Cyberattack is a malicious and deliberate attempt by an individual or organisation to breach the information system of another individual or organisation.
When targeting businesses or organizations, the hacker’s goal is usually to access sensitive and valuable company resources, such as Intellectual Property (IP), customer data or financial details.
The Economic and Financial Crimes Commission (EFCC) reported that 80 per cent of the 978 convictions it secured as of September 2021, were based on cyber fraud. Another report by Nigeria Inter Bank Settlement System (NIBSS) indicates that within nine months of 2020, fraudsters made 46,126 attempts to breach data-based systems. Sadly, 41,979 of these were successful – representing 91 per cent of the time.
Also, a Survey titled ‘The State of Ransomware 2022′, revealed that 71 per cent of Nigerian businesses were hit by ransomware attacks in 2021 and that the cost of remediation of these attacks for 44 per cent of the businesses was $3.43 million.
It has been reported that Africa lost $3.5 billion in 2017 to cybercrimes, the Nigerian portion of this sum was $645 million, by far the largest. A year later, it was reported that Nigeria lost $800 million (N288 billion) collectively to cyberattacks in 2018. More broadly, a 2019 report disclosed that Nigeria has lost on average N127 billion ($328,842,878 million) annually to cybercrimes in recent years.
Types of Cyber Attacks
Ransomware, otherwise known as information hijacking, is an example of cyber attacks, head, IT and Cybersecurity, Nigeria Data Protection Commission (NDPC), Olorunisomo Isola said, adding that, “the attacker uses a code to get access to the organization’s server. The objective is to hold a company’s data hostage until the affected user pays a specific amount, which can often be hefty. These attacks can use email to penetrate a system, but can also be initiated by visiting an infected website, clicking on an online ad with malicious code, or hackers exploiting network vulnerabilities.
“Another one is the Distributed denial-of-service (DDoS). In this case, the attacker floods the system with a high number of simultaneous functions, such as a request to a webpage. The goal is to overwhelm networks, systems, or devices. Malware is a type of malicious software that is designed to damage computers or steal information. Hackers can use malware to delete files, access sensitive information, or disable a computer. In other words, it is intended to take control of or disrupt a target’s computer system or infrastructure.”
Social engineering represents a catch-all term for various tactics that are used by hackers, Isola disclosed, adding that, these tactics are designed to trick individuals into giving out sensitive or confidential information (e.g: Phishing, Smishing, Vishing, etc.). Another one is Advanced Persistent Threats (APT), which is a sophisticated, sustained cyberattack in which an intruder establishes an undetected presence in a network in order to steal sensitive data over a prolonged period of time, he revealed.
Man-in-the-middle attack (MITM) is a type of cyber threat in which a hacker intercepts communication between two people to obtain information, Isola averred, adding that on an insecure WiFi network, for example, an attacker could intercept data passing between the victim’s device and the network.
“Insider threat is the potential for an insider to use their authorized access or understanding of an organization to harm that organization. This harm can include malicious, complacent, or unintentional acts that negatively affect the integrity, confidentiality, and availability of the organization, its data, personnel, or facilities. Third-Party Threats are typically contractors or vendors non formal members of an organization, but have been granted some level of access to facilities, systems, networks, or people to complete their work. These threats may be direct or indirect threats,” he stated.
Importance of cybersecurity
It is a known fact that individuals, businesses, organizations, and governments are all potential targets of cyberattacks, hence the need to heighten cybersecurity, to protect oneself from being victim of cyber attacks, Isola advised.
He urged individuals and organizations to maintain a good password policy, adding that, “Maintaining an unpredictable and complex password is a huge step in the right direction. Make sure that you never reuse passwords and change them regularly as and when you’re prompted by an expiry alert. Choosing a strong password is itself the best security measure of all.
Update regularly Isola said, adding that, “the pop-ups that we get from time to time notifying us of updates are not just there to pester us. Such updates do numerous things to help you improve security. One of the best ways to foil breach attempts is to update your operating system and all application software as the new versions have most likely been fine-tuned to prevent current threats.”
There is need to secure the Network, the IT expert said, even as he disclosed that, “Cybercriminals could easily compromise your data without setting foot inside your premises. They can do this by breaking into your network, and it’s far easier for them to do it if your network is unsecured. You can secure all the devices in your network by ensuring that encryption is enabled on your wireless traffic.”
Isola also advocated for proper backing up of data. He said, “Data is the most valued asset of any organization and it’s what criminals want to exploit. Storing and backing up such assets with private information is critical. Backing up data can be considered another line of defense protecting you against ransomware.”
Educate the employees, the IT expert advised, adding that, “Educating your employees about the deadly consequences of security breaches is vital. If a culture of security is adopted at all levels of the organization, from junior staff to the CEO, then it will be far less likely you’ll suffer an otherwise avoidable data breach.
There is also the need to respond promptly to cyber breach, Isola averred, while explaining that with the surge of high-profile attacks targeting sensitive data assets, developing a breach response plan in advance helps in triggering a quick response in the wake of an incident. “Also install centralized firewalls. Firewalls are the first line of defense in network security. A suitably configured firewall acts as a barrier between networks with differing levels of trust. It is vital that you keep the local firewall on all the time as this is the best way you can arm your network against malicious attacks.
“Encrypted Transmission, because stolen encrypted data is of no value to cybercriminals. The power of cryptography is such that it can restrict access to data and can render it useless to those who do not possess the key. Using encryption is a big step towards mitigating the damages of a security breach. Don’t forget to always update your antivirus software.
“Make sure that you have an updated antivirus, antispyware and anti-malware software installed so that your server is continuously protected and monitored. Such software prevents malicious programs from stealing or destroying data assets,” he advised.
The implementation of technical and organisational measures for information security is of utmost importance in today’s digital age. The measures provide a robust framework for protecting sensitive data, mitigating risks, and ensuring the continuity of operations.
Furthermore, it is crucial to note that these measures align with the Nigeria Data Protection Act 2023, as the Act aims to protect the privacy rights of individuals and regulate the collection, storage, processing, and sharing of personal data.
