Nigerian businesses lost slightly more than half a billion US Dollars in the last twelve months to cyber criminals, a new pan African cyber intelligence report reveals.
The Nigeria Cyber Security Report 2016, which is expected to be launched next week at the eNigeria Conference and Expo in Abuja was researched, analysed, compiled and published by Kenyan based Serianu in partnership with Nigeria’s Demadiur Systems and the United States International University (USIU)’s Centre for Informatics Research and Innovation (CIRI).
The report is said to be the first of its kind in Nigeria, as it sheds light on the impact that cybercrime has had on local businesses.
Speaking on the report, Serianu’s Managing Director, Mr. William Makatiani said that in developing the research, the firm’s Cyber Threat Intelligence Team reviewed publicly and privately available data from individual industries and performed interviews of business leaders and IT security practitioners.
Makatiani noted that the Nigeria Cyber Security Report 2016 established that the annual cost of cybercrime to Nigerian business is close to Naira 173,387,500,000 (USD550 Million). To illustrate this further, the report reveals that more than half (56.3%) of Nigerian businesses remain exposed to cyber-attacks.
“A vast majority of these companies and organizations are not even aware of the threats that they are exposed to from criminals, who are always trawling the Internet for firms to raid,” said Makatiani.
According to The Nigeria Cyber Security Report 2016, systems found to be most at risk were MikroTik routers, Apache HTTPD web servers, IIS Servers and Cisco routers. The most vulnerable applications identified were exchange servers and those running Microsoft Outlook Web Applications emerged as the most common.
The report warns that security breaches, especially those perpetrated by internal staff are becoming more sophisticated. Effectively, it took up to one year to detect an external cyber-attack and resolve it. The average time taken to detect an external attack in a typical organisation in Nigeria was 260 days and another 80 days to resolve the attack. The report reveals that it in many organizations, it took them nearly two years to detect and resolve malicious insider attacks. This especially apparent in organisations that had not invested in cyber security products that facilitate anticipation, detection, recovery and containment of cybercrime.
Makatiani explained that many of organizations had been found to maintain administrative interfaces viewable from anywhere on the Internet and that their owners had failed to take preventive cautionary measures, including changing manufacturers’ default passwords. During the study, the research team came across a total of 100,000 Internet routers and cameras publicly accessible to anyone who could get to them via the Internet.
Ikechukwu Nnamani, President of Demadiur Systems and the local research lead, added that Nigeria as a country has not yet established any process to track and capture cyber criminals.
“To counter this situation, Nigerians installing these Internet access systems in their homes/office networks must work with cyber security experts to ensure that they are not exposed. Similarly, companies need to raise their degree of vigilance with the IT teams required to invest more time and resources in auditing their entire systems and establishing modalities to reduce breaching incidences,” said Nnamani.