African cyberspace faced significant challenges in the first half of 2024, with a startling 37 per cent rise in cyberattacks.
This was revealed by the Chief Solution Officer (CSO), Cybervergent, Gbolabo Awelewa, who alanysed the various forms by which the cyber criminals attack their victims.
“A staggering 586,130 threats were found by our staff, a 63 per cent increase from Q1. New cyber risks surfaced in spite of best efforts, endangering the speed at which businesses and organisations throughout the continent operate.
“Leading the attack were trojans called XMRig and Glupteba, which took control of computers and stole private information. If a company is not well prepared, these sophisticated threats could potentially cause serious harm,” he said.
According to him, Nigeria is facing the cybersecurity challenge with the contribution of insider threats, the enemy within the organisation. He said: “In the first half of 2024, as an organisation, we did hit the gym pretty hard but not alone.
Working out along over 100 organisations in the high-stakes world of payments and sensitive data, we focus on building their cyber resilience, helping them stay compliant and avoid getting knocked out by cyber threats.”
Spotting the weaknesses as common cyber challenges, he said: “Like any good trainer, we identified common areas where organisations were struggling which include outdated equipment – Legacy systems were holding many organisations back, making them easy targets for modern cyber threats.
“Another challenge is limited resources. Smaller organisations and even some larger ones were struggling to afford the right equipment (security tools) and trainers (skilled personnel) for a comprehensive workout.
“Lack of knowledge: many organisations were uninformed about the latest fitness trends (security standards) like ISO 27001:2022, CBN Frameworks, and PCI DSS 4.0, leaving them vulnerable to injury (a data breach).
“Also, human Error as insufficient training led to avoidable errors, opening the door for cyber attackers.” He noted that certain industries such as healthcare, manufacturing, education, financial, and retails faced specific challenges.
“In the past six months, the cybersecurity arena has been bulking up with threats, and we have seen gains in cyber-attacks that would make any bodybuilder jealous.
Just like you can’t skip leg day, we can’t expect threat actors to take a rest day. Africa has been lifting some serious weight, with a 37 per cent increase in cyber-attacks, averaging about 2,960 reps per organisation weekly. Talk about a high-intensity interval training for our digital defense.
“Our security operations team has been pumping iron 24/7, monitoring, detecting, and blocking over 586,130 cyber threats. That’s a 63 per cent increase in the events analysed across client environments compared to Q1.
We are not just maintaining our gains; we’re bulking up our defenses across all sectors in Africa,” he added. Analysing the threat actors that targeted Nigeria in the first half, Awelewa said the Nigerian digital landscape was exploding like a pre-workout protein shake – it’s energetic, it’s powerful, but it also requires the right supplements to avoid a crash.
In this high-octane environment, cyber threats lurk like shadow boxers, waiting to land a knockout blow on your data and operations. He said: “The threat actors include Gelsemium which was targeted at Public administration, education services, national security and international affairs, arts, entertainment, and recreation;
Equation Group, targeted at public administration, education services, mining, quarrying, and gas and oil extraction as well as telecommunications; others are Lyceum, gamaredon, circus spider, mirage, common raven, bronze highland, and earth krahang.”
He also identified insider threat, noting that in the first half of 2024, there has been a 50 per cent increase in successful insider threat attacks within Nigeria alone.
A recent study by IBM revealed that insider threats were the heavyweight champions of cybercrime costs, averaging a global KO of $11.4million per incident. Early in April 2024, a healthcare organisation got suckerpunched by a data breach traced back to a healthcare worker who sold patient records on the dark web.
These exposed thousands of of individuals’ sensitive medical information, leaving them vulnerable. According to a 2024 insider threat report by cybersecurity insider, 74 per cent of organisations feel vulnerable to insider threats, with 34 per cent reporting an increase in insider incidents over the past 12 months.