Writer: OLUWAFIROPO TOBI OGUNDARE, Commercial Account Manager- West Africa & Mauritius at Red Hat
In January 2023, Cyber Security Experts of Nigeria (CSEAN) released its National Cyber Threat Forecast for the year. The report gives insight into the state of regular and emerging threats from cybercriminals, as well as the possibility of cyberattacks during Nigeria’s presidential elections in February.
The forecast predicts that 2023 will see an increase in government infrastructure as a target (GIaaT) attack, with malicious actors exploiting outdated and vulnerable applications in government organisations.
Criminals will continue to rely on malware, specifically ransomware – a threat that small and medium-sized enterprises are particularly vulnerable to. Other identified threats include attacks on financial institutions, cloud infrastructure, and individuals via phishing and social engineering techniques.
These forecasts correlate with recent incidents that threaten Nigeria’s digital ecosystem. According to the Minister of Communications and Digital Economy, Nigeria experienced 6.9 million cyberattacks on election day, originating from inside and outside the country. And in 2022, attacks on institutions such as mobile money providers and betting platforms resulted in business disruption and financial losses worth millions of US dollars.
A reported culture of secrecy elevates cybersecurity concerns. Nigerian organisations are hesitant to disclose any incidents or breaches they experience. Although this is understandable, it makes solving the problem more difficult.
Businesses cannot simply wait to become victims of cybercrime. They must develop and execute strategies that use the latest technologies and position them as entities that take security seriously. This starts with understanding the landscape, the challenges we face, and available solutions.
Skill gaps, 5G, and other challenges
Our vulnerability to cybercrime is an amalgamation of factors ranging from inadequate responses to threats and a lack of transparency to government computing resources. The prevalence of hybrid work models also makes data and people more susceptible to threats.
Like the rest of the world, Nigeria suffers from a lack of talent where it’s needed most. Studies reveal a global cybersecurity workforce gap of 3.4 million people.
According to the WEF Global Cybersecurity Outlook 2023 report, 59% of surveyed business leaders and 64% of cybersecurity leaders ranked talent recruitment and retention as a key challenge for managing cyber resilience.
Meanwhile, one of the biggest developments to impact Nigerian citizens and businesses has been the deployment and growth of 5G, spurred by major telecom providers now offering 5G network services in cities like Lagos and Abuja.
This is promising, but as these networks grow, cybercriminals can exploit the faster channels to carry out attacks such as distributed denial of service (DDoS) attacks.
Challenges like these demand change. To that end, enterprises should consider new models and innovative solutions that transform their systems and secure them from the inside out.
Rethinking security
Nigeria is embracing cloud computing like never before. Our data centre market is expected to grow year-on-year by more than 13% between 2022 and 2027. Because of this, it’s essential to focus on cloud security and cloud workload protection. Enterprises can safeguard their applications and data through best practices such as “secure-by-design” and evolving security solutions into a DevSecOps model, meaning security and engineering teams work together to build and run applications that boast integrated security mechanisms.
Another essential for enterprises is implementing zero-trust architecture. A zero-trust strategy is critical to securing an organisation’s IT resources and data, especially in the age of hybrid work models, where IT resources and workforces are no longer centralised.
With zero-trust architecture, organisations can authorise and monitor access on a per-user basis and secure networks with several layers of security mechanisms. Going forward, a zero-trust strategy will go from being “good to have” to critical for Nigerian organisations.
In the face of this, enterprises in Nigeria both big and small should access the support they need through their technology partners and managed services providers.
Compiling a comprehensive cybersecurity strategy does not have to be an intimidating task, not when you have experts to help give you a clear idea of what you’re up against, what you’re trying to secure, and how you can best secure it.
Author
Comments 1