Did you know?
Between January and April 2022, the number of Trojan-Password Stealing Ware (PSW) discoveries in Nigeria doubled to 2,654 compared to the same period in 2021 when the number was 1,076.
Also, the Internet Crime Complaint Center (IC3) in 2020 reported that since its inception in 2000, it has received over 5.6 million complaints globally. From 2015-2020 alone, the total number of complaints was 2,211,396, costing victims about $13.3 billion in losses.
What this means:
As human interactions and activities continuously increase on the internet, so do cyber threats and attacks. Hackers keep discovering more and more sophisticated ways to perfect their skills.
In Nigeria, there have been several cases of phishing attacks, payment interface malware, ransomware and crypto jacking amongst other scams over the years. Millions of Naira have been lost and many individuals affected.
The Government’s response:
In a bid to curtail this growing evil, the Federal Government of Nigeria in May 2015 officially commissioned the Nigeria Computer Emergency Response Team [ngCERT] operations center in Abuja under the office of the National Security Adviser. Other offices include the Special Fraud Unit of the Nigerian Police, the Cybersecurity Department of NITDA.
These offices have been tasked with the responsibility of working hand in hand with the law enforcement agencies to develop cyber incident response plans; identify and classify cyber attack scenarios; determine the tools and technology used to detect and prevent attacks; promote cyber-security awareness; determine scope for investigations and conduct investigations within the scope after every attack.
Who can fall victim to cyberattacks?
On the most recent episode of The Hub, cybersecurity expert Ruth Ki, recounted some of her online experiences and the methods for tackling cyberattacks. She explained that online attacks and threats are not alien to anyone as both skilled and unskilled technology users can fall victim to them at any time.
“I don’t see the lack of knowledge or ignorance as what puts people on the losing end. I know people who despite being well-experienced in tech still fell victim to cyberattacks. This is because these attackers use social engineering methods. These methods are designed to make you believe that they are offering you help or something you do not have.”
How social engineering works:
Renowned psychologist and academic, Robert Cialdini asserts that the Six Universal Principles of Persuasion are what social engineering is based on; And because we are social and emotional beings, we tend to trust and interact with the things we like.
While these traits are acceptable and positive in some areas of life, they have become weaknesses and backdoors which cyber criminals manipulate to deceive people.
Factors facilitating the growth and success of cyber attacks in Nigeria:
• Poor accountability process: Ki believes that this is a major contributor to the prevailing trend of cyber attacks. She said, “there have been a lot of cyber attacks and security breaches but you don’t get to hear about them. Why? Because there is a very poor accountability process when it comes to understanding the rights and responsibilities in data protection.”
“The state needs a structure that gives people the right to act and implement. If there are cybersecurity laws and punishments attached to violations, people will adhere to such provisions.”
• Human error: An analysis of cyber attack and incident data from IBM’s worldwide security operations found that over 95% of all incidents investigated recognize human error as a contributing factor.
The report says that, “the most commonly recorded form of human errors include system misconfiguration, poor patch management, use of default usernames and passwords or easy-to-guess passwords, lost laptops or mobile devices, and disclosure of regulated information via use of an incorrect email address. The most prevalent contributing human error is “Double clicking” on an infected attachment or unsafe URL.”
• Limited availability and access to information and cybersecurity experts.
Your safety on the internet is your business:
“You do not wait for someone to tell you to stay safe before you do so. It is your responsibility as an internet user to ensure your own cybersafety in that space,” Ki said.
“Sometimes, it is very difficult to determine the genuineness of certain methods but what people need to know is you need to ask critical questions. It is important to ask about the safety of your data before you hand it out to any agency or individual. Anything that will require the use of your confidential data must be questioned before further engagement,” she emphasized.