Menu

In its Nigeria Cyber Security Outlook 2019, Deloitte, one of the ‘Big Four’ accounting firms, highlights eight major trends that could impact the Nigerian cyberspace this year. Released on Tuesday, the report states that much of the trends in 2018, including high-profile privacy and security breaches, cryptojacking and the key role of cyber security regulations, will continue and a number of them will intensify.

Given the upcoming 2019 elections, the report says hacktivism may become prevalent before and immediately after the elections. The aim will be for the perpetrators to gain access to the IT systems of government departments and agencies.

Deloitte cites the attack on the website of the Independent National Electoral Commission (INEC) during the 2015 elections. INEC’s site was reportedly hacked and attempts were made to gain access to critical information of several government parastatals. Such politically-motivated attacks, the accounting firm says, would rise this year.

Another major trend would be the rapid adoption of cloud services and application programming interface (API). This is expected to increase cyber-security threats. As more attention is being given to data privacy and security, organisations that use API and cloud technologies would need to consider additional measures to ensure the privacy and security of customers’, employees’ and third parties data are guaranteed.

Due to more stringent regulation, there will be an increase in demand for cyber-security professionals in the country. According to the World Economic Forum, cyber-security alongside artificial intelligence and data analytics now offer more career opportunities to professionals.

In 2019, Deloitte expects Nigerian cyber-security professionals to leverage data analytics, artificial intelligence and machine learning to build more predictive models into their existing cyber-intelligence systems. “Attackers may also leverage (this) technology and so organisations need to be one step ahead,” said Tope Aladenusi, Partner, Risk Advisory at Deloitte.

In addition to ransomware attacks, there would be more targeted malware attacks in 2019, say Deloitte. These attacks will target process and applications such as enterprise resource planning (ERP) applications and payment processing applications. The traditional antivirus systems will not be able to detect most of the attacks, hence, organisations will need to have a holistic approach to cyber security in order to stay ahead.

Phishing attacks are also expected to be prevalent in 2019, with no industry sector immune from it. According to the Africa Cyber Security Report, Nigeria, Tanzania, Ghana, Kenya and Uganda lost a cumulative sum of $3.5 billion to cyber criminals in 2017. Also, last year, financial institutions put in place systems to check the use of phishing emails to trick people to divulge sensitive information.

Deloitte predicts that other sectors of the economy, including maritime, consumer goods, energy and telecommunications, may become targets. Thus, organisations must continue to invest in user awareness campaigns to stay ahead of phishing attacks.

“In 2018, we predicted that cyber security regulations would play a key role in Nigeria,” said Aladenusi, who is also the Head of Cyber Risk Services at Deloitte Nigeria. “With the Central Bank of Nigeria Cyber Security Framework, cybersecurity regulations have become a major driver for security especially within banks and payment service providers (PSPs).”

Deloitte expects that financial institutions and PSPs will begin to explore the adoption of Integrated Compliance and Risk Management (ICRM) techniques in 2019 to reduce the cost and effort of compliance. Regulators would be more decisive about cryptocurrency, the general data protection regulation (GDPR) and the application of blockchain technology; these will further improve compliance with standards in relation to cyber security.

The eighth trend posited by Deloitte is local and international cooperation on cyber awareness. “We will witness more collaboration in 2019 among organisations in several sectors of the economy as regards sharing of cyber intelligence,” said Aladenusi. “There will be collaboration in 2019 among countries and government agencies in setting up intelligence sharing mechanism for organisations in their jurisdiction.”

The report, however, warns that the common attacks by cybercriminals such as denial of service attacks (DOS), man-in-the-middle (MITM) and password attacks should not be neglected in view of the top events likely to happen in 2019.