Business
COVID-19: Nigeria to lose N6 trillion to cybercrime
…as more businesses, individuals adopt virtual online apps, anti-hack software sales surge
By AYOOLA OLAOLUWA
Cyber attacks on individuals, businesses, and government agencies are on the rise as more Nigerians embrace digital gadgets such as smartphones, computers, and other electronic forms of transactions, BusinessHallmark findings have revealed. According to Wikipedia, a cyber attack is an attempt to disable, destroy, expose, steal, alter or obtain unauthorized access to a computer system, infrastructure, network, including all other smart devices.
Findings revealed that after the outbreak of the disease in Nigeria in February, many people and organisations, in order to limit their exposure to the dreaded disease, devised several ingenious measures to stay in touch with relations and in business.
For example, many businesses and religious houses adopted the use of teleconferencing apps such as Zoom, Facebook, Microsoft Teams, WhatsApp, Edmodo, Google mail, among many others for statutory meetings, such as board, editorial and Annual General Meetings (AGMs).
Also, due to strict social distancing rules put in place by the Federal Government and several state governments, many Nigerians have abandoned banking halls and now transact their businesses through PoS ATMs and online transfers. However, in their rush to embrace digital applications, many are leaving themselves dangerously exposed to cyber-attacks.
According to findings, recent cyber attacks include simple email scams to large-scale theft of customer data using malware, hacking of bank accounts through swapping of SIM cards, ransom attacks, and disinformation or fake news resulting in financial losses, or reputational damage. It was also revealed that the majority of cyber-attacks in Nigeria are perpetrated through mobile devices.
A recent report by Kaspersky Lab said Nigeria is among the top 10 countries globally that users of mobile devices experienced an attack by malware. The cybersecurity firm noted in its Mobile Malware Evolution report that Nigeria climbed two places to become the third country out of 10 attacked by mobile malware, recording 37.72 per cent of the attacks.
The Director of Consumer Protection Department (CPD) at the CBN, Sunday Salam-Alada, said emerging financial technologies and the rise in different channels and modes of payment are facilitating the rapid growth in the volume and value of electronic transactions in Nigeria and around the world. He projected that the actual loss value due to electronic banking fraud in the country will reach N6.1 trillion by 2021.
BH checks revealed that between the months of April and June 2020, cases of fraud through SIM card swap fraud more than doubled. A source at the Area G Command of the Nigerian Police in Ogba, said close to 50% of reported cases at the command were cases of phone thefts. According to the police officer who did not want his identity revealed, some criminals now employ young boys to go and steal mobile phones for them.
“However, what they need is not the phone but the SIM cards. After retrieving the SIM cards, they throw the phone away since they could easily be traced through it.
“They then approach their collaborators stationed inside GSM companies’ service centres to help them replace the SIMs for new ones. With the successful theft of their victims’ identity, they then go on to withdraw all the money in their accounts. Their job is made simpler as many people are careless by saving vital information like their account details on their SIMs.
BH findings also revealed another means fraudsters deploy to target gullible Nigerians. According to the findings, hackers now carry out phishing scams and other hacks to get people to give up their information. One example is the “FG Relief Funds for COVID-19”. The fraudulent website promises to give Nigerians ₦50,000 monthly and is asking them to provide personal information like their phone numbers and emails and so send the message to twenty people.
Another way fraudsters gain access to a system is through human error. According to experts, this contributes to a huge amount of security breaches in the country. They argued that since many Nigerians are just embracing smart gadgets and are new to it, they inadvertently leave themselves open to attacks.
“Some people don’t even know how to properly sign or log out of their accounts after using a system. It is more dangerous if they are not using personal systems like smartphones or laptops.
“I have been to several homes and offices in the past where I tried to use their systems. After powering up, the first thing I see is already opened personal accounts of previous users. They had failed to properly sign out. Despite several warnings and admonitions, I found out that these people did not change. An imminent fraud is a disaster waiting to happen”, said an IT expert.
Also, several Nigerian firms have recorded one form of ransom cyber attack or the other. Several companies now mandate their workers to mandatorily work at home. Since the workers access sensitive business data on corporate networks from their devices and sometimes use third-party services like business centres, internet cafes, the risk of data theft is high as criminals also target the unsecured networks.
According to a cybersecurity expert, Oladayo Turner, some of his clients’ systems were hacked using malware such as ‘crypto worm’ to encrypt data on the computers running their Windows operating system. He further said that the hackers then demanded ransom payments to unlock the data.
“While it is not a localized problem Nigeria is particularly at risk due to the fact that the rapid increase in digital connectivity and the enthusiastic embrace of new technologies in the country has not been matched by an equivalent commitment to cybersecurity”, Turner declared.
Fraudsters also target their victims by asking them to download the mobile apps of their banks, which they use to steal information from their victims’ mobile phones. They have also produced COVID-19 maps which steal information in the background.
While individuals and businesses are battling financial losses through data theft, some firms have also experienced reputational damage through the leak of sensitive official information.
Recently, the management of one of the nation’s tier-1 banks, Access Bank Plc., was embarrassed by the leakage of the proceedings of a meeting it held with senior staff where it was announced that the bank had concluded plans to lay off some workers, as well as cut salaries across board in other to reduce cost.
The video which was widely circulated online showed the MD, Herbert Wigwe, mapping out several strategies that will allow the bank to weather the effect of the Covid19 pandemic. However, due to the public outcry that accompanied the video, the Central Bank of Nigeria (CBN) intervened, and the management of Access Bank reportedly dropped the decision.
An IT expert, Dominic Ekpoborie, told BH that one of the staff who attended the virtual meeting and is not happy with the decisions must have recorded and released the video to the public to embarrass the management.
“That is one of the dangers of virtual or online meetings. What a participant does at his own end is not controllable. Sensitive company’s information could easily be obtained for selfish intentions. The situation will get worse as the attacks will move from big organisations to the seemingly unlikely targets, especially companies that believe that they are not prone to cyber-attacks or are not big enough to attract any attack”, he said.
A recent survey jointly carried out by Sophos Nigeria Limited and Sidmach Technologies in Nigeria suggests that the rate of a cyber attack on organisations is on the rise, as 60 per cent of firms suffers cyber-attack every year. The report revealed that 81 per cent businesses have experienced ransomware; 66 percent have suffered a data breach and 35 per cent were victims of ransomware. It further added that 92.4 per cent of malware are delivered via email.
According to the report, only 38 per cent of global organisations claim they have the infrastructure to handle a sophisticated cyber-attack, yet up to 43 per cent of cyber attack is targeted at small and medium scale enterprises (SMEs). But, it disclosed that only 14 per cent of these SMEs have the effective infrastructure to mitigate cyber risks, vulnerabilities, and attacks.
The Country Manager of Sophos Nigeria, Mr. Jimi Falaiye, said that businesses were often concerned about the security of data, but unfortunately, 95 per cent of security breaches were caused by human error.
“Cyber-criminals and hackers will infiltrate your company through your weakest link, which is almost never known in the Information Technology (IT) department”.
In 2019, Deloitte (Nigeria) identified year 202 as ‘The Year of Shifts’ that will usher in a new decade that will witness unprecedented cyber-attacks and cybersecurity solutions.
“We have named it the “year of shifts”, as we expect significant changes in cybercrime and counter-measures. We also expect “cyber” to be one of the top news headlines throughout this decade in Nigeria and across the globe”, said the Head, Cyber Risk Services at Deloitte Nigeria, Tope Aladenusi.
Access Bank also warned its customers to be vigilant as incidents of fraud are on the rise since the start of the Coronavirus pandemic. The bank said it observed a worrying increase in reports of fraudsters targeting unsuspecting customers since the start of Covid19.
“Access Bank is imploring its customers to be wary of any message demanding their personal or bank details. Customers must remember that the Bank will never ask for their BVN, full card PAN, PIN, mobile app activation code, OTP or password as it is readily available to the Bank via its database. Any call, email and text message, claiming to be from Access Bank demanding for any of these details is certainly a scam,” said the Executive Director, Retail Banking of the bank, Victor Etuokwu.
The Nigerian Interbank Settlement Scheme (NIBSS) recently warned that mobile fraud cases would likely rise above those of automated teller machines (ATM) in 2020. Reacting, the President of Cyber-Security Experts Association of Nigeria, Remi Afon, noted that the cybersecurity threat landscape had evolved rapidly, and attacks have increased in number and sophistication.
He said that though most data breaches in Nigeria go unreported, the increasing amount of large-scale, well-publicised breaches globally suggested that not only were the number of security breaches going up, their severity was also on the rise. He projected that the average cost of a data breach in Nigeria would be over $150m by the end of 2020, with the global annual cost forecast to be $2.1tn.
“As we are receiving various cybersecurity predictions across the globe, CSEAN is taking a deep dive into specific cybersecurity threats Nigeria should expect to face in 2020 and beyond, taking into consideration recent trends and input from experts in the industry”.
Afon noted that millions of devices would be connected to the Internet in Nigeria this year. Using data from the Nigerian Communications Commission (NCC), he said as of October 2019 the total number of active telephone subscribers in Nigeria was about 180 million while the number of active Internet subscribers was about 123.5 million.
“Over the next year, we can expect an increase in targeted cyberattacks that will affect individuals, Internet Service Providers, government ministries, department and agencies, telecommunication companies and banks,” he said.
He warned Nigerians to expect more attacks in the form of business email compromise, social engineering in the form of a phishing campaign, ransomware, supply chain attacks, insider threats, and attack on free public Wi-Fi.
Also speaking, the Chief Executive Officer, Demadiur Systems Limited, Ikechukwu Nnamani, noted that most fraud cases go unreported or underreported by institutions as they were more concerned with the protection of their reputation.
Meanwhile, the Central Bank of Nigeria (CBN) has issued a fraud alert to the general public about the activities of cyber-criminals, who are taking advantage of the current COVID-19 pandemic to defraud citizens.
The bank advised bank customers and the general public to avoid downloading mobile apps from untrusted sources, to obtain relief package or other information from trusted news media and avoid clicking on links or attachments in emails that claim to have more information regarding the COVID-19 pandemic.
Also, the Nigerian police warned that criminals are on the loose and ready to take advantage of people’s anxiety to cause havoc online.
In its reaction, the Nigerian Police warned that scammers have created and set up fraudulent e-commerce platforms, websites, social media accounts, and emails to defraud victims.
s”A typical scam tries to convince people to buy coronavirus-related medical products. Victims are then asked to pay via bank transfer,” the police said.