Cybersecurity Trends In Nigeria In 2021; Lessons For 2022

By Oyetola Muyiwa Atoyebi, SAN

Introduction

The year 2021 began with optimism, notably in the Nigerian economy, due to the massive shift of businesses in several industries to cyberspace, as a result of the post- covid measure to resuscitate means of livelihood.

The world has taken more to digital operations as opposed to the conventional approach in handling its affairs, and Nigeria is not left out. In 2021, the Nigerian Court of Appeal rules alongside other Court’s Practice Directions made provision for a more digitalized approach in the judicial process, for example, digital hearing processes, electronic filing systems, etc.

As businesses evolve, and technological oriented and innovative steps are taken to improve and expand the scope of their relevance, appropriate and adequate security measures are required to be put in place to curb possible cyber threats/cyberattacks that may take place.  Also, the continual implementation of the Cybercrimes Act which provides for the legal framework for the prohibition, detection, prosecution and punishment of cybercrimes in Nigeria, is paramount for the effectual prevention and prosecution of cybercrimes in Nigeria.

In this paper, we recognise that a majority of the sectors in the Nigerian economy are affected by the inclination towards technology. Accordingly, this paper aims at highlighting the challenges in Nigerian cyberspace, as well as proposing recommendations and making projections for the year 2022, and it does so by engaging three major cyber trend areas which include: manipulation of information outflow; email/website compromise and phishing attacks.

MANIPULATION OF INFORMATION FLOW

Easy accessibility to information, content creation and consumption in the social media space, is not as hard as it would have been in the nineties because almost every person now has access to a smart device. According to Statista, the current number of smartphone users in the world today is 6.378 billion, and this means 80.63% of the world’s population owns a smartphone. Access to smart devices has made it possible for different kinds of information to permeate through diverse platforms without the means to verify the authenticity of such information. So, it is not uncommon to find that there are inconsistencies in the information made available to the public which may be identified as fake news.

However, in Nigeria, we have since advanced from the ‘fake news’ to what is now described as ‘deep fakes’. News or information that has been twisted by deep fake news poses a serious concern in the digital space. This is because of the difficulty associated with the identification of deep fake news as it is associated with digital and artificial intelligence tools that depict the deep fake news as an authentic or genuine piece of information. Deep fake news, in essence, delivers imaginary digital representations of information to create a false perspective.

Deepfake technology has seen dramatic growth in popularity as the underlying Artificial Intelligence (AI) technology has advanced.

DeepTrace, a security company, projected that the number of deep fake videos online has risen to around 15,000 in 2019 alone – and continues to grow dramatically. Deep fakes are extremely convincing – they successfully lead people to believe that someone did or said something that never occurred[1].

It is not, however, in doubt that the manipulation of information flow will be on the increase in the year 2022 if it is not properly managed. This is owing to the influx of knowledge about the process involved in creating deep fakes. In this regard, it will be beneficial to the Nigerian economy if the relevant agencies develop policies toward these platforms that include fact-finding/investigative mechanisms before allowing news/posts to be published via their platform(s).

On the 4^th of September 2021, it was reported that the Federal Government of Nigeria was represented by its Minister of Information and Culture (Alhaji Lai Mohammed) at the 64^th Conference of the United Nations World Tourism Organisation (UNWTO), which was held in Sal Island. To further complicate issues, the report was represented in photographs[2].

Artificial Intelligence (AI) driven technology is expected to be the most effective approach to identify deep fakes, since machine learning algorithms can detect minor abnormalities and anomalies that humans may not. However, internal training organized by most of these organisations would be required to aid a better appreciation of this solution, which largely comprises recognition of attempts at social engineering, spear-phishing, and other unusual activities.

EMAIL/ WEBSITE COMPROMISE

In 2021, Nigeria experienced a significant level of business growth, with the country’s economy estimated to have grown by 4.03 per cent by the third quarter of the year[3]. This growth can be linked to the increased usage of the internet for product and service marketing, and promotion via platforms that allow email and website marketing. In light of the foregoing, both the supplier and the consumer build a trusting and confidential connection. However, the problem of compromise that now plagues corporate channels allows for impersonation, spoofing, and account takeovers[4].

The management of the internet platforms hosting these businesses are required to be upgraded to function optimally, preventing cyber threats and cyberattacks in the year 2022. There is no doubt that businesses will expand to accommodate more sophisticated technological innovations to boost service delivery in the coming years.

This also provides possibilities for cybercriminals to improve their skills to find weaknesses in the system that can be exploited further. The rise of email and website compromise was predicted to develop dramatically in the United States, and it was predicted that cybercriminals would take advantage of the situation in the following years, using the widespread sense of despair among businesses and customers. The Federal Bureau of Investigation (FBI) reported an uptick in business email compromise (BEC) attacks at the start of the year, indicating that this has already begun to happen[5].

Obinwanne Okeke, also known as Invictus Obi was on February 17, 2021, jailed for 10 years in the United States over a cyber-fraud scam that led to the theft of about $11m (£8m). Invictus Obi used Nigerian-based companies via phishing emails to defraud people in the United States of America.  Also in 2021, Mr Abbas also referred to as Hushpuppi, was charged with several offences to which he subsequently pleaded guilty. A few of these crimes are bank cyber-heists and business email compromises. The victims of his fraudulent acts, included Financial Institutions, a law firm, individuals and other companies.

Businesses need to ensure that appropriate email security controls such as multi-factor authentication and strong password policies are in place. Employee awareness about social engineering which hackers could use in obtaining sensitive information should also be done periodically.

It is indeed vital to note that the success of cyber-attack on these platforms could hinge on the organization’s payment authentication, verification portal or authorization policies being inadequate. As a result, solid processes and systems must be in place, and they must be properly followed.

PHISHING ATTACKS

Sophos, a next-generation Cybersecurity Company, has emphasized the rising metrics of cyberattacks on Nigerian companies, saying it will add to worsening the ailing Nigerian economy.  According to its global survey, Sophos revealed that attacks targeting organizations ramped up considerably during the pandemic, as millions of employees working from home became a prime target for cybercriminals.

Phishing attacks are carried out for a variety of purposes, but the major one is to gain access to data. The success of phishing attacks is based on their ability to continuously grow and diversify, tailoring attacks to current issues or concerns, like the pandemic, and playing on human emotions and trust, is key to gaining and manipulating confidential information.[6]

In addition to the continued relevance of work from home, the use of Internet of Things (IoT) devices will grow in 2022, adding to our already large digital footprint. This rising reliance on IoT devices will continue to provide new targets for cybercriminals to exploit. Working from home is becoming more prevalent, and IoT devices can offer a serious security risk to businesses, mostly because devices used at home have little or no protection against data manipulation or even ensure the safety of the less well-equipped cyber secured user(s).

As we move into 2022, we expect these phishing schemes to get more daring and take advantage of the social and economic conditions, particularly in Nigeria.

Businesses will have to rebuild their security strategy and architecture to accommodate the new normal (i.e. remote working). Before now, several organisations’ security architecture was built around having users in a controlled physical environment using tools that have been configured by the Organisation. However, this architecture will have to change given that a majority of the workforce is working from “unsecure” remote locations, and using devices that may be below the security standards of the organisation.

We will also see organisations build strategies geared explicitly towards circumstances like pandemics, and how businesses can sustain their operations without compromise during times like this. We will see more Business continuity plans with strategies to cope with unusual circumstances, remote working plans that are security intensive among other plans and strategies[7].

CONCLUSION

2021 proved to most businesses that cyber security issues should be considered a major concern in their operations, because alongside the technology innovations come the vulnerabilities that will eventually be exploited by cybercriminals.

The year 2022 will require that businesses focus on creating a more secure program, implementing internal monitoring systems, and remain proactive in managing business risks, incident responses, and being aware of the state of data within their possession. Hence, businesses must not be lax about their security. To ensure cyber security, the government should treat cybersecurity as a critical organizational issue, encouraging innovative cybersecurity solutions such as analytics, virtualization, and cybersecurity awareness programs.

The government may collaborate with private sectors that have the necessary expertise and experience in combating cybercrime. The government may also conduct cybersecurity capacity development for law enforcement and judicial officers, as well as strengthen national cyber forensic facilities, to prevent cybercrimes and expedite the investigation process.

CONCLUSION

The year 2021 was filled with several occurrences that drew attention to Nigeria’s cybersecurity space, and the need for a more pragmatic approach in pursuing Nigeria’s cyber security. This article identifies several cybersecurity trends to which key attention should be paid, and they include the spate of phishing attacks, email compromise amongst others. It is hoped that by tackling these cybersecurity issues, Nigeria can achieve more secure cyberspace in the year 2022.

AUTHOR PROFILE                                          

AUTHOR: Oyetola Muyiwa Atoyebi, SAN.

Mr. Oyetola Muyiwa Atoyebi, SAN is the Managing Partner of O. M. Atoyebi, S.A.N & Partners (OMAPLEX Law Firm) where he also doubles as the Team Lead of the Firm’s Emerging Areas of Law Practice.

Mr. Atoyebi has expertise in and a vast knowledge of Telecommunications, Media and Technology Law and this has seen him advise and represent his vast clientele in a myriad of high level transactions.  He holds the honour of being the youngest lawyer in Nigeria’s history to be conferred with the rank of a Senior Advocate of Nigeria.

He can be reached at atoyebi@omaplex.com.ng

CONTRIBUTOR: John Oladipo

John is the head of the Technology Law Team at Omaplex Law Firm. He also holds commendable legal expertise in cybersecurity.

He can be reached at john.oladipo@omaplex.com.ng

[1] Josephine Uba,‘Deepfakes In Nigeria: Protection And Legal Framework Against Deepfake Attacks In Nigeria‘,<https://www.mondaq.com/nigeria/security/1114750/deepfakes-in-nigeria-protection-and-legal-framework-against-deepfake-attacks-in-nigeria> accessed 6th December 2021.

[2] Vanguard News,‘FG raises alarm over use of ‘deep’ fake news to attack its officials ‘,https://www.vanguardngr.com/2021/09/fg-raises-alarm-over-use-of-deep-fake-news-to-attack-its-officials/ accessed 6^th December 2021.

[3] < https://www.premiumtimesng.com/news/headlines/496041-nigerias-third-quarter-economic-growth-slows-to-4-03.html>  accessed 6^th December 2021.

[4] <https://www.tessian.com/blog/bec-business-email-compromise/> accessed 7^th December 2021.

[5]Matthew Hughes, ‘Cybersecurity Predictions for 2022’ https://auth0.com/blog/top-6-cybersecurity-predictions-for-2022/  accessed 7^th December 2021.

[6] Prince Osuagwu, ‘66 % of Nigerian organisations vulnerable to phishing attacks —Sophos ‘,https://www.vanguardngr.com/2021/09/66-of-nigerian-organisations-vulnerable-to-phishing-attacks-sophos/ accessed 8^th December 2021.

[7] Ibid