In Nigeria, details of cyberattacks and data breaches are rarely divulged, creating the impression of safety. But the reality is that Nigeria suffers some of the worst security incidents perpetrated in Africa. A recent report by Sophos revealed that 86% of the Nigerian firms surveyed confessed to being victims of at least one cyberattack during the past year; recording the second-highest percentage globally. The report also ranks Nigeria as the country with the most data leakages. This demonstrates that so many data breaches indeed occur within the country, but then no one reports them.
This culture of secrecy contributes immensely to why Nigerian firms are far more vulnerable even though their cybersecurity spending is in line with the global average per GDP. Organizations must realize that not sharing information on security breaches makes it more difficult to defend against them. By operating in information silos, domestic firms are not able to learn from the mistakes of their peers.
The resultant effect is the worsening of the nation’s cybersecurity problem as there is a divide in cyber preparedness between the various sectors of the economy. For instance, while the maritime sector struggles with phishing attacks, the financial services industry has made better progress. If breaches are reported, they can be analyzed and findings made available for all to learn from.
Even cybercriminals understand the importance of information sharing. They can be found on online forums hosted on the dark web sharing information, collaborating, and providing round the clock services that facilitate cybercrime activities including malware creation and the sale of compromised credentials. This contributes greatly to why cybercriminals are so agile in evolving cybersecurity threats.
On the part of the government, they have established the Nigeria Data Protection Regulation which mandates organizations to report data breaches to the National Information Technology Development Agency. Also, the nation’s Computer Emergency Response Team has created a form for anyone to report security incidents. But unfortunately, the enforcement of data breach reporting has been abysmal. South Africa and Kenya who enforce strict policies on data breach reporting unsurprisingly rank higher than Nigeria in the global cybersecurity index.
In conclusion, government and private organizations alike must be awake to their responsibility in terms of reporting data breaches. Disclosing the details of attacks and incident response help security teams and experts to deduce the prevailing techniques used by cybercriminals to carry out successful attacks. This facilitates the development of a national, or industry-specific, cybersecurity strategy that is optimized for the greatest impact.