By Ifeyinwa Afe
As the Covid-19 Pandemic continues its rapid global increase, and Nigeria’s Federal and State governments impose a partial lockdown in addition to social-distancing and other measures to contain its spread, most businesses have sent their employees home to work. This massive, unprecedented shift to remote working brings with it a whole new set of cybersecurity challenges.
When workers are sent outside the normal perimeter, IT resources can be inconvenienced as many organizations move to enable remote strategies. Managing device spread, and patching and securing hundreds of thousands of endpoints, becomes a much bigger challenge.
As consumers, we want high-tech companies and government agencies to protect us from cyberthreats, and these companies certainly bear some responsibility given each has had a hand in the widespread adoption of connected technology.
Connected people pose a potential cyberthreat to themselves and those around them
In a March 2020 report entitled ‘COVID-19’s Impact on Cybersecurity’, the Lagos office of global consulting firm, Deloitte, revealed that cybercriminals around the world are already capitalizing on the pandemic. It disclosed that it had observed a spike in phishing attacks, Malspams and ransomware attacks as attackers are using COVID-19 as bait to impersonate brands thereby misleading employees and customers. Deloitte noted that this will likely result in more infected personal computers and phones, and that not only are businesses being targeted, end users who download COVID-19 related applications are also being tricked into downloading ransomware disguised as legitimate applications.
The firm further noted that there would be increased security risk from remote working/learning, potential delays in cyber-attack detection and response. The report concluded that COVID-19 will change our lives forever with new work styles, new cybersecurity issues, new proposed policies and personal hygiene and that post COVID-19, organizations will need to rethink their cyber risk management measures.
Nigerian enterprises are no stranger to the phenomenon of cybercrimes, with the most popular forms being fraudulent electronic mails, identity theft, hacking, cyber harassment, spamming and Automated Teller Machine spoofing. But the biggest cash cow is still fraud emails. The Nigeria Electronic Fraud Forum (NeFF) revealed that bank customers lost a total of N3.6 billion to cyber-fraud in two years (2017 and 2018). Data released by the Nigeria Inter-Bank Settlement System (NIBSS) also showed attempted fraud in 2018 alone was valued at about N9 billion.
Taking insiders into account
There are no easy solutions for combatting rising threats. Most of us see the advantages of working from home and overlook the need to protect ourselves against related threats — both at home and work.
In our personal lives, we do dangerous things. We click on hyperlinks in emails from unknown people, opening the door to malware that could take control of our devices. We use simple passwords or fail to update them regularly, making it easier for hacking software to find its way into our systems. We even leave laptops open for all to see as we log into personal and financial accounts, allowing thieves to steal our money and identities with relative ease.
We assume the IT department has everything under control and do not always exercise as much caution as we should, putting our employers and customers in jeopardy. As such, most security professionals say insiders — employees, partners and contractors — are the single largest cyberthreat to most organizations. In fact, according to a recent Gurucul survey, more than 70 percent of companies are vulnerable to insider threats, and user error is driving most of that problem.
With 873 reported cases of the virus in Nigeria so far and thousands being traced, there is no doubt users will continue to try to seek more information as the number grows. Users are urged to seek out trusted sources as people share false cures, hoaxes and conspiracy theories online, the World Health Organization (WHO) has increased its efforts to tackle myths and rumors to curb the circulating misinformation.
Companies can help by recognizing employees are people and unlikely to change on their own. They can seek to build cybersecurity cultures, combining strong policies and procedures with ongoing education and training for staying digitally safe in the office, at home and while online remotely.
Embracing cultures that put cybersecurity first
About 80 percent of organizations are already doing this on some level, this is according to an ISACA Cybersecurity Culture survey of about 4,800 international business and technology professionals. However, 95 percent of organizations say there is still a gap between their current and desired cybercultures. Until these endeavors become more successful, business leaders must make every equipment purchase decision a security decision.
Companies—both large and small—have numerous options when buying endpoint devices to help employees avoid making potentially catastrophic blunders. For instance, some PCs are now built with hardware-enforced security features and layers of protection, above and below the operating system, to proactively prevent threats and quickly recover in the event of a breach.
With cyberthreats becoming more prevalent, no organization should disregard the added safety these types of features present. Everyone — from business leaders to individual consumers — must come together to combat this threat or risk being overtaken by it.
*Ifeyinwa Afe is Managing Director, Nigeria/District Manager, Central Africa, HP Inc.