Technology

Cybersecurity The New Normal

A total of $706,452 has been paid in ransom to cybercriminals by Nigerian businesses

Published

1 year ago

February 16, 2023

A total of $706,452 has been paid in ransom to cybercriminals by Nigerian businesses, according to Sophos, in “The State of Ransomware 2022 report”. Industrial Control Safety Systems (ICSS) in Critical infrastructure are increasingly exposed to cyber-attacks because of the digitization drive of the industry. As supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control systems become connected to the Internet to allow greater business efficiency (remote process monitoring, system maintenance, process control, and production data analysis)-Industry 4.0, they also make the business more vulnerable to threats with the potential to seriously affect critical Industrial Control and Safety Systems.

This article will discuss the cyber security challenges facing these industries and the steps that can be taken to mitigate these risks. Critical infrastructure is classified as the physical and IT/OT assets, networks, and services that if disrupted or destroyed would have a seriousimpact on the health/ security/economic well-being of citizens and the efficient functioning of a country’s government. The energy sector and manufacturing industries are critical to the global economy, and their security is of the utmost importance. The integration of operational technology (OT) and information technology (IT) -industry 4.0 – in these industries has also increased efficiency and productivity, but, it has also increased the risk of cyber-attacks.

One of the main challenges facing these industries is the integration of OT and IT systems. OT systems, such as control systems, are used to control and monitor physical processes, while IT environments, i.e., the internet and cloud, are used to process and store data. The integration of these environments means that cyber-attacks on the Information Technology environment can now directly impact the physical processes controlled by Operational Technology systems.

The use of legacy (ICSS) in these industries is prevalent. Many Control & Safety Systems, were developed before cyber security was a global concern and may not have the necessary security measures in place to prevent such attacks when the ICSS is compromised. In addition, the hardware and software in these legacy ICSS could have reached their End of Life (EOL), which makes them more vulnerable to cyber attackers.

Some other factors have contributed to the growing vulnerability of industrial control systems, which include:

Insecure remote connections; Access links such as dial-up modems and wireless communications are used for remote diagnostics, maintenance, and examination of system status. If encryption or authentication mechanisms are not utilized, the integrity of the transmitted information is vulnerable.
Standardized technologies; Organizations are transitioning to standardized technologies, such as Microsoft’s Windows, to reduce costs and improve system scalability and Internal performance. The result is unrestricted access to knowledge and tools to jeopardize the system and an increase in the number of systems vulnerable to attack.
Availability of technical information—Public information about infrastructures and control systems is readily available to potential hackers and intruders. Design and maintenance documents and technical standards for a critical system can all be found on the internet, greatly jeopardizing overall security.

In addition to the challenges and vulnerabilities facing the industrial control system, Cyber threats and incidents are now a major operating and business risk for every digital enterprise. In the age of digitization, it is imperative to create and execute strategies that allow the business to monitor and mitigate cyber threats and risks supporting its financial objectives.

Traditional industry best practice recommends that the ICSS and operational business networks be physically segregated and employ dedicated networks which enhance security and prevent these attacks. But to truly mitigate these risks, and be IIOT-ready, organizations need to have a comprehensive cyber security program with the partnership of industry experts, which incorporates intrusion detection and prevention systems, firewalls and secure remote access solutions in place, such as those offered by Schneider Electric; with a team of certified experts, delivering holistic cybersecurity programs to help maintain the system’s defenses, with cybersecurity services such as vulnerability assessments, penetration testing, and incident response planning from an operations perspective, while integrating appropriate IT policies and requirements.

In conclusion, the integration of OT and IT systems in the energy sector, and manufacturing industries has increased efficiency and productivity, but it has also increased the risk of cyberattacks. Organizations in these industries need to adopt a cyber security program and posture to maintain profitability to protect against cyber-attacks.

Up Next

Google CEO Task Employees to Spend Hours on Bard to Improve Efficiency

Don't Miss

Tesla to Open Supercharger Network to Rival EVs in $7.5 Billion Federal Program

Investors King

Comments

Telecommunications

Lagos Residents Frustrated by Rapid Data Drain, Call for NCC Action

Published

2 days ago

July 25, 2024

Samed Olukoya

Lagos residents are expressing increasing frustration over what they describe as the rapid depletion of their data bundles.

Many subscribers are now calling on the Nigerian Communications Commission (NCC) to address their concerns as they suspect changes in billing practices by telecommunication providers.

Numerous subscribers have reported that their data does not last as long as it used to. A Lagos-based teacher, Mrs. Nafidah Zaynab, shared her experience, stating that a N2,000 data bundle, which previously lasted almost a month, now depletes within just a few days.

This sentiment is echoed by many, including Idowu Anabili, a trader who has reduced his data usage due to rising costs.

Abdullahi Yunus, who runs a café, noted a significant increase in his data expenses, spending between N70,000 and N100,000 monthly, up from N30,000. He attributes this spike to faster data consumption.

Telecom operators deny any wrongdoing, attributing the faster data consumption to increased usage by subscribers.

An anonymous official from MTN explained that the variety of activities performed on smartphones has increased, leading to faster data usage.

Airtel Nigeria’s spokesperson, Mr. Femi Adeniran, suggested that background apps and high-definition streaming contribute to the issue.

Despite complaints, operators assert they have not officially increased data prices. They emphasize that automatic app updates and other technical factors may be responsible for the perceived quick depletion.

Experts suggest that the challenging economic climate may be pressuring telecom companies to subtly reduce data value.

The industry has reported a 43% rise in operational costs, although no formal tariff hikes have been announced.

The NCC has clarified that it has not authorized any increase in data tariffs. The commission highlights technical factors like automatic video play and app updates as potential causes for quick data depletion.

In a bid to assist consumers, the NCC has advised turning on data saver modes and managing app updates to conserve data.

To combat the issue, Mobile Network Operators (MNOs) have initiated a campaign to educate consumers on optimizing their data usage.

They recommend practices such as disabling automatic updates and closing unused apps.

Social Media

Meta Shuts Down 63,000 Nigerian Accounts in Sextortion Crackdown

Published

3 days ago

July 24, 2024

Samed Olukoya

In a significant move to combat online crime, Meta Platforms Inc., the parent company of Facebook, Instagram, and WhatsApp, has removed 63,000 accounts in Nigeria linked to sextortion scams.

This sweeping action is part of Meta’s ongoing effort to address the growing threat of digital extortion on its platforms.

Unmasking the Scammers

The crackdown, which took place at the end of May, targeted accounts engaged in blackmail schemes.

These scammers posed as young women to coerce individuals into sharing intimate photos, which were then used to extort money from the victims.

The removal follows a Bloomberg Businessweek exposé highlighting the rise of such crimes, particularly affecting teenagers in the United States.

The Global Impact

The U.S. Federal Bureau of Investigation (FBI) has identified sextortion as one of the fastest-growing crimes targeting minors.

The schemes often lead to severe consequences, including the tragic suicides of more than two dozen teens.

In one high-profile case, the death of 17-year-old Jordan DeMay in Michigan led to the arrest of suspects traced back to Lagos, Nigeria.

The Role of the Yahoo Boys

Many of the dismantled accounts were linked to the “Yahoo Boys,” a notorious group known for orchestrating various online scams.

These individuals have been using social media to recruit and train new scammers, sharing blackmail scripts and fake account guides.

Meta’s Response

Meta’s spokesperson emphasized the company’s commitment to user safety, stating, “Financial sextortion is a horrific crime that can have devastating consequences.”

The company is continually improving its defenses and has reported offenders targeting minors to the National Center for Missing & Exploited Children.

To enhance protection, Meta has implemented stricter messaging settings for teen accounts and safety notices regarding sextortion.

They are also employing technology to blur potentially harmful images shared with minors.

Ongoing Efforts

Meta’s actions highlight the complex and evolving nature of online crime. The company has pledged to remain vigilant, adapting its strategies to counter new threats as they emerge.

“This is an adversarial space where criminals evolve to evade our defenses,” Meta noted.

Looking Forward

As digital platforms continue to grapple with issues of privacy and security, Meta’s recent actions demonstrate a proactive stance in safeguarding users.

By dismantling these networks, the company aims to reduce the prevalence of sextortion and foster a safer online environment for all.

The crackdown serves as a reminder of the need for continued vigilance and collaboration between tech companies and law enforcement to protect individuals from the harmful effects of digital exploitation.

Fintech

Flutterwave Celebrates Inclusion in CNBC’s Top 250 Global Fintechs

Published

1 week ago

July 18, 2024

Samed Olukoya

Flutterwave has been recognized as one of the Top 250 Fintech companies globally by CNBC and Statista.

Joining the ranks of industry giants like Ali Pay, Klarna, Piggyvest, and Mastercard, this accolade underscores Flutterwave’s impact on the financial technology sector.

This honor follows Flutterwave’s recent inclusion in Fast Company’s Most Innovative Companies list, highlighting the company’s pivotal role in transforming Africa’s payment landscape.

The recognition is a testament to Flutterwave’s dedication to innovation and excellence in providing seamless payment solutions across the continent.

Expressing gratitude, Flutterwave acknowledged its talented team, supportive board, reliable partners, and loyal customers for contributing to this success.

The company continues to drive progress in the fintech industry, reinforcing its commitment to enhancing financial accessibility and inclusion in Africa and beyond.

Flutterwave’s recognition on these prestigious lists marks a proud moment and a significant milestone in its journey, reflecting the company’s growing influence and leadership in the global fintech arena.