By Elvis Eromosele
Cyber-attacks are on the rise. It is a wonder people still appear surprised despite numerous warnings from cybersecurity experts. It is one of the downsides of a growing connectedness and digitalisation. Ransomware attacks are proving particularly lucrative.
Take the attack on Colonial Pipeline, one of the largest pipelines in the United States last week. Following the ransomware attack, the report stated that the firm was forced to ‘shut down 5,500 miles of pipeline, which carries 45 percent of the east coast’s fuel supplies and travels through 14 southern and eastern US states, after the breach of its computer networks.’
Naturally, it led to fuel scarcity across certain states, long queues at filling stations and panic buying by motorits.
Reports emerged that the company paid a 75 bitcoin ransom – worth as much as $5 million, depending on the time of payment – in an attempt to restore service more quickly. Colonial has since resumed operations.
It is precisely this sort of scenario that organisations, across the world, dread. Right now, there is no hiding place anymore. Lessons must be taken from Colonial but much more a warning must be heeded.
According to McAfee, “Ransomware is malware that employs encryption to hold a victim’s information at ransom. A user or organization’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access.”
READ ALSO: Mobile phone users to submit their devices IMEI number to NCC from July
Wikipedia explains that payments usually demanded in difficult to trace digital currencies such as Paysafecard or Bitcoin and other cryptocurrencies making tracing and prosecuting the perpetrators difficult.
It is no wonder therefore that ransomware attacks are on the rise. It is becoming more lucrative.
The truth is that these types of attacks are likely to continue into the foreseeable future. They are also likely to get more aggressive. The reason is not far-fetched.
Ransomware is essentially about exploiting vulnerability in systems. With the way the world is going mobile phones, personal and corporate systems and networks and smart cities can all be attacked. No one is safe!
With cyber-attacks, prevention is definitely better than cure. For Nigeria, there is no time like the present to put preventive measures in place. With a burgeoning financial services sector, telecommunications services providers expanding their scopes and the government talking of digitalization.
We cannot afford to be complacent. The risk is real. The threat is imminent. The damage can be incalculable.
Nigeria has a rapidly growing fintech sector. Questions must now be asked, how secure are these platforms? How many of them have contingency plans in place to withstand denial of service attacks? What can they do in the event of a ransomware attack?
They must realize that they can’t afford to trade blame if and when it happens. The banks are not exempt either. Already, there are countless reports of scammers cleaning out people’s accounts, cloning ATM cards among other crimes.
The financial services sector must put its house in order. An attack on ATMs or the banking system itself would be disastrous.
Imagine, if you can, bank customers unable to access financial services or patients denied care due to lack of access. Shutting down operations preventing customers from accessing services from the organizations is a present reality.
Experts have described the nation’s telecom sector as the ‘infrastructure of infrastructures’. Indeed, telecom infrastructure occupies a significant place in the economy. It is the premise of a lot of the digital transformation in the country today.
Everyone should be concerned about how the security of the infrastructure. Operators in the telecom space have pushed for their networks to be declared critical national infrastructure and so they are.
Beyond the physical security of the infrastructure, cybersecurity should now be a priority.
Distributed infrastructure, investment in cybersecurity software and regular updates of software are among measures that can be taken in the immediate and quickly built upon.
And because no one is immune, the government and its agencies must also actively tighten their cybersecurity architecture.
It is time to scale up, renew and strengthen cybersecurity across the country’s critical infrastructure. Telecom and the burgeoning financial services sector must be on guard.
Organisations must take preventive measures and put in place precautionary measures to check and possibly nip cyber-attacks in the bud. Staff should be trained and taught how to identify and avoid cyberattacks.
For all software in use, an investment must be made to ensure that they are updated with relevant patches as at when due. Organisations must employ and deploy recovery and business continuity management plans. All hands must be on deck to make systems resilient.
The National Cyber Security Centre, UK, speaking on how to prevent cyber-attacks notes that the first line is to reduce exposure to cyberattacks.
In some instances, robust government policies needed to provide guidelines, enforce security and jump-start activities especially across ministries, commissions and agencies.
We must ensure that cybersecurity is as important as protection for physical infrastructure.
Talking about ransomware attacks like this isn’t a ploy designed to scare and limit, but an early warning signal, an alarm to spur to action and a wake-up call. We cannot afford to be caught unaware; the price may be too expensive.
~Eromosele, a Corporate Communication professional and public affairs analyst lives in Lagos.
