A recent rise in Cybercrime across Africa has increased the risk of phishing attacks and business email compromises for Nigerian businesses. During a webinar hosted by Rubrik and ITWeb Africa, Nigerian IT and Security leaders discussed these rising threats. Rubrik Zero Labs shared new research on data security, highlighting current trends and offering strategies for improving data protection. The study revealed that 94% of IT and security executives experienced significant cyber incidents last year, with 66% occurring on cloud platforms.
Moreover, about 93% of impacted organisations went on to formally notify a regulatory body about the data breach. Filip Verloy, the Field CTO for EMEA & APJ at Rubrik X, led the webinar discussion, sharing insights on the research findings and guiding attendees on handling cybersecurity breaches within their organisations. In conversations with organisations and large companies, they aim to understand their perspectives on risk and how they perceive it. He explained that one approach considers the probability of an outside entity affecting data. Verloy emphasised the importance of companies assessing the potential risks associated with their data.
Local firms also face attacks similar to those in other parts of the world.
Additionally, he recommended that companies disclose breaches to re-evaluate and prepare themselves for potential future occurrences. He emphasised that the focus of post-incident analysis should be on comprehending the events that occurred and finding ways to enhance outcomes in the future rather than assigning fault. Verloy further emphasised the importance of Nigerian companies focusing on cyber resilience, warning that persistent malicious individuals will inevitably infiltrate a company’s system. It is crucial to prevent this from escalating into a data breach. He emphasised the significance of developing resilience within an organisation.
On his part, Dr. Harrison Nnaji, the chief security officer at First Bank, has stated the many risks businesses in the country encounter, with phishing and business email compromise being the most significant threats. Nigeria’s interconnectedness with the global community means the country also faces attacks similar to those in other parts of the world. With 20 different variations of phishing, they experience a significant presence of business email compromises, according to him. Nnaji pointed out that internal and external teams are increasingly working together to compromise security by sharing confidential information, creating a significant insider threat. He emphasised that the strength of an organisation ultimately depends on the integrity of all its components.
Non-compliance with regulations may result in fines for companies.
In recent months, he mentioned that businesses have fallen due to Distributed Denial-of-Service (DDoS) attacks and ‘account takeovers’ incidents. He emphasised the importance of implementing a comprehensive strategy incorporating relevant Technology and thorough staff Education to protect company ecosystems. Samuel Chika, head of solutions and innovations at TigerLogic Solutions, believes that the nation’s rapid digitalisation is encouraging but emphasises the need for further development in talent and government initiatives to assist businesses. Dr. Obadare Peter Adewale, Digital Encode’s visionary leader, praised the government for passing laws on data management that he feels will enhance data governance.
KPMG International Limited’s report highlights that the Nigeria Data Protection Regulation (NDPR) plays a crucial role in maintaining businesses’ competitiveness in global markets by implementing robust data protection measures. The rule must be followed for handling and storing personal information concerning individuals from the country, whether citizens or residents. Adewale noted that the nation has experienced a variety of impacts, both positive and negative, as a result. According to his statement, non-compliance with regulations may result in fines for companies.
Related Article: NITDA plan for business cyber protection
Adewale highlighted a significant improvement in data governance due to the regulation, indicating a shift towards standardisation. Before the regulation, there was a lack of structured guidelines for data governance, resulting in individuals following their interpretations. The introduction of the regulation changed this mindset, making it clear that legal requirements must be followed. The Legislation also created fresh perspectives on data regarding its sharing, privacy, protection, and defence. He mentioned a new obligation to prevent data and ensure it is only used for approved reasons. Adewale emphasised that all organisations must follow and align with the law to take on responsibility.