Cybersecurity is a shared responsibility that requires the collective effort of every individual, business, and government entity to ensure a secure digital environment.

As a leading body in the field of cybersecurity in Nigeria, we are committed to enhancing our nation’s cybersecurity posture.

The increasing reliance on digital technologies has brought about significant benefits, such as improved access to information and efficient service delivery.

However, this digital transformation has also introduced significant cybersecurity risks that threaten national security and economic stability.

Current State of Cybersecurity Awareness

A significant portion of the Nigerian population, especially in rural areas, lacks basic cybersecurity knowledge.

This limited awareness makes individuals vulnerable to various cyber threats. Also, many organizations, particularly Small and Medium Enterprises (SMEs), lack adequate cybersecurity infrastructure and resources, leaving them exposed to cyberattacks.

The shortage of skilled cybersecurity professionals further worsens these challenges, as organizations struggle to effectively address the growing threat landscape.

Phishing attacks remain a persistent threat, with individuals falling victim to sophisticated social engineering tactics.

Data breaches continue to occur, compromising sensitive personal and financial information. Cybercrime, including online fraud, identity theft, and ransomware attacks, is on the rise, causing significant financial losses and reputational damage.

Recent studies have highlighted the current state of cybersecurity awareness in Nigeria. For instance, research conducted among university students in Northeastern Nigeria revealed that while there is some basic knowledge of cybersecurity, there is a pressing need for more comprehensive awareness programs, particularly in areas such as cyberbullying, child online protection, self-protection, and internet addiction.

Another study on online banking users in Nigeria showed a high level of awareness of cybercrime but also identified gaps in password security practices and the need for more robust cybersecurity measures.

Poverty and unemployment drive cybercrime in Nigeria, posing a threat to national security and socio-economic development.

Addressing these underlying issues, promoting awareness, and implementing effective cybersecurity measures are crucial for mitigating cybercrime and fostering a safer digital environment.

To this end, we are calling on all stakeholders, including government agencies, private sector organizations, educational institutions, and civil society, to join us in this important endeavour.

Government Initiatives

We appreciate the Nigerian government’s efforts to enhance cybersecurity and protect its cyberspace through various initiatives, which include the establishment of the National Cybersecurity Coordination Centre (NCCC) to facilitate the implementation of cybersecurity

programs and legislation, the NCCC coordinates national efforts against cyber threats; The 2021 National Cybersecurity Policy and Strategy (NCPS) which builds on the 2015 framework, addressing evolving cybersecurity challenges.

It aims to enhance digital competitiveness, promote indigenous technology, safeguard critical infrastructure, and combat cyberattacks, online fraud, and misinformation; The Cybercrime (Prohibition, Prevention, etc.) Act 2015 which was enacted to combat cybercrime and protect digital assets.

The recent Cybercrimes (Prohibition, Prevention, etc.) Amendment Act 2024 further strengthens cybersecurity measures by introducing Sectoral Computer Emergency Response Teams (CERTs) and requiring reporting of cyber threats within 72 hours; The Amendment of the National Identification Number (NIN) Requirement which mandates its use for electronic financial transactions to facilitate tracking and verification; and The Nigeria Data Protection Act 2023 which builds on previous data protection regulations to strengthen data protection rights and enhance security in response to the evolving data landscape.

These initiatives aim to create a more secure digital environment in Nigeria, addressing evolving cyber threats, protecting critical infrastructure, and safeguarding personal data.

The government’s commitment to international cooperation, capacity building, and legal frameworks ensures a proactive approach to cybersecurity.

Our Initiatives

We have been instrumental in raising cybersecurity awareness in Nigeria. Through various initiatives, we are actively promoting cybersecurity best practices and educating the public about emerging threats, which include the annual Cyber Secure Nigeria 2024 Conference and this year’s conference theme Leveraging Artificial Intelligence for Cyber Resilience: Building A Secure Future Bridge.

This event brought together academia, industry experts, government officials, and cybersecurity professionals to share knowledge and insights; we also offer training and workshops to equip individuals and organizations with the necessary skills to protect themselves from cyber threats; we conduct various awareness campaigns to educate the public about the importance of cybersecurity.

These campaigns often involve social media, workshops, and public events to reach a wider audience; we publish regular cyber threat landscapes and forecasts to highlight emerging threats and vulnerabilities in Nigeria.

These reports help individuals, organizations and governments prioritize their security efforts and allocate resources effectively; and we collaborate with other organizations, both locally and internationally, to share knowledge, resources, and best practices.

These partnerships help to strengthen the cybersecurity ecosystem in Nigeria. By actively promoting cybersecurity awareness and education, we play a crucial role in safeguarding Nigeria’s digital landscape.

Call to Action

To address growing cybersecurity challenges, individuals, organizations, and the government must take concerted action. Individuals should prioritize digital literacy, strong password hygiene, online vigilance, and regular software updates.

Organizations should invest in cybersecurity infrastructure, train employees, develop incident response plans, and prioritize data protection.

The government should strengthen legal frameworks, foster public-private partnerships, invest in research and development, and promote cybersecurity awareness.

To further enhance Nigeria’s cybersecurity posture, stakeholders should collaborate on training programs, promote cyber hygiene, raise awareness about emerging threats, engage communities, and support research initiatives.

Also, strengthening cyber threat intelligence capabilities through investment in research and developing Sector-Based Incident Response Capabilities. International cooperation and continuous learning are also essential components of a robust cybersecurity strategy.

By taking these comprehensive steps, Nigeria can better protect its digital infrastructure, safeguard privacy, and ensure national security.

Conclusion

As we conclude Cybersecurity Awareness Month 2024, we urge Nigerians to prioritize online safety. Cybersecurity is a shared responsibility requiring collective action from individuals, organizations, and the government. Let us continue to engage in discussions, share knowledge, and report suspicious activities to build a secure digital environment. By working together, we can ensure a safer cyberspace for all.

*Article written by Ade Shoyinka, President of Cyber Security Experts Association of Nigeria (CSEAN) and John Odumesi, Director of Research and Development, CSEAN

The post Strengthening Cybersecurity Awareness in Nigeria – A Call to Action appeared first on Tech | Business | Economy.

The conference, centred around the theme “Leveraging AI for Cyber Resilience: Building a Secure Future Bridge” will take place at the prestigious Ballroom at the Palms Hotel in Abuja, on September 25th and 26th, 2024.

Cyber Secure Nigeria is an annual event that brings together cybersecurity professionals, policymakers, industry experts, military personnel, security enthusiasts, students, and other stakeholders to address the latest trends, challenges, and best practices in the field of cybersecurity.

As an initiative by CSEAN, the conference aims to foster collaboration, knowledge sharing, and innovation to enhance cybersecurity measures and promote a safer digital environment in Nigeria.

The 2024 edition of Cyber Secure Nigeria will delve into the huge potential that Artificial Intelligence offers to the cybersecurity industry and its impact on the cyber capabilities of our organisations and country. With the rapid digitization of various sectors and the increased reliance on digital technologies, cybersecurity has become a fundamental pillar of national security and economic stability.

The sub-themes for the conference include:

1. AI and Human Security
2. Digital Economy with AI
3. AI-Aided Government
4. AI in Cyber Warfare
5. Securing Critical Infrastructure with AI
6. AI-Assisted Cybersecurity Technologies Human-AI Collaboration in Cybersecurity
7. AI for Countering Social Engineering and Disinformation
8. The Future of AI and Cybersecurity
9. Security of Things/Internet of Things

AI-Powered Cybersecurity Solutions Cyber Secure Nigeria 2024 will feature renowned international and local experts as keynote speakers, panellists, and workshop facilitators. Attendees will have the opportunity to engage in interactive sessions, participate in hands-on workshops, and network with industry leaders, fostering collaboration and knowledge exchange.

This year’s conference coincides with the 10th anniversary of this impactful organization, and will be preceded by celebratory activities across our various branches. The event will close with the 2nd edition of our Cybersecurity Merit Awards, which starts at 6pm on the 26th of September 2024.

“We are thrilled to organize the Cyber Secure Nigeria 2024 Conference in our continuous efforts to promote cybersecurity and create a safer digital environment in Nigeria,” said Ade Shoyinka, President of CSEAN.

“By bringing together cybersecurity professionals, policymakers, thought leaders, and key stakeholders, this conference seeks to spark meaningful discussions on how AI can be leveraged to strengthen cyber resilience, also advancing the exchange of innovative ideas and strategies that harness the power of AI to safeguard the future of our digital ecosystems.”

The Ballroom at the Palms Hotel in Abuja, known for its luxurious facilities and serene environment, is the venue for this prestigious event. Its commitment to excellence aligns perfectly with the goals of Cyber Secure Nigeria 2024 conference.

How to Register

Registration for the Cyber Secure Nigeria 2024 Conference is ongoing. Apply via the conference website to secure your spot today.

The post CSEAN Unveils Cyber Secure Nigeria 2024, 2nd Cybersecurity Merit Awards appeared first on Tech | Business | Economy.

In the forecast authored by Oluwafemi Osho, John Odumesi, Hamzat Lateef, and Hassanat Abdulraheem, all members of the  Directorate of Research and Development at CSEAN, the body identified that in 2022, there was a significant increase in the complexity and impact of cyber threats worldwide, and Nigeria was no exception.

As experts and active stakeholders in the cybersecurity sector, the authors collected and analyzed data from various sources, including cybersecurity professionals in the country, incident reports, and 2021 and 2022 threat trends, to present our forecast of cyber threats for 2023.

According to them, several factors will contribute to the predicted threats, including the upcoming 2023 general elections, the economic situation in the country, a lack of transparency in reporting security breaches, and a lack of coordination among organisations within the same sector. These and more are captured in the cyber threats forecast categorized and discussed under two sections: (i) election-related threats and (ii) regular and emerging threats.

The report:

1. 2023 Elections and the Deluge of Cyber Threats

Spread of Misinformation and Disinformation

“It is expected that there will be a significant amount of misinformation and disinformation circulated through social media platforms in the run-up to, during, and after the 2023 general elections.

“We are very likely to experience the weaponization of manipulated information to influence people’s perceptions and behaviours in relation to the elections. This can seriously affect the integrity of the electoral process and undermine public trust in democratic institutions.

“Disinformation, specifically related to the elections, is likely to increase, with political parties potentially hiring foreign actors to create and disseminate false or misleading information”.

The experts also said reiterated that Nigeria had a taste of weaponized, coordinated propagation of disinformation during the 2019 general elections.

“It is crucial for individuals to be vigilant and critically evaluate the information they come across, particularly during election periods. It is also vital for social media platforms and government agencies to take steps to address the spread of misinformation and disinformation, such as through fact-checking efforts and public education campaigns”.

Hate Speech

“In the past, Nigerian elections have been marred by instances of hate speech and threatening expressions by politicians. This trend is highly likely to continue as the 2023 general elections draw closer.

“This type of language can incite violence and create a toxic political environment. Political actors need to refrain from using hate speech andpromote a respectful and peaceful campaign. It is also the responsibility of the government and relevant authorities to take action against hate speech and ensure that the elections are conducted in a fair and peaceful manner.

“The upcoming 2023 general elections will be an opportunity for Nigeria to demonstrate its commitment to democracy and peaceful transitions of power. Political actors must work to ensure that the elections are conducted in a way that respects the rights and dignity of all Nigerians”.

Malinformation/Cyber Smearing

The report further indicates that the public has the right to accurate and reliable information to make informed decisions about their leaders. “Regrettably, we have seen reports of private information being made public to malign individuals or groups.

“There have also been instances where true information was shared out of context in an attempt to mislead the public. Over the next year, we will witness more of such occurrences in the lead-up to the elections.

“These types of behaviour are unethical and can create a toxic political environment. Politicians have the responsibility not only to provide accurate and reliable information to the public but also to refrain from sharing private or true information out of context to mislead the public”.

Attacks Against INEC cyberinfrastructure

The information security experts forecast that INEC cyber infrastructure will be targeted in the lead-up, during, and after the elections.

“Attacks will include cyber-based threats, such as the defacement of the INEC website and hacking of the Bimodal Voter Accreditation System (BVAS), as well as physical-based attacks, including arson and vandalism. If the frequency of attacks and arson on INEC facilities from 2021 is anything to go by, we are in for more of such as we approach the general elections.

“INEC must be prepared for these types of attacks and to have measures in place to protect its cyberinfrastructure to ensure the integrity of the electoral process.

2. Regular and Emerging Threats

Government Infrastructure as a Target (GIaaT)

“In 2023, we envisage an increase in the exploitation of computing resources of government establishments for malicious use. Further, more government-related data will be exfiltrated. Based on the data gathered this year, we found threat actors exfiltrating critical information and maliciously leveraging government computing resources, including mining cryptocurrency and setting up Internet Relay Chat (IRC)platforms. Findings also revealed activities related to credential the and backdoor setup.

“Threat actors leverage outdated and vulnerable internet-facing applications in most of these identified facilities. Government establishments need to be aware of these potential threats and take steps to secure their computing resources and protect them against data exfiltration.

“This may involve regularly updating and patching internet-facing applications and systems to ensure they are not vulnerable to exploitation.

Malware

“Malware is a family of so ware designed for malicious purposes. In 2021, Nigeria experienced an onslaught of Trojans, Trojan-downloaders, and Trojan-droppers. 2022 brought about an escalation in backdoor infections. As one of the most common attacking tools preferred by cyber threat actors, malware will continue to be relied on by the actors in 2023.

“If they want to be secure from malware infection, individuals and organizations will do well to keep their operating systems and so ware up to date, adopt a strong password policy, ensure periodic backing up of data, and be cautious with clicking links.

Another Year of Ransomware

“Ransomware, a type of malware, has gained popularity in recent years and therefore warrants being discussed as a standalone topic. In 2021, a significant percentage of organisations in Nigeria reported experiencing ransomware attacks, according to Sophos. 2022 saw the first publicly reported Ransomware attack against a betting company in the country by BlackCat.

“As the ransomware-as-a- service (RaaS) ecosystem continues to evolve, ransomware attacks will become more sophisticated and more common in Nigeria in 2023”.

They forecast that threat actors are likely to focus on devices with weak security and easily exploitable vulnerabilities. Small and medium-sized enterprises (SMEs) are particularly vulnerable to ransomware attacks, as they may not have the resources or expertise to implement advanced security solutions.

“To mitigate the risk of ransomware attacks, individuals and organisations in Nigeria should keep so ware and systems up to date, use antivirus so ware, regularly back up important data, enable two-factor authentication, educate employees on cybersecurity best practices, and consider implementing advanced security solutions.

Attacks on Financial Institutions

“Over the years, attacks against banks and FinTechorganisations in Nigeria have shied from low-tech to high-tech, sophisticated breaches. We experienced an onslaught of financial phishing attacks and the danger of organized targets. As the country launches new Naira notes and transitions to a new democratic government in 2023, it is expected that the financial sector will continue to be a target for cybercriminals.

“These attackers may seek to collaborate with bank employees to gain unauthorized access to critical systems and obtain sensitive information that can be used to exploit the bank’s systems.

“Threat actors may also use traditional tactics such as malware, social engineering, and phishing campaigns to lure employees and customers into revealing sensitive information”.

To protect against these types of attacks, they recommended that financial institutions in Nigeria should implement strong security measures, educate employees on cybersecurity best practices, and regularly update their systems and so ware with the latest security patches.

Attacks in the Cloud

“Following the COVID-19 pandemic, more organisations have wholly or partly adopted enterprise-wide cloud for IT operations. As expected, cybercriminals have ramped up attacks. Research has shown that cloud adoption is expected to increase significantly over the next two years.

“This will translate to an expansion in the threat surface. Thus, we forecast increased attacks on cloud infrastructure in 2023.

“Organisations should integrate security into the planning and operation of cloud services. It is also critical for them to invest in cloud-threat detection capabilities and identity perimeter to protect their cloud assets.

Menace of Insider Threats

“Insider collaborators will continue to pose a significant threat to organisations in Nigeria in 2023. Insider threats are threats to an organisation that comes from individuals within the organisation, such as employees, contractors, or business associates, who have insider knowledge of the organisation’s security practices, data, and digital networks. These individuals may intentionally or unintentionally expose the organisation to risks, such as data breaches, unauthorized access to systems, or of sensitive information.

“We saw cases of employees being lured with money to divulge sensitive organization information in 2022. More of such is likely to occur in 2023. There are several countermeasures organisations in Nigeria can take to mitigate the risk of insider threats in 2023.

“These include conducting thorough background checks on new hires to ensure that they do not have a history of malicious activity or security breaches, implementing access controls to limit the amount of information and resources that employees have access to, monitoring employee activity on networks and systems to detect suspicious behaviour, providing security awareness training to educate employees on the importance of protecting sensitive information and how to identify and report potential insider threats, and implementing technical controls such as data loss prevention systems to help prevent the unauthorized transfer of sensitive information.

“By implementing these countermeasures, organisations can better protect themselves against the risks posed by insider threats.

Cryptocurrency-Based Threats

“The cryptocurrency industry has undergone significant changes and developments in recent years, and it has become an increasingly popular and widely adopted form of digital currency. 2022 has been a rollercoaster year for the industry.

“At the same time, the industry experienced an increase in the number of threats. This includes various types of cyberattacks and scams that aim to steal or fraudulently obtain cryptocurrencies from individuals and organisations.

“We forecast this trend to continue in 2013. Threat actors may use a variety of methods to carry out attacks, such as malware that is spread through cracked so ware or games from torrent sites or phishing scams that use fake websites or emails to trick people into giving away their login credentials or personal information.

“To protect themselves and their assets, cryptocurrency users should be aware of these risks and take steps to protect themselves and their assets.

“This might include using strong passwords, enabling two-factor authentication, and being cautious when clicking on links or downloading so ware.

Ponzi Scheme, Rug Pull, Pump and Dump

“Ponzi schemes and crypto and forex trading rug pull are two of the many financial frauds Nigerians have been contending with in recent years. While these threats are inherently not cyber threats, perpetrators leverage cyberspace to pull off frauds.

“These scams thrive on people’s vulnerability to the promise of quick returns. With a growing interest in crypto in Nigeria, which has made the country to be labelled the most crypt-obsessed nation, Nigerians will remain susceptible to these kinds of threats.

They advised individuals to be vigilant and cautious when considering investment opportunities to protect themselves against these risks.

Phishing and Social Engineering

“Social engineering has remained one of the most powerful techniques used by threat actors for malicious purposes.

“Phishing, a social engineering attack, has evolved over the years. Despite widespread awareness of these types of attacks, many people are still susceptible to them, and our data shows that phishing attacks continue to be successful. In some cases, threat actors have even been able to use the InterPlanetary File System (IPFS) to host their phishing platforms, further increasing the likelihood of success.

“To protect against these types of attacks, it is important for individuals to be aware of the risks and to take steps to protect themselves, including being suspicious of unsolicited emails or messages, not clicking on links or downloading attachments from unfamiliar sources, and enabling two-factor authentication whenever possible.

SMEs Will Feel the Brunt of Cyber Threats More

According to reports, small and medium-sized enterprises suffered increased password stealing, Internet, and Remote Desktop Protocol (RDP) attacks in 2022, compared to 2021.

“This trend is very likely to continue in 2023. SMEs may be easier targets for cyber threat actors, and there are several reasons for this. Generally, small businesses have limited resources to invest in cybersecurity, may have fewer IT staff or less expertise in cybersecurity, and o en lack the level of security awareness that big organisations have.

“SMEs must be aware of the cyber risks associated with their business and take necessary steps to protect their systems.

Privacy Breaches by Online Money Lenders

“Digital money lending services, which offer short-term loans to individuals, were introduced in Nigeria to provide easy access to credit for ordinary people. However, many of these operators have been ignoring the Nigerian Data Protection Regulation (NDPR) and violating the data privacy rights of their customers. Reports suggest that they have been accessing the phone details of the family members of defaulted loanees without authorization and then contacting the family members via text messages containing threatening and derogatory content.

“This behaviour is a clear breach of data privacy rights and will likely continue if relevant regulatory institutions do not address it.

“To protect against data privacy violations in Nigeria’s digital money lending industry, regulatory bodies should enforce the Nigerian Data Protection Regulation (NDPR) and implement stricter penalties for violators. Consumers should also be educated on their data privacy rights and how to protect them. They should be cautious when taking out short-term loans, reviewing the terms and conditions to ensure their data will be protected.

Increased Cyber Attacks through Networks of Higher Institutions

“Unfortunately, it is common for higher education students to become involved in online scamming, o en using the networks and resources of their schools to launch their attacks.

“The long-term strikes and disruptions in the education sector in Nigeria may have contributed to an increase in the number of individuals participating in online scams, as some students may be seeking alternative sources of income.

“As a result of this trend, more online scams will likely be launched from behind the networks of higher education institutions in the country.

“Higher education institutions can mitigate the trend of online scammers exploiting their networks by educating students about the risks of online scams, implementing strong cybersecurity measures, monitoring and enforcing appropriate use of institutional networks, encouraging students to report suspicious activity, and working with law enforcement.

In conclusion, the authors believe that in 2023, Nigeria will face a range of cyber threats that will be perpetrated by threat actors using a variety of tactics, techniques, and procedures.

The threats will include large- scale propagation, and potential weaponization, of mis/disinformation, ransomware attacks, and phishing attacks, among others.

One of the main factors that are expected to influence the cyber threat landscape of 2023 is the general elections.

“To mitigate these threats, individuals, organizations, and relevant government bodies must adopt appropriate cybersecurity measures and strategies.

“Furthermore, all stakeholders must work together to ensure a concerted effort to protect the cyber sovereignty of the country. Cybersecurity is a collective responsibility”, the CSEAN report recommended.

CSEAN is a non-profit organisation centred on a collective purpose and vision to be a vehicle championing the cause and awareness of Information security best practices, acting as an agent of change to address Cyber Crime phenomena through engaging intellectual minds, business, and political leaders.

As Cyber Security protagonists, the body looks to hold a healthy debate to expand the audiences’ knowledge, awareness, and understanding of cyber-crime issues.

Through workshops and seminars, CSEAN shares knowledge and grows the information security industry in the country while creating youth forums to breed future generations of information security professionals and to hold broader discussions with government officials on tackling Cyber Crime.

The Authors:

The post NIGERIA: CSEAN Releases National Cyber Threat Forecast 2023 appeared first on Tech | Business | Economy.