Nigeria has been ranked as the second most secure African country in Africa, behind Senegal. This was revealed in a report by India-based cybersecurity research firm, Indusface, as reported by TechCrunch. The West African country earned the spot after it successfully halted the Gamarue botnet- a very dangerous malware that had been a significant threat to corporate data and devices.
The cybersecurity rankings were determined using metrics like DDOS attacks, phishing and malware-hosting sites. Nigeria ranked second with an overall index of 74.69 out of 100. Senegal ranked as the continent’s most-secure country after amassing 78.09 points.
The research claims Nigeria has a low number of compromised systems per 100,000 internet users among other African nations evaluated. This yardstick acknowledges Nigeria’s successful advances to counter malware like the Gamarue botnet which primarily steals information, and performs other activities such as click fraud.
Honduras, South Korea, and Japan emerged as the top three cyber-secure nations, respectively, according to the report.
The Founder and President of Indusface, Venky Sundar, emphasized the need of addressing the security issues connected with remote work in the dynamic business environment. He provided individuals and organisations with six crucial pointers for boosting their cyber security in virtual office settings.
These include: determining which nations are least likely to be attacked by cybercriminals; comprehending data security laws like the GDPR; evaluating law enforcement resources; looking into government grants for cybersecurity; and analyzing cybersecurity knowledge among various age groups.
The investigation by the South San Francisco-based firm further discloses that 68% of high-growth global companies are capitalizing on hybrid work because of cost reduction, flexibility and recognition across the wider talent market. The adoption of these models by global companies is said to curb the lingering threats in preserving data privacy and network security outside the workspace.
Read More; Top cybersecurity predictions for African businesses in 2023, according to experts
How Gamarue botnet works
Gamarue-also known as Andromeda is a malware that enables hackers to dominate individuals’ computers. This malware does not take control of computers alone, but it also steals information and has the capacity to breach the settings. Botnet is a network of infected computers that can communicate with command and control servers.
This malicious software is typically distributed with freeware or through fraudulent websites that prompt users to download and install a browser update, a new version of Adobe Flash Player, or a Java update. The Backdoor, once activated. Andromeda will be set to launch every time Windows boots.
Instances when cybersecurity breaches occurred in Nigeria
On April 3rd 2022, Website Planet reported that the Plateau State health insurance agency, Plateau State Contributory Healthcare Management Agency (PLASCHEMA) suffered a security breach that led to the leak of a huge number of user data. The organization reportedly exposed over 75,000 files approximately around 45GB of data.
Each unsecured data contained Personal Identifiable Information (PII) belonging to program applicants from a different city located in Plateau State. Among other files, the open data contained ID cards that exposed a range of applicant PII.
Based on the volume of these files, Website Planet estimated that over 37,000 people were affected by PLASCHEMA’s data breach. However, the Computer Emergency Response Team (CERT) of the National Cybersecurity Society (NCSS) was contacted and the breach was contained and the buckets contained.
Days after the buckets were locked down by CERT, Fabong Yildam, director general of PLASCHEMA, denied any data breach or exposure in a press conference.
A Nigerian security analyst and executive director of the Cybersafe Foundation established that organizations in developed countries communicate when they have cases of cyberattacks, which encourages cyber-resilience and widespread incident response.
In August 2020, two major Nigerian banks reportedly suffered data breaches, exposing the financial details of their customers. However, when contacted by the press, neither bank responded until days later, and then their press releases were vague, neither denying nor admitting the occurrence of any data breach.
In July 2023, independent Nigerian journalist, David Hundeyin also reported the compromising of emails belonging to the Lagos state government and the exposure of the details of the emails, mostly negotiations. The Lagos state government and Nigeria’s cybersecurity agencies issued no report nor feedback concerning the journalist’s claims.
Confidence Staveley, renowned as Africa’s most-celebrated cybersecurity expert with consultancy experience in various banks and government agencies in a cybersecurity capacity said that organizations do not realize the weight that comes with data collection.
“They do not see the accumulated data as something that needs to be protected, and so they don’t thoroughly consider encryption and security in their data pipelines.”
Confidence Stavely
Strategies for protecting against cyber attacks
Five years after the National Cybersecurity Society (NCSS) was established, there have been few changes enforced in our country’s cybersecurity posture as a result of the implementation of some of the NCSS’s concerns. These include;
- The development and implementation of an appropriate legal framework, The Cybercrime Act 2015.
- Establishment of the National Computer Emergency Response Team (CERT) and introduction of a roadmap for implementing Detective, Preventive and Response capabilities to deal with cybercrime activities.
- Protection of Privacy through the Nigeria Data Protection Regulations
- The Strategy on Public-Private Partnership highlights the need for inter-agency collaboration with the private sector. It engages the framework for a public and private partnership in developing a cohesive response to mitigating cyber risk.
- National awareness programs through multi-stakeholder engagement, and international cooperation in the countermeasures giving birth to National Cybersecurity Awareness Month, Child Online Safety, and many more.
In September 2022, the National Information Technology Development Agency (NITDA) of Nigeria, which is in charge of cybersecurity and data protection, also created rules and guidelines requiring businesses that process personal data to be secure in their data collection, processing, and storage.
By understanding the cyber threat environment and putting in place efficient security measures, businesses can reduce risks and protect their important data and assets from future cyber-attacks.
Read More; Mastercard partners with Nigerian fintech startup NowNow to improve cybersecurity for SMEs