Nigeria has secured the second spot in the ranking of African countries most protected against cyber threats, surpassed only by Senegal, according to a new report by India-based cybersecurity research firm, Indusface. This analysis, shared by TechCrunch, reveals that Nigeria climbed the ranking owing to its successful neutralisation of the Gamarue botnet, a hazardous malware that previously posed significant threats to corporate data and devices.
Indusface determined the rankings using a range of cybersecurity parameters, including Distributed Denial of Service (DDOS) attacks, phishing attempts, and malware-hosting sites. Nigeria scored an overall index of 74.69 out of a possible 100, with Senegal topping the continent’s chart with 78.09 points.
The report extols Nigeria for its low number of compromised systems per 100,000 internet users compared to other surveyed African nations. This is a testament to Nigeria’s progress in countering the Gamarue botnet, a malware that primarily engages in data theft and click fraud. Globally, Honduras, South Korea, and Japan emerged as the top three nations with regard to cybersecurity.
Venky Sundar, Founder and President of Indusface, underlined the necessity of addressing security challenges linked to the increasingly popular remote work model. He offered a six-point strategy to boost cybersecurity in virtual work environments. These recommendations include understanding data security laws such as the GDPR, examining law enforcement resources, considering government grants for cybersecurity, and gauging cybersecurity knowledge across various age demographics.
The Indusface report also reveals that 68% of high-growth global companies are capitalising on hybrid work models due to their cost effectiveness, flexibility, and broader talent acquisition potential. The study suggests that the adoption of such models may help mitigate risks related to data privacy and network security outside traditional office spaces.
The Gamarue botnet, also known as Andromeda, is a type of malware that allows hackers to gain control over individual computers, not only breaching system settings but also stealing information. This harmful software often infiltrates systems via fraudulent websites that trick users into downloading browser updates or new versions of applications like Adobe Flash Player or Java. Once activated, Andromeda sets itself to launch every time Windows starts.
There have been several notable instances of cybersecurity breaches in Nigeria. For example, in April 2022, the Plateau State Contributory Healthcare Management Agency (PLASCHEMA) suffered a significant security breach, resulting in the exposure of a large volume of user data. The National Cybersecurity Society (NCSS) swiftly intervened to contain the breach.
Furthermore, in August 2020, two major Nigerian banks reportedly endured data breaches, potentially exposing customer financial details. Moreover, in July 2023, independent Nigerian journalist, David Hundeyin, reported the compromise of Lagos state government emails, revealing negotiation details. In both instances, official responses were slow or non-existent.
Confidence Staveley, a renowned African cybersecurity expert, emphasised that organisations need to appreciate the responsibility that accompanies data collection.
Following the establishment of the National Cybersecurity Society (NCSS), there have been significant advancements in Nigeria’s cybersecurity framework. These include the establishment of the National Computer Emergency Response Team (CERT), the implementation of the Cybercrime Act 2015, and the launch of various cybersecurity awareness programmes.
In September 2022, Nigeria’s National Information Technology Development Agency (NITDA), responsible for cybersecurity and data protection, introduced rules requiring businesses to ensure the security of their data collection, processing, and storage operations.
A comprehensive understanding of the cyber threat landscape and the implementation of robust security measures can help businesses mitigate risks and shield their crucial data and assets from potential cyber-attacks.
