Cybersecurity concerns heat up amid inflationary pressures in Nigeria
July 29, 2024243 views0 comments
Joy Agwunobi
Nigeria, the most populous country in Africa, is facing a severe economic crisis that experts say is leading to increased cybercrime. This is as high inflation, rising food prices, and high unemployment are driving more Nigerians into the cybercrime industry to make up for their lost earnings.
High inflation in Nigeria has led to a rise in the cost of living, which has in turn, made cybercrime a more appealing option for many citizens.
Moreso, economic strife in Nigeria has indirectly exacerbated the country’s cybersecurity landscape, creating an environment in which cybercrime becomes a viable means of survival for many young Nigerians.
According to the Cyber Security Experts Association of Nigeria (CSEAN), these conditions have led to an increase in insider threats and an uptick in AI-aided malicious activities, along with a continued proliferation of misinformation, ransomware attacks, and cyber-assaults on vulnerable government online assets.
Read Also:
The impact of economic hardships on cybersecurity is particularly concerning, as desperate citizens may be drawn into illicit digital activities, further complicating the task of protecting the country’s digital infrastructure.
The CSEAN report warned that cybercrime could become a lucrative illicit business venture as Nigerians seek to escape economic hardship.
The issue was further brought to fore by a report from Meta, the parent company of Facebook, announcing that 63,000 accounts associated with fraudulent activity, including 1,300 Facebook accounts, 200 pages, and 5,700 groups based in Nigeria, were shut down recently. These accounts, according to Meta, were not only used to commit various types of scams, but also to recruit and train new scammers. Meta revealed that the groups provided fake profile pictures, scripts, and training materials to assist in defrauding victims.
In June 2024, the Paradigm Initiative, a data protection organisation, sounded the alarm on Nigeria’s data security landscape, emphasising the need for urgent intervention. The organisation uncovered evidence suggesting that personal and sensitive data, including National Identification Numbers (NINs) and Bank Verification Numbers (BVNs), were being sold online after allegedly being extracted directly from government databases.
According to the Financial Institutions Training Centre (FITC) report for Q1 2024, Nigeria’s payment system has undergone a significant change in the patterns of fraudulent activities, with a sharp rise in the number of cases involving Point-of-Sale (POS) transactions.
The FITC report showed that POS fraud cases in Nigeria rose from 2,683 cases in the fourth quarter of 2023 to 3,518 cases in the first quarter of 2024, representing a 31.12 percent increase.
This shift underscores the growing appeal of POS terminals to fraudsters, who find them to be a lucrative and convenient channel for conducting their illegal activities. With POS terminals becoming more commonplace in Nigerian businesses, the opportunities for fraudsters to exploit security vulnerabilities have also multiplied, resulting in an alarming uptick in fraudulent transactions.
In July 2024, the Nigerian Computer Emergency Response Team (ngCERT) sounded the alarm on a menacing ransomware attack by the notorious Phobos ransomware group. The attack, which mainly targeted cloud service providers, indicated the growing threat posed by ransomware to Nigeria’s cybersecurity sector.
The ngCERT cautioned that ransomware attacks pose a significant threat to Nigeria’s cyberspace, especially targeting the information technology and telecommunications sectors. These sectors, whose managed cloud services host data and applications for critical government agencies, financial institutions, telecommunications companies, healthcare providers, and educational institutions, are particularly susceptible to these attacks.
The implications of these attacks are wide-ranging and potentially devastating, not only to the affected organisations but also to the broader economy and society, as vital services such as financial transactions, healthcare, and government operations can be disrupted.
Despite various government initiatives to stem the tide of cybercrimes, experts in the field warn that the fight against these threats is far from over. They advocate for enhanced security measures, such as comprehensive cybersecurity frameworks, increased awareness and training among the general public and security professionals, and collaboration between the public and private sectors.
Gbenga Sesan, the executive director of Paradigm Initiative, pointed out that the data available on these websites were indeed sourced from official government databases, bringing to light critical vulnerabilities in the nation’s data protection infrastructure.
Though the National Identity Management Commission’s (NIMC) denied that its systems had not been breached and that stringent security measures were in place to ensure the safety of Nigerians’ data, the commission warned citizens to be vigilant and avoid sharing sensitive information on questionable websites.
While it’s reassuring that the NIMC claims to have robust cybersecurity measures in place, the threat of data breaches and the sale of personal information on the dark web are constant concerns.
Industry reports have shown that cyber threats not only compromise personal information but also result in significant financial losses, operational disruptions, and damage to a company’s reputation. Financial institutions are particularly vulnerable to these dangers, with fraudulent transactions and data breaches causing extensive monetary losses, lower productivity, and reputational harm.
In response to the issues of cybercrimes in Nigeria, the Institute of Security Studies (ISS) called for a collaborative approach between government and financial institutions to tackle the problem.
While the ISS acknowledges that state security agencies have a role to play in addressing cybercrime, it noted that their involvement must be carefully managed to avoid potential concerns about abuse of power, lack of accountability, and limited access to information.
The ISS emphasised the importance of building trust and effective communication between the public and private sectors in order to combat cybercrime. It also urged joint task forces to build confidence between the public and private sectors, adding that effective collaboration between financial institutions, corporates and the Cybercrime Advisory Council would be a practical step.
Furthermore, financial institutions are encouraged to adopt a proactive and multi-pronged approach to dealing with the threat of cybercrime. This includes:
- Educating customers on information security beyond the confines of the office, emphasising personal accountability and the importance of adopting safe online habits.
- Upholding robust information security measures to detect and deter cyber threats, while continuously investing in the latest security technologies and innovations.
- Working with cybersecurity experts and other financial institutions to share information and collaborate on developing effective strategies against cybercrime.