Nigeria Cyber Security Outlook 2023

In hindsight, the year 2022 presented several cybersecurity challenges. The loss of cyber skills caused many organisations to struggle, and several cyber security teams barely managed to keep the “lights on.”

We observed increased sophistication of insider threats, ransomware attacks, and phishing attempts. Additionally, regulatory scrutiny and awareness of the need for data protection increased. Global spending on cyber security increased significantly, and Nigeria was not left out of this trend.

Given the upcoming elections in 2023, we anticipate that threat actors’ level of sophistication in their operations will significantly rise. This is how we envision the Nigerian cyber security scene for 2023. The following are some of the anticipated events that would define Nigeria in 2023:

The Security Team’s Toolkit will be Expanded to Include AI

Artificial intelligence (AI) has a wide range of applications that can improve society at large and aid businesses in thwarting cyber dangers. Using AI to analyse and understand the strategies and motives of cybercriminals is one such technique. Small and large organisations alike will put more emphasis on and money into AI solutions in the upcoming years.

One illustration is User and Entity Behavior Analytics (UEBA), which analyses user and entity behaviour patterns using machine learning algorithms to spot strange or suspicious activity. Although some businesses now employ this kind of technology, its use will increase this year as we cope with more unpredictable threat actors and tactics. Organisations could utilise UEBA solutions to detect possible cyber threats in real-time, respond to them, and comprehend the strategies and objectives of hackers.

AI will also be utilised to improve cyber security by using tools and technologies that can quickly adapt to new threats. These solutions regularly update and enhance their defences using machine learning algorithms to ensure they are resilient to new and evolving threats. The use of these AI solutions will rise in the near future as businesses try to defend themselves better against the changing threat landscape.

Lightning-fast Cross-platform Attacks, Made Possible by 5G Networks

It is anticipated that when the 5G network’s coverage grows, it will provide even faster channels for the spread of cyberattacks. By making it simpler for attackers to launch cross-platform assaults against several systems and devices at once, the speed and frequency of attacks will increase.

Internet of Things (IoT) and Operational Technology (OT) devices, which were historically not developed with security in mind, may be subject to intrusions if not updated frequently. The deployment of 5G is projected to increase the prevalence of several attack types, including distributed denial of service (DDOS) attacks. DDOS attacks overwhelm a network or website with traffic, denying access to genuine users. DDOS attacks are anticipated to grow more potent and successful, posing a more significant threat to organisations, thanks to the faster and more effective networks provided by 5G and the rise in gadgets that will be exposed to the internet.

Organisations will need to deploy strong cyber security measures and infrastructure-hardening strategies to prevent weak and vulnerable systems from being susceptible to such attacks to combat these dangers.Organisations should strongly consider implementing security solutions to mitigate these attacks, as well as training staff members to recognise and respond to potential cyberattacks. In addition, Organisations should ensure that the devices are properly patched and that fundamental security hygiene is implemented on these devices (e.g., complex passwords, non-generic users, etc.). Organisations can help defend themselves against the quicker and more potent attacks that may arise from implementing 5G technologies by taking these safeguards.

A Rise In Hacktivism

As Nigeria moves away from the traditional methods of conducting elections, there will probably be an upsurge in attacks against Government systems and other Critical National Infrastructure. As a result, social engineering and targeted attacks against the voting systems and the electorates may occur. In addition, it is now becoming a practice across the globe for some people to express their election-related grievances via hactivism.

Government agencies must put strong cyber security safeguards in place to secure Critical National Infrastructure from these threats. This can involve upholding good cyber practices, maintaining the right vulnerability management procedures, ensuring efficient access restrictions are in place, and driving capacity building for staff to recognise and respond to potential cyber-attacks.

New Scenarios for Social Engineering Attacks

In Nigeria, remote employment has become widespread, and as a result, social engineering attacks related to it are also becoming more sophisticated. To deceive people into disclosing sensitive information, social engineering assaults use more psychological manipulation than technological sophistication. These attacks, which can include phishing emails, phone scams, and impersonation schemes, are frequently directed at persons who may be less tech-savvy or more likely to trust external sources.

In addition, due to the redesign of the currency notes and the Central Bank of Nigeria’s (CBN) cashless initiative, more people in Nigeria are projected to be onboarded into the online transaction space, creating a larger pool of potential targets for social engineering attacks.

Due to their lack of IT expertise, these new users of financial technology platforms may be more vulnerable to such attacks, making them a desirable target for attackers wanting to take advantage of their inexperience or lack of knowledge. It is crucial for individuals and organisations to be aware of these risks and to educate their staff and customers on how to spot and defend against social engineering attacks. This can involve establishing strong,one-time-use passwords for all accounts, being suspicious of unsolicited emails or phone calls, and confirming the identity of anyone asking for sensitive information.

The “Nice to Have” Zero Trust Architecture will Transform Into a Saviour

It will become essential to use a zero-trust strategy to secure organisational resources and data because of the continued increase of cyberattack cases annually, and the accelerating digital revolution. This will ensure that trust is never given implicitly but is constantly assessed.

In adopting a zero-trust architecture, authentication and authorisation should be dynamically and tightly enforced on a per-user session basis before access to each organisational resource (e.g. network, system, database)is given, according to the National Institute of Standards and Technology (NIST) Special Publication 800-207. A dynamic policy should also be used to control access, all network communications must be secured appropriately, and source authentication must be used.

We predict that this year, unlike in past years, organisations will need to implement the zero-trust strategy rather than just considering it a “good to have.” A zero-trust architecture would offer multilayer security throughout the enterprise.

Cyber Security Skills Gap: The Scarcity Continues

The lack of qualified cyber security workers in Nigeria will remain a challenge. Businesses may find it more difficult to efficiently discover and hire people with the requisite experience to protect against cyber risks when talented cyber security workers migrate to other countries/jurisdictions.

Organisations may also be more susceptible to cyberattacks due to this skill gap since they may find it challenging to recognise and manage cyber risks without the requisite knowledge. As a result, companies may be forced to hire less qualified peoplefor crucial positions, which could reduce the organisation’s overall level of cyber security competence and posture.

Organisations must invest in training and development programs to assist employees in obtaining the essential skills to close the skills gap.This may entail making cyber security training and education accessible to staff members, promoting the pursuit of professional certifications, and providing ongoing support for professional advancement. Many organisations may have to explore paying a premium to attract cybersecurity experts. By implementing these actions, businesses can contribute to the development of a solid and capable cybersecurity team that is prepared to tackle the always-changing threat landscape.

In addition, organisations may need to consider outsourcing crucial functions to competent cybersecurity service providers to close the talent gap. This would help reduce the learning curve induced each time a business must replace its employees.

Rise in Third-Party Risk Due to Third-Party Collaboration and Integration

Third-party risks have risen to the top of the priority list of cyber risks to be managed, as we predicted in our cyber outlook for 2022. Exploiting vulnerabilities introduced by third-party collaboration and integration has led to an upsurge in cyberattacks. In recent months, hackers allegedly downloaded data from consumer accounts using stolen access tokens provided by third-party services.We have also seen instances in Nigeria where unprotected technology interfaces between organisations have been used to facilitate fraud and obtain private customer information. We anticipate the continued rise of third-party risks as organisations increasingly look to partnerships to improve service performance, enhance technological product functionalities, and boost customer satisfaction while creating more business value.

Establishing a process for evaluating and treating third-party risks, using due diligence in the third-party selection and onboarding procedures, establishing a vendor-risk audit program, taking into account third parties in the risk management process, and maintaining good information security hygiene are all necessary for organisations to effectively manage the risks associated with third parties.

Application Programming Interfaces (API) utilised and consumed by third parties should also be effectively managed and protected by organisations since they have been and will continue to be a major weak spot used by attackers to obtain unauthorised access to sensitive data.

Privacy in the Spotlight: The Increasing Importance of Data Privacy

Many businesses in the Country are using electronic channels to collect, store, and process customer data. Consequently, the public is growing more conscious of the risks and legal repercussions connected with data privacy breaches and authorities have started to treat such breaches more seriously.

We anticipate that data privacy will become an increasingly important issue in Nigeria. Data privacy refers to preventing unauthorised access to or use of personal information and data. Numerous recent high-profile data privacy violations and attacks against Nigerian organisations have brought this issue to the public’s notice. As a result, people are taking action to protect their personal information and are becoming more conscious of the significance of data privacy.

In Nigeria, it is anticipated that both individuals and organisations will become more conscious of their obligations and the necessity to protect personal information. 

Tightening the Reins: Increasing Regulatory Scrutiny

We anticipate more stringent regulatory oversight and increased monitoring of cyber security practices in Nigeria’s different sectors. This could be the result of many things, such as the rising cases of cyberattacks and the regrettable circumstances of successful organisational cyber breaches that have happened across various industries recently. 

The pressure on organisations to establish strong cyber security measures and show compliance with pertinent laws and regulations is projected to intensify as regulatory scrutiny intensifies. More rules aimed at financial and non-financial institutions may be developed, as they will likely be required to comply with some minimum security benchmarks by regulators. 

Organisations must take a proactive stance regarding cyber security to prepare for this heightened regulatory scrutiny. This should begin with creating a customised cyber security strategy that would consider the unique risks to which the organisation is exposed in the light of its business procedures. 

To facilitate execution, a cyber security budget based on the company’s strategy would also need to be created. This would ensure that the organisation manages cyber risks effectively and stop needless reactionary spending that may or may not address the underlying risks.

Conclusion

In conclusion, when it comes to cyber security, it is crucial to be prepared and act proactively. Observing good cyber hygiene and testing our cyber resilience are often overlooked but vital components of this proactive approach. This is often the difference between organisations that make the headlines from cyber breaches and those that don’t. 2023 is a year to be proactive. This year, organisations should also focus on increasing their capacity and capabilities in incident response and continuous network visibility.

Have a cyber-secure 2023!