Phishing, business email compromise haunt Nigerian firms
As cyber criminals increasingly target Africa, Nigerian businesses are experiencing major phishing attempts, in various forms, as well as business email compromise.
This came up during a recent webinar hosted by Rubrik, in cooperation with ITWeb Africa, for Nigerian IT and security decision-makers.
The webinar covered the findings of new research from Rubrik Zero Labs, 'The state of data security: Measuring your data', which looked at data security trends, as well as recommendations for strengthening data security practices.
The research found that 94% of IT and security leaders reported a significant cyber-attack last year, and 66% of the attacks happened in cloud environments.
Further, 93% of affected organisations submitted a formal data loss notification to a governing organisation.
Filip Verloy, Rubrik X's field CTO EMEA & APJ, led the webinar conversation, explaining the research findings and advised attendees on how to address cyber security breaches within their businesses.
“When we talk to organisations and companies at large, we try to understand how they look at and understand risk. The easy way to go about it is to look at what is the likelihood that data will be impacted by an external entity,” he said.
According to Verloy, companies need to understand if there is an ‘inherent risk’ in their data, for example, if sensitive data is impacted by external entities, what then is the resulting impact from that.
Further, he advised companies to report breaches as this will allow them to reset and prepare to for any future incidents.
He added that post-incident analysis should not be about attributing blame, but rather understanding what has happened and helping to improve for future.
Verloy urged Nigerian companies to prioritise cyber resilience, cautioning that determined bad actors will always find ways into an organisation’s environment. “It is important to make sure they don’t turn that into a data breach. It’s all about building resilience for an organisation,” he said.
According to Dr Harrison Nnaji, chief security officer at First Bank, Nigerian companies face a variety of risks, the most serious of which being phishing and business email compromise.
“Nigeria is not isolated from the rest of the world, so the attacks you see elsewhere are the same here. Phishing in its all forms, phishing has 20 variants, and business email compromise are prominent in Nigeria,” he said.
“There is a growing insider threat – internal teams collaborating or colluding with external teams to undermine the capacity by sharing sensitive data. An organisation is as strong as its weakest link,” Nnaji added.
Nigerian businesses have also been the victims of DDoS attacks and 'account takeovers' in recent months, he said.
In order for firms to defend their environments, Nnaji added, they should take a multifaceted approach that combines applicable technology with proper personnel training.
According to Samuel Chika, head of solutions and innovations at TigerLogic Solutions, while Nigeria is experiencing accelerated digitalisation, there is still more work to be done in terms of talent and government efforts to support businesses.
Dr. Obadare Peter Adewale, chief visionary officer at Digital Encode, meanwhile commended the government for enacting data management legislation that he believes will improve data governance.
According to KPMG, the Nigeria Data Protection Regulation guarantees that Nigerian businesses remain competitive in international trade by establishing strong data protection regulations.
The regulation applies to all storage and processing of personal data relating to Nigerian citizens and residents.
“It has impacted Nigeria in so many ways, many positive ways and negative as well,” said Adewale.
He said the negative is that if a company isn’t complaint to the regulation, it will be fined.
On the positive, Adewale said it has brought a more standardised approach to data governance. “Prior to this regulation, there was no structural way of dealing with data governance, everyone was doing what they thought was right. But with the regulation, they now know that there is a law, and you need to do what it says.
“The law also helped establish new nuances around data in terms of distribution, data privacy, security and protection.”
Finally, he said there is now sense of responsibility to ensure that data is not only protected, but also only used for authorised purposes.
“Every organisation is aligned and complies with the law; because of adherence organisations are now responsible,” said Adewale.