CEM REPORT, TECHNOLOGY | It is now a given that digitalisation is the new normal though some, especially of the older generation are struggling to accept this. Every process is now either digitalised or is in the process of digitalisation. While this is a welcome development, especially in Nigeria where paper and long queues hamper processes, digitalisation has come with its unique pitfall; cybercrime.
Organisations, small businesses, countries and several institutions have become targets of cybercrime syndicates. Ransomware attacks amongst several cyber security issues have become headliners at cyber gatherings, yet with all the conversation and development of cyber security measures, cyber attacks continue unabated.
Recently, the financial world was stunned when reports said that the Industrial & Commercial Bank of China (ICBC), US unit was hit by a cyberattack, that halted its ability to clear swathes of US Treasury trades after entities responsible for settling the transactions swiftly disconnected from the affected systems.
The attack suspected to have been perpetrated by a prolific criminal gang with ties to Russia, Lockbit, caused immediate disruption as market-makers, brokerages, and banks were forced to reroute trades, with many uncertain when access would resume.
To salvage the situation, ICBC sent the required settlement details by a messenger carrying a flash drive as the state-owned lender raced to limit the damage. ICBC confirming the incident said it had isolated the affected systems adding that the ransomware attack did reach the bank’s head office and others overseas including ICBC’s New York branch.
A Bloomberg report states that ICBC is considering seeking help from China’s Ministry of State Security in light of the risks of a potential attack on other units, a source told Bloomberg.
Interestingly, about some months back, ION Trading UK was hit by a ransomware attack that paralyzed markets and forced trading shops that clear hundreds of billions of dollars of transactions a day to process deals manually.
One would think that after such an attack, financial institutions would be on high alert and install cyber security protocols but yet …
CEM, in late July, reported a cyber attack on the Kenyan government that shut down access to the eCitizen system for almost a week. The system is responsible for over 5,000 government services.
The worry and question on the lips and hearts of Nigerians should be, if nations who have long embraced digitalisation before Nigeria and should have better cyber security protocols could be hacked, what chance does Nigeria stand in the battle?
Earlier in the year the Nigerian National Security Adviser, Nuhu Ribadu, said that the management of cybersecurity incidents and the safeguarding of the Critical National Information Infrastructure (CNII) were seen by the Federal Government as essential elements for the advancement of the country and hence moved to amend the 2015 Cybercrimes Act. The amendment the federal government said will address issues surrounding emerging technologies such as Artificial Intelligence (AI).
This goes to prove that Nigeria’s cyber security laws are behind the recent times.
Banks and Fintechs in Nigeria have also been victims of cyber attacks. In June 2022, hackers moved ₦1.755 billion from various customers’ accounts in Globus Bank and fraudulently transferred the money into various accounts in other banks. The bank was quick to recover ₦817.99 million but is still fighting to recover ₦962 million from the fraudsters’ accounts. As a last resort, Globus has filed an action in a Lagos High Court against those banks holding the stolen funds, reports say.
GT Bank is also in court with some of its big corporate customers from whose accounts hackers stole over N1 billion in foreign currencies, although the bank has been mute and through excellent PR killed the story.
Reports also say that three fintechs have lost over ₦5 billion to hackers between January and August of this year.
According to Corvus Insurance, ransomware attacks surged 95 per cent in the first three quarters of 2023, compared with the same period in 2022.
The Cyber Security Expert Association of Nigeria (CSEAN) reveals that corporate phishing attempts increased in 2022, and data protection procedures and disclosures lagged. Phishing attacks on SMEs increased by 87% in 2022 compared to 37% in 2021.
A recent report by Sophos and published by Businessday indicates that the ability of retail organisations to halt ransomware attacks has declined within three years.
The report details that 26 percent of retail organisations in 2022 were able to disrupt a ransomware attack before their data was encrypted as against 34 percent and 28 percent in 2021 and 2022 respectively.
The report indicates that either cybercriminal have gotten better at hacking and encrypting data or organisations have gotten sloppy at stopping them. Because a steady increase indicates that retail organisations need to improve their cyber security by setting up security that detects and responds to intrusions earlier in the attack chain.
According to Chester Wisniewski, director, global field CTO, Sophos, “Forty-three percent of retail victims paid the ransom according to our survey respondents, yet the median recovery costs to victims who paid the ransom was four times the cost to those who used backups and other recovery methods. There are no shortcuts in these situations and rebuilding systems is almost always required. It’s better to deprive the criminals of their spoils and build back better.”
This goes to say that top organisation are not the sole targets of cyber criminals, SMEs are also potential targets.
[READ ALSO] Dictador Appoints AI Robot Mika, CEO
With Nigeria embracing digitalisation in voting and citizen data collection and management, thanks to the increase in broadband penetration, eyebrows need to be raised on the state of our cyber security protocols.
Recently, President Bola Ahmed Tinubu launched the electronic Civil Registration and Vital Statistics System and Geospatial Data Repository (e-CRVS) which will collect and collate all civil registrations such as birth registration, stillbirth registration, birth attestation, adoption, marriage notification, divorce notification, migration and death in the country.
If such systems were to be hacked, personal data of Nigerians would be at the mercy of such attackers. These data could be changed to instigate fraud cases amongst several mayhem in the country.
Again, while digitalisation is the new given and Nigeria has jumped on the train, it shouldn’t just seek to run and catch up with others but, with great attention consider its back-end security because the effort to digitise the economy and the billions spent could become a nightmare and made useless by cyber attackers.
Also, financial institutions, SMEs and businesses that are including digitalisation in their business model should endeavour to install proper security protocols to prevent against cyber attacks.
For SMEs and new businesses embracing digitalisation in business, they may not feel nor see the need for high-end security protocols riding on the belief that they do not have sufficient funds to want to be hacked. Interestingly, hackers, don’t wake one day and hack, they plan the process over time. A virus could be introduced into a system for data collection purposes, which hackers can use to track finances and data. This allows for sufficient information to plan and decide when to commit the crime. They could also steal a company’s identity to defraud customers or innocent members of the public which will drag such a company into a legal battle.
When installing cyber security protocols, it is ill-advised to opt for a free version or a cracked version. While this would work, such versions do not receive regular security updates which leaves such systems vulnerable to attacks.