As the COVID-19 pandemic continues its rapid global increase, and Nigeria’s federal and state governments impose a partial lockdown in addition to social-distancing and other measures to contain its spread, most businesses have sent their employees home to work. This massive, unprecedented shift to remote working brings with it a whole new set of cyber security challenges.
When workers are sent outside the normal perimeter, IT resources can be inconvenienced as many organisations move to enable remote strategies. Managing device spread, and patching and securing hundreds of thousands of endpoints, become a much bigger challenge.
As consumers, we want high-tech companies and government agencies to protect us from cyber threats, and these companies certainly bear some responsibility given each has had a hand in the widespread adoption of connected technology.
Connected people pose a potential cyber threat to themselves and those around them
In a March 2020 report titled ‘COVID-19’s Impact on Cyber security’, the Lagos office of global consulting firm, Deloitte, revealed that cybercriminals around the world are already capitalising on the pandemic. It disclosed that it had observed a spike in phishing attacks, Malspams and ransomware attacks as attackers are using COVID-19 as bait to impersonate brands, thereby misleading employees and customers. Deloitte noted that this will likely result in more infected personal computers and phones, and that not only are businesses being targeted, end users who download COVID-19 related applications are also being tricked into downloading ransomware disguised as legitimate applications.
The firm further noted that there would be increased security risk from remote working/learning, potential delays in cyber-attack detection and response. The report concluded that COVID-19 will change our lives forever with new work styles, new cyber security issues, new proposed policies and personal hygiene and that post COVID-19, organisations will need to rethink their cyber risk management measures.
Nigerian enterprises are no stranger to the phenomenon of cybercrimes, with the most popular forms being fraudulent electronic mails, identity theft, hacking, cyber harassment, spamming and Automated Teller Machine spoofing. But the biggest cash cow is still fraud emails. The Nigeria Electronic Fraud Forum (NeFF) revealed that bank customers lost a total of N3.6billion to cyber-fraud in two years (2017 and 2018). Data released by the Nigeria Inter-Bank Settlement System (NIBSS) also showed attempted fraud in 2018 alone was valued at about N9billion.
Taking insiders into account
There are no easy solutions for combating rising threats. Most of us see the advantages of working from home and overlook the need to protect ourselves against related threats — both at home and work.
In our personal lives, we do dangerous things. We click on hyperlinks in emails from unknown people, opening the door to malware that could take control of our devices. We use simple passwords or fail to update them regularly, making it easier for hacking software to find its way into our systems. We even leave laptops open for all to see as we log into personal and financial accounts, allowing thieves to steal our money and identities with relative ease.
We assume the IT department has everything under control and do not always exercise as much caution as we should, putting our employers and customers in jeopardy. As such, most security professionals say insiders — employees, partners and contractors — are the single largest cyber threat to most organisations. In fact, according to a recent Gurucul survey, more than 70 percent of companies are vulnerable to insider threats, and user error is driving most of that problem.
With 1,337 reported cases of the virus in Nigeria so far and thousands being traced, there is no doubt users will continue to try to seek more information as the number grows. Users are urged to seek out trusted sources as people share false cures, hoaxes and conspiracy theories online, the World Health Organisation (WHO) has increased its efforts to tackle myths and rumors to curb the circulating misinformation.
Companies can help by recognising employees are people and unlikely to change on their own. They can seek to build cyber security cultures, combining strong policies and procedures with ongoing education and training for staying digitally safe in the office, at home and while online remotely.
Embracing cultures that put cyber security first
About 80 percent of organisations are already doing this on some level, this is according to an ISACA Cyber security Culture survey of about 4,800 international business and technology professionals. However, 95 percent of organisations say there is still a gap between their current and desired cyber cultures. Until these endeavors become more successful, business leaders must make every equipment purchase decision a security decision.
Companies—both large and small—have numerous options when buying endpoint devices to help employees avoid making potentially catastrophic blunders. For instance, some PCs are now built with hardware-enforced security features and layers of protection, above and below the operating system, to proactively prevent threats and quickly recover in the event of a breach.
The World’s Most Secure PCs
Stay ahead of threats with hardware-enforced resilience. HP PCs are designed and engineered from the ground up w…
With cyber threats becoming more prevalent, no organisation should disregard the added safety these types of features present. Everyone— from business leaders to individual consumers — must come together to combat this threat or risk being overtaken by it.
Ifeyinwa Afe
.Ifeyinwa Afe is managing director, Nigeria/District Manager, Central Africa, HP Inc.
