Cybersecurity has become one of the most concerning issues in Nigeria’s information technology sector.
With the emergence of new technologies and vendors, there has also been a sharp increase in threats. In a concerted effort to secure systems and data, the following cybersecurity trends have taken centre stage:
Moving from reactive to proactive security
Cybersecurity is commonly perceived as a reactive service because troubleshooting and providing solutions occur after a breach. As the risks increase in quantity and scale in Nigeria and the rest of the world, it’s becoming essential for organisations to become proactive in the detection and prevention of cyberattacks. Managed security service providers (MSSPs) offer affordable mainstream outsourced/managed proactive security services.
Artificial Intelligence and machine learning
The more interconnected the world becomes, the greater the risk of AI-based malware compromising millions of targets at once. Attacks driven by artificial intelligence are able to adapt to exploit a targeted system. If they succeed, information is relayed to millions of people who soon learn of the exploit. AI and machine learning are expected to become an integral part of cybersecurity.
Outsourced and cloud-based security services
As cybersecurity becomes more complex, a lack of required skills to manage security systems will mean that many organisations will outsource their operations or move them to the cloud. Employing the services of MSSPs provides access to a wide scale of security solutions that eliminate the skills shortage and reduce the cost of deployment.
Cyber resilience and regulations
With enough time and resources, skilled attackers can breach some of the most complex cybersecurity systems. The implementation of cyber-resilience strategies provides a contingency framework and recovery plan in the event of a breach. With the Central Bank of Nigeria releasing its risk-based cybersecurity framework in 2019, other regulators in the country will follow suit. It is also expected that regulators will be more decisive about cryptocurrency, GDPR and Blockchain technology.
Advanced persistent threats and data breaches
A cyber attacker spends an average of more than six months inside a compromised network before being detected. So it’s crucial to spot any suspicious activity and take action as soon as possible. The prevalence and resultant damage of data breaches will increase as organisations that are targeted struggle to recover from the reputational damage and financial loss. Identity theft and the use of stolen personal data to commit fraud and extortion is also expected to continue.
Threats from the inside
One of the biggest threats to cybersecurity come from within an organisation. Unsuspecting employees are vulnerable to phishing and other targeted attacks. Educating them on how to identify and report suspicious online content and emails and deploying anti-phishing technologies provides a necessary line of defence.
Internet of Things and connected threats
The focus on IoT security will sharpen because unsecured smart devices provide easy entry points. CCTV cameras, smart TVs and smart appliances connect directly to the Internet without a protective security layer. Many devices also have default admin login credentials that never change, which make them easy to exploit. Changing default usernames and passwords and segmenting vulnerable IoT devices from the greater network will ensure greater security.
Public cloud security
Security becomes paramount as more organisations move to the cloud. Cloud users must understand their security responsibilities and that of their cloud providers and ensure that they are delineated clearly. OS patch management and security such as anti-virus, application security, protecting individual workloads through micro-segmentation and data security must form part of the public cloud security strategy.
Consolidation of security vendors
As new security vendors emerge, we will see a consolidation in the market where big players acquire smaller ones for their IP, unique features and technologies. This won’t apply to every small player because the bigger ones might develop some technologies in-house. Regardless of this, we will see an industry rationalisation in the future.
Existing trends to watch
The emergence of new threats does not halt the existing ones. There will continue to be a prevalence and growth of these trends, including:
- Malware-based attacks
- Cyber warfare and nation-state attacks
- DDoS attacks, social media manipulation and fake news
- Readily available cyber weapons
- Skills shortages
- Cryptocurrency hacks
- Identity and access management and multi-factor authentication