Education, Health: Sectors Facing Challenges as Nigeria Records 586,130 Cyber Threats in 6 Months

• Nigeria faced 586,130 cyber threats in six months, mainly targeting financial institutions and telecoms, according to Cybervergent's half-year report
• Industries such as education, healthcare, manufacturing, and retail face unique cybersecurity challenges
• Experts highlighted best practices to safeguard against evolving cyberattacks from groups like Gelsemium and Equation Group

Lagos, Nigeria—Between January and June 2024, a staggering 586,130 cyber threats were launched against Nigeria, especially the financial institutions and telecoms companies, with other sectors also facing specific challenges.

This is according to a half-year cyber threat report released by Cybervergent, a cybersecurity technology company in Lagos.

Cyber threats against Nigeria: Key findings

The report, made available to Legit.ng, highlighted the findings of Cybervergent’s Security Operations Centre (SOC). These include:

Read also

Analyst praises FIRS boss as agency surpasses revenue target in Q1 2024

• 586,130 cyber threats were detected, with 226,103 resolved by Cybervergent through automation.
• 19,920 endpoints were protected by Cybervergent.
• Cybervergent's Security Operations Centre (SOC) analysed 304,522 events.
• 42,200 potentially malicious events were analysed.

Cyber threats: Industry-specific cybersecurity challenges

According to the report, various industries face unique cybersecurity challenges.

The education sector grappled with maintaining security amidst digital transformation.

The healthcare industry struggled to balance handling sensitive patient data while navigating complex systems, likening it to juggling weights on a balance beam.

The manufacturing sector faced challenges prioritising operational technology (OT) security without neglecting IT security, comparable to neglecting lower body training while preparing for a marathon. Limited budgets and resources hindered investment in advanced security measures.

The retail industry prioritised short-term gains over long-term security investments, similar to favouring quick fixes over sustainable fitness plans.

Read also

Again, Tinubu defends petrol subsidy removal, launches CNG priced at N230 per litre

Expert gives insights

Gbolabo Awelewa, Cybervergent's Chief Solutions Officer, emphasised the need for regular updates to prevent attacks.

Awelewa, who spoke at a media briefing attended by Legit.ng on Friday, September 14, in Lagos, said organisations must ensure regular application and system updates to prevent attacks at scale.

“As we move forward, our Cyber Operations Centre remains steadfast in its mission to anticipate, detect, and thwart evolving threats that seek to compromise the integrity of digital assets," he said.

Awelewa identified notable threat actors targeting Nigeria's financial sector, including Gelsemium, Equation Group, and Lyceum.

The report highlighted vital cybersecurity trends to tackle in the second quarter of 2024, including Zero-Day Exploits, Cloud Security Focus, Cybercrime as a service, and Ransomware Surge.

Cybersecurity threats target Nigeria in H1

According to Awelwewa, Nigeria faced threats from multiple cyber actors in the first half of the year. The identified threat actors include Gelsemium, Equation Group, Lyceum, Gamaredon, Circus Spider, Mirage, Common Raven, Bronze Highland, Earth Krahang, and Insider Threat Syndrome.

Read also

"The future of payment": Boost for SMEs as Nigerian bank launches virtual PoS

Gelsemium, a sophisticated cyber espionage group, targeted high-profile organisations across various sectors, utilising custom malware and advanced techniques to evade detection. Their focus was on public administration, educational services, and national security.

He identified three primary categories of insider threats: disgruntled employees, accidental insiders, and negligent insiders.

The cyber security expert noted that disgruntled employees, motivated by anger, financial gain, or perceived underutilisation, pose a significant risk of inflicting harm. Accidental insiders, on the other hand, exploit mistakes made by others to launch attacks on the organisation.

Awelewa further explained that negligent insiders inadvertently compromise security by disclosing their credentials or failing to secure their devices when leaving the office.

Expert highlights cybersecurity best practices

Bamidele Obende, Divisional Head of Business Growth at Cybervergent, stressed the importance of ethical hacking and proper authorisation for penetration tests and vulnerability assessments.

In the world of ethical hacking and cybersecurity testing, always ensure you have proper authorisation before conducting any penetration tests or vulnerability assessments," Obende said.

Read also

FG invites Nigerians to apply for N100 Million AI Fund fupported by Google, releases link

FG suspends cybersecurity levy

In May 2024, Legit.ng reported that the federal government suspended the controversial 0.5% cybersecurity levy on electronic banking transactions.

The Central Bank of Nigeria (CBN) had earlier directed all banks and financial institutions to implement a 0.5% cybersecurity levy on all bank transactions electronically.

The CBN said it was introduced due to growing concerns over cyber security threats in the country. However, public outrage forced the government to suspend it.

Source: Legit.ng