The President, Cyber Security Experts Association of Nigeria (CSEAN), Mr. Remi Afon has predicted a sharp increase in cyber attacks in 2022 in Nigeria and the rest of the world.
He has therefore warned both the public and private sector organisations to guard against all forms of vulnerability in their systems and networks.
Afon, who based his predictions on the volume of cyber attacks in 2021 in Nigeria, and the underreporting of such attacks by affected organisations, told THISDAY that the trend of attacks may likely double in 2022, unless organisations take proactive measures.
According to him, “2022 is expected to witness an escalation in cyber attacks and cybercrime from what we witnessed in 2021. This is based on cybersecurity trends in Nigeria and around the world, coupled with insights from leaders and global experts who assess the evolving cyber environment and the security threats we currently face. From Ransomware and Business Email Compromise (BEC) scams to deepfakes, these predictions are based on existing trends while incorporating the behaviour of cybercriminals and changing technological innovations.”
Citing the 2022 Nigeria Cybersecurity Threat Landscape report that was released by the Cyber Security Experts Association of Nigeria (CSEAN), Afon said: “The year 2021 witnessed unprecedented Ransomware attacks with the rise of Ransomware-as-a-Service (RaaS) groups on the Darkweb. The average amount of reported Ransomware transactions per month in 2021 was $102.3 million, according to FinCEN Report.
Approximately 37 per cent of global organizations said they were victims of some form of a Ransomware attack in 2021, according to IDC’s 2021 Ransomware Study. In 2022, the Ransomware threat and level of severity of ransomware attacks will grow. With Ransomware becoming the new digital pandemic.
“We expect to see the highest reported ransom paid by organisations in 2022 and disruption of service with maximum impact in terms of financial loss. The loss would not only be calculated based on ransom paid, but in terms of financial losses due to service unavailability, loss of market share, and a drop in stakeholder confidence, among other factors.”
He further explained that as the 2023 Nigeria general elections draw nearer, the use of Deepfakes and fake news would rise in 2022.
He described Deepfakes are videos, images, or audio recordings that are manipulated by Artificial Intelligence (AI) technology.
“In a deepfake, an individual can be presented as saying or doing something that didn’t happen. Deepfakes are typically used to slander targets, manipulate events, falsify statements, or evidence, and create scandals. They are made with artificial intelligence software that maps targeted people’s faces into scenes and onto other people’s bodies, or otherwise manipulate parts of videos. The Deepfakes threat has also been used to facilitate business email compromise (BEC) fraud, bypass Multi-Factor Authentication (MFA) protocols, and Know Your Customer (KYC) ID verification, and will be increasingly used in 2022 and beyond, “Afon said.
He added that cloud security misconfiguration and supply chain attacks would rank among the top cyber threats in 2022.
“In 2022, we can expect that cybercrime gangs will continue to seek ways to hijack the digital transformation of organisations to deploy malicious code, infiltrate networks, and gain persistence in systems all over the world,” Afon said.
He added that insider threats would continue to pose serious challenge for banks and other financial institutions in Nigeria. “Collusion between trusted insiders and cybercriminals will continue to increase in 2022. The majority of frauds in the banking sector were perpetrated through insider information leaks. Fake alerts, sim swap scams, ATM card clones, use of ATM skimmers, and the likes, are highly successful when a bank insider is involved. An insider threat is a malicious threat that comes from people within the organisation,” he said.
He therefore warned private organisations, including government agencies to fortify their networks against vulnerabilities and to ensure timely report of all cases of cyber attacks to the appropriate quarters.