Cybersecurity and Business Continuity in Nigeria: Organisational Insights Amidst The COVID-19 Pandemic
These are uncertain times all over the globe; the COVID-19 outbreak has now officially been declared a global pandemic by the World Health Organisation. Daily reports of increasing infections and deaths across the world raise our anxiety and, in cases of personal loss, plunge us into grief. At the time of writing, the total number of confirmed cases in Nigeria as reported by the Nigeria Center for Disease Control (NCDC) was two hundred and thirty-eight (238), with five (5) confirmed deaths.
Asides the known threats induced by the novel Coronavirus outbreak, there is another unseen threat rising in the Nigerian digital space — the risk of cyberattacks that prey on our increased reliance on digital systems. Hackers are already knocking on virtual gateways, looking for new entry points to exploit, leading to increased cybersecurity challenges for both organisations and individuals.
The main targets for these cyber-attackers will be the cloud-based systems, mobile devices, IoT-enabled systems, Small & Medium Enterprises (SMEs) and organisations in the non-financial sector, as financial service providers generally have the required infrastructure to tackle cyberattacks.
Nigerian firms with cloud-based infrastructures are prone to attacks due to misconfigured cloud-infrastructures. Mobile devices will be exposed to more sophisticated phishing attacks that could convince even the most security-conscious individuals. Lastly, SMEs are particularly vulnerable due to their unpreparedness for such threats.
Here are critical reasons why robust cybersecurity measures matter more than ever.
An over-dependency on digital infrastructure:
The direct impact of the COVID-19 outbreak is a widespread social isolation policy that compels multiple organisations to adopt remote work to maintain business continuity. Nigeria is not left out of this social isolation policy as academic, economic and government activities are on hold following directives from the Presidency and some state governments. This inevitably means a significant portion of office work must be carried out remotely, thus introducing an exploitable opportunity for attackers. Remote connections are being established by employees and devices that have never done so before. An attacker could easily conceal a malicious login without being detected by the target organisation’s security team.
Social isolation has put a significant burden on the telecommunications and mobile network infrastructure. Presently, we now have millions of people working from home using local network providers to connect to company networks. This increased demand does not follow the regular demand cycles known to these network providers and could negatively impact bandwidth and availability of service/network to businesses running remotely. Thus, translating to cyber risk.
Weaponized Email Attacks:
Employees working remotely often use their personal computers which are significantly less secure than the organisational ones, making them more vulnerable to malware attacks. If personal devices have been compromised or have unwittingly initiated a malicious download, they can pose a threat to the internal network. Similarly, with open Wi-Fi networks, there is the potential for various credentials to be stolen and accounts to be hijacked.
Cybercrime exploits fear and uncertainty:
The most common tactic by cyber-criminals is the exploitation of human weakness to penetrate systemic defences. During times of Crisis, particularly if prolonged (like in the case of COVID-19), people tend to make mistakes they would not have made under normal circumstances. An online error in terms of which link you click on or who you trust with your data can cost you dearly. According to the Cybersecurity and Infrastructure Security Agency (CISA), 98% of cyberattacks are deployed using advanced social engineering methods. These cyber actors are incredibly creative in devising new ways to exploit users, often capitalizing on popular topics and trends to tempt users into unsafe online behaviour. For example, a recent global cyberattack targeted people looking for visuals of the spread of COVID-19. The malware used by the cybercriminals was concealed in a map displaying COVID-19 statistics loaded from a legitimate online source. Viewers who clicked on the link were asked to download and run a malicious application that compromised the computer and allowed hackers to access stored passwords.
There are several best practices that both individuals and organisations need to follow. Companies should create a checklist with crucial measures and circulate them across their workforce in an understandable format to minimise friction. Employees, on the other hand, should remain vigilant and conscious of threats outside the usual work environment.
The following lists can serve as a starting point, and are by no means exhaustive:
- Clear policies and procedures for your employees to follow when working from home.
- Put an action plan and guidelines for employees returning to the office.
- Incident response and handling should be in place.
- Ensure appropriate tools, such as VPNs, are available to all remote employees.
- Training (ideally certification training) is essential. It is still the most reliable way to ensure verified, up-to-date knowledge.
For the Employee
- Adhere to company security policies and protocols.
- Always use the VPN if provided with one.
- Don’t use open wi-fi connections. Use a wired connection if possible.
- Always use two-factor authentication for personal and work accounts.
- Avoid working from public networks.
- Protect access to your work computer at home.
- When handling customer data, always double-check that you are following relevant data protection policies
Just as addressing the Coronavirus pandemic requires changing our social habits and routines to impede infection rates, a change in our online behaviour can help maintain high levels of cybersecurity.
Everyone’s behaviour is instrumental in preventing the spread of dangerous infections, both online and in the real world. Remote work does not have to be risky. However, without the right protocols and tested infrastructure in place, issues can escalate a lot quicker and can be much harder to mitigate than in a centralised office environment.
Globally, we are facing a uniquely challenging situation with the COVID-19 threat, and this carries some cybersecurity risks. But with the correct approach, training and policies in place, your business can make it through these times safely and efficiently.