses and How to Stop Them
Phishing attacks are the most dangerous, damaging, and prevalent threat to small businesses. Phishing is responsible for 90 percent of all data breaches, has increased by 65 percent in the last year, and has cost businesses more than $12 billion. Phishing attacks occur when an attacker poses as a trusted contact and persuades a victim to click on a malicious link, download a malicious file, or provide sensitive information, account details, or credentials.
In recent years, phishing attacks have become much more sophisticated, with attackers becoming more convincing in their impersonation of actual business contacts. There has also been an increase in Corporate Email Compromise, which involves bad actors utilizing phishing campaigns to acquire business email account passwords from high-ranking executives, then falsely requesting money from staff using these accounts.
Part of what makes phishing assaults so dangerous is how difficult they are to stop. Rather than addressing technological flaws, they utilize social engineering to target humans within a company. There are, however, technological countermeasures against phishing assaults.
Phishing emails cannot reach your employees’ inboxes if you have a powerful Email Security Gateway in place, such as Proofpoint Essentials or Mimecast. Post-delivery protection, such as IRONSCALES, is also critical for phishing attacks to be avoided. Users can report phishing emails, and administrators can then erase them from all users’ inboxes.
Security Awareness Training is the final layer of defense against phishing attacks in emails. These solutions enable you to protect your staff by testing and teaching them to recognize and report phishing attempts.
Malware is the second most significant hazard to small businesses. It covers a wide range of cyber threats, including trojans and viruses. It’s a catch-all phrase for malicious malware written by hackers to gain access to networks, steal data, or destroy data from computers. Malware is usually spread by malicious website downloads, spam emails, or connecting to infected computers or gadgets.
Small businesses are particularly vulnerable to these attacks because they can cripple gadgets, necessitating costly repairs or replacements. They can also provide attackers with a backdoor into data, putting customers and employees at danger. Small businesses are more inclined to hire people who work from home since it saves them time and money. This, on the other hand, raises their chances of being the victim of a malware assault, as personal devices are far more vulnerable to harmful downloads.
Having robust technology defenses in place can help businesses avoid malware attacks in Nigeria. Endpoint Protection systems safeguard devices from malware downloads and provide administrators with a central control panel via which they can manage devices and guarantee that all users’ security is up to date. Web security is also crucial, as it prevents people from accessing harmful websites and downloading hazardous software.
Every year, hundreds of businesses are affected by ransomware, which is one of the most popular cyber-attacks. They’ve become more popular in recent years because they’re one of the most profitable types of attacks. Ransomware encrypts company data, preventing it from being used or accessed, and then demands that the organization pay a ransom to unlock the data. Businesses are faced with a difficult decision: pay the ransom and risk losing a large sum of money, or risk having their services crippled due to data loss.
Small businesses are particularly vulnerable to such attacks. Ransomware attacks targeted small firms 71% of the time in 2018, with an average ransom demand of $116,000 in 2018. Smaller businesses are more likely to pay a ransom since their data is frequently not backed up and they need to get back up and running as quickly as possible. Locking patient medical information and appointment times can damage a business to the point where it has no choice but to close unless a ransom is paid, and the healthcare sector is particularly hard struck by this type of attack.
Businesses must have effective Endpoint Protection in place across all corporate devices to prevent these threats. These will aid in preventing ransomware attacks from successfully encrypting data. SentinelOne, an endpoint protection solution, even has a ‘ransomware rollback’ feature that helps businesses to quickly detect and neutralize ransomware attacks.
Businesses should also consider implementing a reliable cloud backup solution. These systems securely back up company data on the cloud, reducing the risk of data loss. Organizations can use a variety of data backup strategies, so it’s crucial to figure out which one will work best for you.
The advantage of instituting data backup and recovery is that in the case of a ransomware attack, businesses may quickly recover their data without paying ransoms or losing productivity. This is a significant step forward in enhancing cyber-resilience.
Employees that use weak or readily guessed passwords are another major hazard to small businesses. Many small businesses use a variety of cloud-based services, each of which requires a separate account. Sensitive data and financial information are frequently stored in these platforms. This data can be compromised if you use passwords that are easily guessed or the same password for many accounts.
Due to a general lack of awareness about the damage that weak passwords can cause, small businesses are frequently vulnerable to hacks caused by employees using them. According to a recent study, 19 percent of industry professionals utilize readily guessed passwords or share passwords across accounts.
Users should investigate Business Password Management systems to ensure that staff utilize strong passwords. These services assist employees in managing passwords for all of their accounts by recommending strong passwords that are difficult to decipher. Multi-factor authentication systems should also be considered by businesses. These ensure that access to corporate accounts requires more than just a password. Multiple verification procedures, such as a passcode delivered to a mobile device, are part of this. Even if an attacker guesses a password properly, these security rules help to prevent them from accessing corporate accounts.
- Insider Threats
The insider threat is the final big issue that small businesses face. An insider threat is a risk to a company that is brought about by the actions of current or former employees, business contractors, or associates. These actors have access to sensitive information about your organization and can cause harm through greed, malice, or just ignorance and negligence. According to a Verizon analysis from 2017, insider threats were responsible for 25% of all breaches in 2017.
This is a rising issue that can endanger employees and customers, as well as bring financial harm to the organization. Insider attacks are becoming more prevalent in small businesses as more employees have access to multiple accounts containing more data. According to research, 62 percent of employees have access to accounts they don’t require.
Small businesses must ensure that they have a strong culture of security awareness within their organization to prevent insider threats. This will assist employees in detecting early on whether an attacker has penetrated, or is attempting to breach, business data, and will help to prevent insider threats caused by ignorance.
The impact of a Cyber-Attack on Your Company
A successful cyber-attack can be devastating to your company. It can have an impact on your financial line, as well as your company’s reputation and consumer trust.
A security breach can be classified into three types of consequences: financial, reputational, and legal.
The Financial Loss:
Cyber-attacks often result in substantial financial loss arising from:
- theft of corporate information
- theft of financial information (eg bank details or payment card details)
- theft of money
- disruption to trading (eg inability to carry out transactions online)
- loss of business or contract
Businesses that have faced a cyber-breach will always have to pay to fix the compromised systems, networks, and devices.
Customer relationships require a high level of trust. Cyber attacks can harm your company’s brand and diminish your clients’ trust in you. As a result, potentially leading to:
- loss of customers
- loss of sales
- reduction in profits
Reputational harm can have an influence on your suppliers, as well as your relationships with partners, investors, and other stakeholders in your company.
Legal Consequences Due to Data Leak
Data protection and privacy laws require you to keep track of the security of any personal data you have on your employees or customers. You could face fines and regulatory sanctions if sensitive data is unintentionally or intentionally compromised, and you failed to implement proper security measures.
Legal Protections Against Cyber Security Threats in Nigeria
Government and industry have recently pushed to develop policies and regulatory standards that ensure a baseline of security across the Nigerian business landscape. Cyber Laws in Nigeria arose as a result of the need to combat these cyber threats.
Cyber law serves as a shield over cyberspace, preventing cybercrime. The government is committed to developing and enforcing laws to combat illegal online activity. The “Cybercrimes (Prohibition and Prevention) Act, 2015” has had a significant impact on Nigerian cyber law. This Act establishes a comprehensive legal, regulatory, and institutional framework for prohibiting, preventing, detecting, prosecuting, and punishing cybercrimes in Nigeria.
The Act also promotes cybersecurity and the protection of computer systems and networks, electronic communications, data and computer programs, intellectual property and privacy rights, and critical national information infrastructure.
Tips To Prepare Your Organization for Cyber-Threats in Nigeria
Even the most resilient businesses can be destroyed by a security breach. It is critical to manage the risks appropriately.
- Create a security strategy to evaluate and categorize the data you handle, as well as the types of security your organization requires. Conduct security audits on a regular basis.
- Make cybersecurity awareness a top priority. Inform and educate your employees about the importance of data security and security protocols.
- Create encryption for critical data as well as two-factor authentication for system access.
- Invest in, install, and update cybersecurity tools such as antivirus software, firewalls, and additional privacy tools on a regular basis.
- Have a backup for sensitive data to save yourself from ransomware.
- Hire cybersecurity engineers who can identify and manage vulnerabilities in your system.
Digitization and globalization have given rise to cybercriminals who are constantly on the lookout for new ways to defraud and harm organizations and institutions in Nigeria. Businesses must be cautious and aware of the risks posed by these cybersecurity threats.
The best method for businesses to protect themselves against these threats is to have a comprehensive set of security measures in place, as well as to use Security Awareness Training to ensure that people are aware of security threats and how to avoid them. Proactive measures will inform you of potential hazards and strategies to limit their impact.
At Olisa Agbakoba Legal (OAL), we have skilled and experienced cyber lawyers that can support and provide legal and advisory cybersecurity services. Our Cyber lawyers handle cybercrime matters against individuals, businesses, and the government, as well as cases involving e-commerce, e-contracts and digital signatures, intellectual property rights, cybersecurity, and other topics.
Feel free to Contact OAL’s Cyber Lawyers to discuss issues relating to internet technologies and cybercrime in Nigeria.
Lead Digital Strategist, OAL.