Nigeria currently ranks third globally in cybercrimes behind the United Kingdom and the United States. This is according to Nigerian Communications Commission, which also found that about N127bn was lost to cybercrime in Nigeria in 2015.
According to the Country Manager, Microsoft Nigeria, Akin Banuso, the acceleration of digitalisation and insecure consumer habits, a lack of coherent legislation and regulatory frameworks, as well as inadequate cybersecurity measures in key sectors, is turning Nigeria into a lucrative target for cybercriminals.
“It is important that organisations and their employees across Nigeria are aware of the latest threats and how best to protect against them,” he adds.
Banuso highlights three of the biggest cyberthreats currently facing the country:
The word ‘botnet’ is a combination of the words ‘robot’ and ‘network’. Botnets can be infected with malware that allows hackers to remotely take control of a number of devices at a time, usually without the knowledge of the device owner.
According to the latest Microsoft Security Intelligence Report, botnets continue to impact millions of computers globally, infecting them with old and new forms of malware. Cybercriminals use botnets to conduct a variety of online attacks, such as send spam, conduct denial-of-service attacks on websites, spread malware, facilitate click fraud in online advertising and much more.
Defending against botnet activity is not an easy undertaking and requires a massive and coordinated effort by both private and public organisations. The first step in protecting organisations against botnets, is to look for a solution that harnesses advanced machine learning.
For example, Windows Defender ATP uses the power of the cloud, machine learning and behaviour analytics to detect, protect and respond against botnets and other cyberthreats.
Hackers turning to easy marks
As the cost of circumventing security measures increases, hackers are progressively taking advantage of low-hanging fruit to circumvent increasingly sophisticated security measures. There are three types of low-hanging fruit routes frequently employed by cyberattackers in Nigeria.
- Social Engineering: It is becoming more expensive for hackers to penetrate software. By contrast, it is easier and less costly to trick a user into clicking a malicious link or opening a phishing email. The best defence against phishing is employee education and training.
- Poorly secured cloud apps: Recent Microsoft research suggests that 79 per cent of Software-as-a-Service storage apps and 86 per cent of collaboration apps do not encrypt data both at rest and in transit. When adopting cloud apps, you should make sure that only apps with web session protection and encryption are allowed. Organisations should also have a solution in place to have visibility into and control over all cloud apps usage.
- Taking advantage of legitimate platform features: Cybercriminals are increasingly taking advantage of legitimate software platform features to infect computers. For example, during the last quarter of 2017, the Windows Defender Security Intelligence team detected incidents where hackers used legitimate business software to stay “under the radar” as they phished users and infected computers.
Last year the infamous ransomware attack WannaCrypt hit the UK National Health Service and other systems around the world, bringing down critical services. It impacted over 230,000 computers and to this day constitutes one of the largest cyberattacks. According to Microsoft’s latest Security Intelligence Report, ransomware continues to be a popular method used by cybercriminals to solicit money from victims.
To protect yourself from falling victim to a ransomware attack, Banuso says you can take the following measures:
- Back up data: Be sure to create destruction-resistant backups of critical systems and data. Also, be sure to regularly test that backups are working.
- Apply multi-layered security defences: Use an email security solution that scans suspicious email attachments and ideally protects at the time a user clicks on an attachment. Antivirus software should help detect and block the download and installation of some ransomware but to mitigate against the impact of sophisticated ransomware, additional protection is required. Advanced threat protection that applies machine learning and artificial intelligence technologies can help.
- Keep software up-to-date: To minimise entry points for ransomware, be sure to keep all software updated, including operating systems, web browsers, plug-ins and security software. Also prioritise patching new releases to enable stronger protection against vulnerabilities.
Prevention is better than cure
The past year has shown us the significant impact of botnet infections on computers worldwide. We have seen cybercriminals leveraging less sophisticated methods to infect machines and extort ransoms from victims; and we have continued to encounter ransomware in a wide range of cybercrime activity.
Organisations in Nigeria that act quickly to adopt security solutions, implement incident response plans and employ the right mix of people will minimise damage and impact from cyber-attacks now and in the future.
All rights reserved. This material, and other digital content on this website, may not be reproduced, published, broadcast, rewritten or redistributed in whole or in part without prior express written permission from PUNCH.
Contact: [email protected]
(Visited 1 times, 1 visits today)