Security & Support | |
Security & Support | |
2196 VIEWS | |
![]() |
2018 was a year of
tremendous technological innovation and landmark shift in thinking. On the
other hand, it was plagued with several high profile privacy and cybersecurity
breaches within and outside Nigeria. One of the most prominent security
breaches was the Facebook data scandal. Cambridge Analytica acquired
personally identifiable information of up to 87 million Facebook users
resulting in a significant breach. We also saw several high profile
organisations around the world in the media for major breaches that affected
their profits and share value.
Nigerian companies were not
immune to the spree of cyber-attacks and data breaches. We had a mix of cases
originating from phishing attacks, malicious software embedded at payment
interfaces and ransomware. Although these attacks did not receive heavy media
coverage, billions of Naira was lost.
Many organisations also
experienced cryptojacking; a situation whereby attackers use the victim’s
computer to mine cryptocurrency. There was an increase in cryptojacking due to
the fact that it is a cheaper alternative to ransomware that requires much less
technical skills.
Just as we predicted in the
Deloitte Cyber Security Outlook for 2018, Cyber Security Regulations played a
key role in 2018 as it became one of the major drivers for security.
Regulations such as the Central Bank of Nigeria (CBN) Cyber Security Framework
and the EU’s General Data Protection Regulation (GDPR) came to the fore
ultimately raising the importance of security among Nigerian companies. It is
also important to note that the GDPR also affects Nigerian companies
transacting business with European citizens.
An overview of the 2019
Cyber Security Landscape shows that we can expect some of these trends to
continue with a number of them being amplified.
Watch out for these major
trends that could impact the Nigerian Cyberspace in 2019.
1) Politically Motivated Attacks would be on the rise
With the upcoming
elections, we may expect to see a rise in the number of politically motivated
cyber attacks. Hacktivism may be prevalent before and immediately after the
elections in order to gain access to the IT systems of government agencies and
parastatals.
During the 2015 elections,
the website of the Independent National Electoral Commission (INEC) was
reportedly hacked and attempts made to gain access to critical information of
several government parastatals. This trend will take a new dimension and if
left unchecked may pose a threat to future elections as witnessed around the
world. We recommend that the necessary authorities be vigilant in order to
protect critical technology platforms.
2) The rapid adoption of Cloud services and the Application Programming Interface (API) economy will increase Cyber-security threat
Cost Management is key to running business globally and so more businesses around the world are looking for better technology to drive processes. This drive has led to a proliferation of several digital channels and increased connectivity. This new trend has led to growing concerns about data privacy and security. Organisations may be required to comply with data privacy policies especially when relating with other international organisations, third parties, and customers. A good case in point is the heightened awareness the GDPR has triggered
It is important to understand the distinction
between information security and privacy and address each of them from an
informed standpoint. Security is concerned with how information is protected
while Privacy is focused on ensuring that an individual’s personally
identifiable information is not compromised, it affords an individual the right
to exercise controls on how their personal information is used
by organisations.
As more attention is given to data privacy and security, organisations that employ API and Cloud technologies would need to consider additional measures to ensure the privacy and security of customers’, employees’ and third parties data are guaranteed.
Big Data Technology for Cyber Intelligence
can support the storage of large amounts of data and help analysts examine,
observe, and detect irregularities within a network. The security-related
information available from Big Data has been shown to reduce the time required
to detect and resolve issues, allowing cyber analysts to predict and avoid the
possibilities of intrusion and invasion.
In 2019, we expect Cyber Security professionals in Nigeria to leverage
Data Analytics, Artificial Intelligence and Machine Learning to build more
predictive intelligence models into their existing cyber intelligence systems.
Attackers may also leverage technology and so organisations need to be one step
ahead.
In addition to bigger ransomware attacks,
2019 will bring another strain of malware attacks that will be application or
process specific. Some of the targeted applications will include Enterprise
Resource Planning (ERP) applications and Payment Processing applications.
Most of these attacks will also be undetected by traditional antivirus
systems and may even be passed over and seen as trusted network sources. The
malware will also leverage the unpatched Internet of Things (IoT) devices
within the network to launch attacks and communicate with Command and Control
(C&C) Centres. Organisations will need to have a holistic approach to
cybersecurity in order to stay ahead and this will involve the right mix of people
and skills, awareness, processes, governance and technology.
Reports show that the use of phishing
emails to trick people into divulging sensitive information increased in 2018.
These attacks will still be prevalent in 2019. Although financial institutions
have put in place effective systems to check this trend, other sectors in the
economy may become targets. (e.g. Maritime, Consumer Goods, Energy,
Telecommunications, etc).
Some organisations in the Financial Service Industry (FSI) have made
some significant improvements, thanks to employee awareness; anti-phishing
campaigns; email and web security solutions; next-gen antivirus solutions and
overall technology hardening. It is important to note that the FSI still
remains a target despite the measures in place and other sectors in the economy
however need to step up to ensure security. 2019 will witness sophisticated
phishing attacks with social engineering-themed messages targeting all sectors.
Phishers will look for mechanisms to exploit new technological
updates/innovation. Organisations must continue to invest in user awareness
campaigns in order to stay ahead of phishing attacks.
In January 2018, we predicted that Cyber
Security regulations would play a key role in Nigeria. With the CBN Cyber
Security Framework, cybersecurity regulations have become a major driver for
security especially within Banks and Payment Service Providers (PSPs). In 2019,
financial institutions and PSPs will develop strategies around Cyber Security
and begin to explore the adoption of Integrated Compliance and Risk Management
(ICRM) techniques to reduce the cost and effort of compliance.
Other regulators would also release cybersecurity requirements for
companies in their purview. Regulators will also be more decisive about
Cryptocurrency, the GDPR and the application of Blockchain technology. All of
these will further improve compliance to standards in relation to
cybersecurity.
According to the World Economic Forum,
Cybersecurity along with Artificial Intelligence (AI) and Data Analytics now
offers great career opportunities to professionals. More stringent regulation
will see an increased demand for cybersecurity professionals in Nigeria. This
is good news for security professionals. In addition, the emigration of skilled
professionals to other countries would cause a short-term scarcity in the
system. However, the growing interest in Cybersecurity by young professionals
will ensure competent resources are available in the medium to long term.
Countries around the world will also receive cybersecurity services from
Nigeria.
Cyber-attacks and data breaches are on the
rise globally and have become a big challenge for many organisations. More
worrisome is the similarity in the attack methods. Nigerian Organisations need
to actively report Cyber breaches to the appropriate government agencies to
create learning opportunities for other companies. Proactive cyber awareness
and intelligence sharing about attacks help in building cyber resilience across
organisations participating within a given trust community.
We will witness more collaboration in 2019 among organisations in
several sectors of the economy as regards sharing of cyber intelligence. There
will also be collaboration among countries and government agencies in setting
up intelligence sharing mechanisms for organisations in their jurisdiction.
While we focused on some top events that
are likely to happen in 2019, we must not forget to prepare ourselves for the
common and go-to attacks by cyber criminals, attacks such as Denial-of-service
(DOS) attacks, Man-in-the-middle (MITM) attacks, password attacks and so on.
Multiple layers of security controls should be implemented within our
environment to provide redundancy in the event of a security breach and we
should educate users on their responsibilities to help protect the
confidentiality, integrity and availability of their organisation’s
information.
We wish you a Cyber Secure 2019!
Tope Aladenusi, Partner, Risk Advisory is the Head, Cyber Risk
Services at Deloitte Nigeria. He leads the largest team of information security
consultants in Nigeria.
He can be contacted vide taladenusi@deloitte.com.ng
Related News
1.
2019 Banking Outlook - Slightly Positive But Risks Remain
Lopsided To The Downside
2.
Seplat Upgraded To 'B' After Further Progress On
Derisking Its Business; Outlook Stable
3.
Access-Diamond Deal Boosts Large Banks' Dominance in
Nigeria - Fitch
4.
Environmental Climate outlook for Nigeria 2019
5.
Top Priorities For The African Continent
In 2019
6.
Steering Nigeria Through
The Inclusive Growth Pathway: What Strategy Should The Government Adopt?
7.
Nigeria: Macro-Economic and
Banking Sector Themes For 2019
8.
Glimmer Of
Hope - Macro and Markets: 2018 Review and 2019 Outlook
9.
Nigeria
2019 Research Outlook: One Hurdle In Q1, Others To Follow
10.
NSR H1 2019 (9) - Fixed
Income - Will Yields Hump or Shift?
11.
Global Foreign Investment
Flows Dip To Lowest Levels In A Decade
12.
Discourse on Nigeria’s
Investment Outlook 2019
13.
NSR H1 2019 (8) - Nigerian
Fiscal - More Strain On FG Finances
14.
Fitch Ratings: Global
Growth Outlook Dented Not Dismantled
15.
NSR H1 2019 (7) - Monetary
Policy - Maintaining The Narrative
16.
Surviving Uncertain Times
in the Nigerian Financial Market
17.
NSR H1 2019 (6) - Nigerian
Inflation - Boiling Below The Surface
18.
Afrinvest Economic and
Financial Market: 2018 Review and 2019 Outlook - On The Precipice
19.
NSR H1 2019 (5) - Currency
- A Test Of Nerves And Resilience
20. Coronation Research Issues
2019 Economic Outlook for Nigeria; A Tale of Two Halves
21.
NSR H1 2019 (4) - Domestic
Economy - Stable Growth In Dire Need Of Fresh Impetus
22. NSR H1 2019 (3) - Crude Oil
- Not Great But Not All Gloom Either
23. Meristem 2019 Outlook
Report - Resilience in Vulnerability
24. NSR H1 2019 (2) - MEA
Region: A Year of Fragile Growth
25. NSR H1 2019 (1) - Global
Growth: New Year, Same Rhetoric, Matching Growth
26. 5 Key Global Developments
to Watch in 2019
27. Nigeria Outlook 2019:
Sailing Through The Storm
28. FSDH Research Expects
Modest Recovery in Equities’ Market in 2019
29. Nigeria Economic Outlook
Conference 2019