Nigerian businesses lost slightly more than half a billion US Dollars in the last twelve months to cyber criminals, a new pan African cyber intelligence report reveals.
The Nigeria Cyber Security Report 2016, which is
expected to be launched next week at the eNigeria Conference and Expo in
Abuja was researched, analysed, compiled and published by Kenyan based
Serianu in partnership with Nigeria’s Demadiur Systems and the United
States International University (USIU)’s Centre for Informatics Research
and Innovation (CIRI).
The report is said to be the first of its kind in Nigeria, as it
sheds light on the impact that cybercrime has had on local businesses.
Speaking on the report, Serianu’s Managing Director, Mr. William
Makatiani said that in developing the research, the firm’s Cyber Threat
Intelligence Team reviewed publicly and privately available data from
individual industries and performed interviews of business leaders and
IT security practitioners.
Makatiani noted that the Nigeria Cyber Security Report 2016 established
that the annual cost of cybercrime to Nigerian business is close to
Naira 173,387,500,000 (USD550 Million). To illustrate this further, the
report reveals that more than half (56.3%) of Nigerian businesses
remain exposed to cyber-attacks.
“A vast majority of these companies and organizations are not even
aware of the threats that they are exposed to from criminals, who are
always trawling the Internet for firms to raid,” said Makatiani.
According to The Nigeria Cyber Security Report 2016,
systems found to be most at risk were MikroTik routers, Apache HTTPD
web servers, IIS Servers and Cisco routers. The most vulnerable
applications identified were exchange servers and those running
Microsoft Outlook Web Applications emerged as the most common.
The report warns that security breaches, especially those perpetrated
by internal staff are becoming more sophisticated. Effectively, it took
up to one year to detect an external cyber-attack and resolve it. The
average time taken to detect an external attack in a typical
organisation in Nigeria was 260 days and another 80 days to resolve the
attack. The report reveals that it in many organizations, it took them
nearly two years to detect and resolve malicious insider attacks. This
especially apparent in organisations that had not invested in cyber
security products that facilitate anticipation, detection, recovery and
containment of cybercrime.
Makatiani explained that many of organizations had been found to
maintain administrative interfaces viewable from anywhere on the
Internet and that their owners had failed to take preventive cautionary
measures, including changing manufacturers’ default passwords. During
the study, the research team came across a total of 100,000 Internet
routers and cameras publicly accessible to anyone who could get to them
via the Internet.
Ikechukwu Nnamani, President of Demadiur Systems and the local
research lead, added that Nigeria as a country has not yet established
any process to track and capture cyber criminals.
“To counter this situation, Nigerians installing these Internet
access systems in their homes/office networks must work with cyber
security experts to ensure that they are not exposed. Similarly,
companies need to raise their degree of vigilance with the IT teams
required to invest more time and resources in auditing their entire
systems and establishing modalities to reduce breaching incidences,”