Small businesses face more cyber threats as the pandemic forces them to embrace remote working.
Small and medium businesses in Nigeria face a higher risk of being attacked by cybercriminals than big and well-established enterprises, a cyber-security expert has said.
The Chief Operating Officer of Digital Encode, Dr. Obadara Adewale, who stated this at a virtual tech forum, said this reality was driven by the resolve of many to keep using pirated software due to their inability to afford genuine software, which comes at a higher cost.
While noting that cybercrime damages had been projected to cost the world $6 trillion by 2021, up from $3 trillion in 2015, Adewale said with the COVID-19 crisis forcing every business to go online, the risks have become more pronounced than before.
According to him, a recent study also showed that 60 per cent of small businesses that suffer cyber-attacks ran out of business within six months.
“Many small businesses in Nigeria are using pirated software, which cannot be updated. This makes them more vulnerable anytime they use their computer on the internet,” he said, adding that while many go for the pirated software to save cost, the cost of a cyber-attack would make them spend more to retrieve their data if not lost completely.
He said all businesses must observe the basic cyber hygiene practices to keep safe online, which includes using a genuine software.
“Businesses must put in place volume encryption so that nobody will be able to access their information and files in case their laptop is stolen,” he added.
According to him, the rapid shift to work from home occasioned by the COVID-19 is bound to increase the risk of data privacy and protection issues, adding that only 51 per cent of cyber-security experts are confident of their ability to detect and respond to cyber threats during the pandemic.
Similarly, in a paper presented at a recent webinar themed: ‘Cyber threats and Security in the face of COVID-19’. Process Engineering Analyst at Mi-C3 International, Mr. Adote Rock, had noted that data correlated across several threat intelligence platforms showed that since the beginning of the pandemic, there has been an upward trend in attempted COVID-19 themed malware and spam campaigns.
“There have been several phony advisories purporting to provide updates on COVID-19 spread, health updates, fake cures, leading to malware download and ransomware attacks. Some of these attacks if successful could lead to unavailability of critical systems and data,” he said.
He added that the remote working arrangement, which for many organisations is ad hoc; and was never fully planned had increased the risk of loss of sensitive business and personal data.
According to him, the key risk factors include the use of personal devices with limited or no security protection for business, inadequate awareness amongst staff, and inadequate remote access security for critical systems.
“As organisations across the world adopt remote working arrangements,
there is a widening of the attack surface due to third-party risk. Many vendors providing support for critical services also have their employees provide support to clients from home, while some have to engage ad hoc staff to perform services due to the unavailability of certain employees,” he said.
Highlighting some of the steps organisations could take to reduce the risk to themselves, their customers, and their employees, he said businesses must raise the awareness amongst their team, warning them of the heightened risk of COVID-19 themes phishing attacks.
“Enhance security awareness to your customers via email and text messages, providing tips on the safe use of your digital channels, and share definitive sources of advice on how to stay safe and provide regular communications on the approach your organisation is taking to the COVID-19.
“Make sure you set up strong passwords, and preferably two-factor authentication, for all remote access accounts; particularly for Office 365 access and provide remote workers with straightforward guidance on how to use remote working solutions including how to make sure they remain secure and tips on the identification of phishing.
“Also assess third-party risks of vendors who provide support for critical systems, digital interfaces, and channels and run a helpline or online chat line which they can easily access for advice, or report any security concerns including potential phishing, he advised.
According to him, organisations would also need to disable USB drives to avoid the risk of malware, offering employees an alternate way of transferring data such as a collaboration tool.