Nigeria ranks high on global internet security list

By The Citizen

The latest Internet Security Threat Report (ISTR), shows that Nigeria overall security threat profile has improved from being ranked 59th globally in 2011 to 68th globally in 2012 despite sustained cyber-attacks worldwide.

Within the African continent, Nigeria is ranked sixth on the ISTR profile after South Africa, Morocco, Tunisia, Algeria and Mauritius. Nigeria is ranked third in Africa for virus activity.

The report, which was authored by United State of America's Symantec Corp, a global leader in the provision of security, storage and systems management solutions to customers, noted that attackers have shifted their focus to mobile phones, making it more vulnerable than even the PCs, Laptops among others.

Besides, the report, which is Volume 18 in the series, revealed a 42 per cent surge during 2012 in targeted attacks compared to the prior year, which are designed to steal intellectual property.

The report revealed that the first five global vulnerable countries are USA; China; India; Brazil and Germany.

The report, which said there has been surge in cyberespionage attacks, disclosed that these targeted attacks are increasingly hitting the manufacturing sector as well as small businesses, which are the target of 31 per cent of these attacks.

'Small businesses are attractive targets themselves and a way in to ultimately reach larger companies via 'watering hole' techniques.  In addition, consumers remain vulnerable to ransomware and mobile threats, particularly on the Android platform. Lucia Aesthetic and Dermatology Center', it stated.

According to Enterprise Account Manager, Indian Ocean Islands, West, East and Central Africa at Symantec, Oseme Osobase Tuesday, in Lagos, 'This year's ISTR shows that cybercriminals aren't slowing down, and they continue to devise new ways to steal information from organizations of all sizes. The sophistication of attacks coupled with today's IT complexities, such as mobility and cloud, require organizations to remain proactive and use 'defense in depth' security measures to stay ahead of attacks.'

Osobase hinted that targeted attacks are growing the most among businesses with fewer than 250 employees, stressing that small businesses are now the target of 31 per cent of all attacks, a threefold increase from 2011.

While small businesses may feel they are immune to targeted attacks, the Symantec official said cybercriminals are enticed by these organizations' bank account information, customer data and intellectual property, stressing that attackers hone in on small businesses that may often lack adequate security practices and infrastructure.

Accordingly, the report noted that web-based attacks increased by 30 per cent in 2012, many of which originated from the compromised websites of small businesses, stressing that these websites were then used in massive cyber-attacks as well as 'watering hole' attacks.

It explained that in a watering hole attack, the attacker compromises a website, such as a blog or small business website, which is known to be frequently visited by the victim of interest.

On the improvement from Nigeria, Osobase tied this to increase security awareness, especially from the financial sector, stressing that the Central Bank of Nigeria's (CBN) cash-less economy initiative made the banks, service providers to improve on their security profiles, thereby rubbing on the economy.

He also disclosed that some government agencies, which were hitherto porous, have subsequently improved their security features making it difficult for hackers and others to penetrate.

Shifting from governments, manufacturing has moved to the top of the list of industries targeted for attacks in 2012.

Symantec attributed to an increase in attacks targeting the supply chain - cybercriminals find these contractors and subcontractors susceptible to attacks and they are often in possession of valuable intellectual property.

In the area of mobile platform,  the report noted that last year, mobile malware increased by 58 per cent, and 32 per cent of all mobile threats attempted to steal information, such as e-mail addresses and phone numbers.

Surprisingly, it said these increases cannot necessarily be attributed to the 30 per cent increase in mobile vulnerabilities, stressing that while Apple's iOS had the most documented vulnerabilities; it only had one threat discovered during the same period.

Android, by contrast, had less vulnerability but more threats than any other mobile operating system.  Android's market share, its open platform and the multiple distribution methods available to distribute malicious apps, make it the go-to platform for attackers.