Moving towards robust cyber security for Nigeria
Experts attribute the exponential increase in cyber-attacks to hackers’ adaptability and capacity to use new attack patterns that can target telecoms and internet service providers without being detected by signature-based methods.
The Federal Government recently announced that it had developed cyber security toolkits for more than 41 million Micro, Small and Medium Enterprises (MSMEs) in Nigeria to protect their online activities.
National Security Adviser, retired Maj.-Gen. Babagana Monguno, gave the information at the 9th Meeting of the Cybercrime Advisory Council, held in April in Abuja.
A pilot launch of the cyber security toolkits was conducted in February, with over 200 MSMEs in attendance.
The main launching of the toolkits took place in collaboration with the United Kingdom Foreign, Commonwealth and Development Office (FCDO), with the aim of protecting MSMEs from cyber threats.
Cyber security has emerged as one of the most threatened components of national security and countries are building cyber defences and resistance against any attack.
Cyber criminals and hackers have scaled up targeted attacks on national critical infrastructure, businesses and telecommunications facilities either for ransom or as acts of terrorism.
For instance in July 2021, between 800 and 1,500 businesses around the world were affected by ransomware attack centred on U.S. information technology firm Kaseya.
The company provides software tools to IT outsourcing shops – companies that typically handle back-office work for companies too small or modestly resourced to have their own IT departments.
The hackers who claimed responsibility for the breach, demanded $70 million to restore all the affected businesses' data.
In 2021 alone, malicious and targeted attempts at disrupting traffic to a particular server, service or network, known as distributed denial-of-service, skyrocketed globally.
Experts attribute the exponential increase in cyber-attacks to hackers' adaptability and capacity to use new attack patterns that can target telecoms and internet service providers without being detected by signature-based methods.
In the past, countries have witnessed cyber-attacks targeting oil pipeline companies, meat supply chain, schools and hospitals, and have become a major concern for data security among both companies and governments.
However, experts say cyber security threats have assumed a much more crucial national security dimension in recent years and that governments and businesses should fortify the protection of their digital footprints.
Close to home, out of the 206,000 mobile malware detected and blocked by a particular cyber security provider between January and June 2021 for the Middle East, Turkey and Africa, over 14,071 originated from Nigeria.
Also, in the 2020 Global Cyber Security Index on the snapshot of cybersecurity measures taken by countries, Nigeria ranked 47th out of 182 countries globally, and fourth in Africa after Mauritius, Tanzania and Ghana respectively.
In response to the challenge of cybersecurity threat, the Nigerian government, through the Office of the National Security Adviser, announced plans for the implementation of the National Cybersecurity Policy and Strategy (NCPS).
The NCPS, among other things, aims to develop a sector-based protection plan for Critical National Assets and Infrastructure (CNAI), as well as for private businesses.
The NCPS also aims at providing information, strengthening cybersecurity governance and coordination, and building the capacity of relevant stakeholders on their responsibilities across seven sectors.
These sectors are: telecommunications, defence and security, education, finance and capital market, energy, professional organisations, the private sector and judiciary.
Indeed, just as it is in national security as a whole, cyber security threats are ever evolving and becoming even more insidious. They no longer comprise just hackers who launch ransomware attacks.
In its 2022 Nigeria Cyber Security Outlook, Deloitte reported that no organisation – private or public – is immune to cyber-attacks, especially with the help of insiders.
"The year 2021 was exciting in the cyber security space both locally and internationally. Cyber breaches and attacks were experienced in the economy's public, private, financial, and non-financial sectors.
"A significant trend was that no organisation appeared immune to cyber attacks. Even financial institutions that had made significant investments in cyber security experienced high profile attacks.
"It was noted that there would be a spotlight on Nigeria, and attackers would have more tools, skills, and ground to play," Deloitte said in its report.
It also said cyber attacks in the country would include insider threats.
Quoting a Threat Post and Krebs report, Deloitte said cyber security threat actors advertised profit-sharing incentives for company employees willing to help them distribute malicious software within their organisations.
"In Nigeria specifically, these threat actors sent out an open communique to employees willing to cause their organisations harm.
"We envisage that this would be a major area of concern. There could be a surge in cyber attacks if there is a successful collaboration between external threat actors and malicious insiders/employees.
"It may also be challenging to detect such instances since the attackers use valid credentials/access to perform their activities," it said.
Perhaps one of the most glaring manifestations of the threats to Nigeria's cyberspace is the recent attack on one of its biggest commercial websites.
In April, the management of sports betting platform Bet9ja revealed that its website had been hacked by Russian Blackcat hackers.
The company also confirmed that the hackers demanded a huge amount of money in digital currency as ransom.
It is therefore imperative for the public and private sectors to engage in effective partnership to protect facilities and critical national infrastructure and assets.
This should include collaboration to mutually share information, processes, technologies, innovations and ideas across private sector entities such as industry, non-profit organisations, think tanks, non-governmental organisations, academic institutions, financial sector and technology institutions.
MSMEs are particularly vulnerable to cyber attacks because they lack adequate preparedness, resources and know-how to protect their digital activities.
It is therefore commendable that the government has developed and launched cyber security toolkits for more than 41 million MSMEs. However, access to resources and personnel should be prioritised.
The Cybersecurity Department of NITDA, whose responsibility it is to standardise the setting up of cyber security structures in both the public and private sectors, should embark on continuous enlightenment and boost the capacity to defend Nigeria's cyberspace.
Also, government at sub-national levels should be encouraged to adapt and adopt relevant provisions of the NCPS to mitigate cyber security threats.