[Column] Titilayo Adewumi: Cybercrime is an existential threat to West Africa's economic growth
While organisations across West Africa work to recover from the economic impact of the pandemic, the global cybercrime industry is going into overdrive.
An increasingly sophisticated cybercrime industry is launching a range of attacks aimed at organisations and critical infrastructure. Such attacks are growing in volume and sophistication, putting our collective economic recovery at risk at a time when organisations invest more heavily in digital technologies.
Global attacks on Internet of Things devices, for example, have risen 300% in 2019 alone, and cost organisations untold amounts of revenue and disruption to their business operations.
One study found that the average cost of cybercrime is $13-million per successful attack, a huge 72% increase over the past five years. The growing digitisation of industries across the region, and the increasing power of the tools at cybercriminals’ disposal, mean the cost of such attacks is likely to grow even further over the coming years.
In short, cyberattacks are posing an existential threat to the economic recovery of the West Africa region.
Cybercriminals set sights on oil and gas 'whales'
The oil and gas sector is central to the economic fortunes of the West Africa region. In Nigeria alone, the sector accounts for 10% of GDP, and revenue from petroleum exports contribute 86% of total exports revenue.
Upstream revenue for oil and gas in the region is expected to register a compound annual growth rate (CAGR) of 6.7% between 2020 and 2025, while crude oil production could register a CAGR of 9.63% over the same period.
Worryingly, cyberattackers are ruthlessly targeted the global oil and gas sector. A 2017 study found that 68% of companies in the sector had experienced at least one compromise that had resulted in the loss of information or a disruption in their operations in the past year.
In a recent example, cybercriminals successfully shut down the Colonial Pipeline, effectively halting 50% of the supply of petrol and diesel to the US East Coast. In another example, ExxonMobil revealed it blocks more than 64 million emails, 139 million internet access attempts and 133 000 other potentially malicious actions every month.
The economic consequences of a successful cyberattack on this critical sector can be devastating to a region already suffering collateral damage from the pandemic. The situation calls for a radical rethink of how organisations across the region – and across industries – bolster their defences and protect against cyberattacks.
Attacks on ERP systems growing
As the nerve centre of modern intelligent enterprises, ERP systems are increasingly targeted by cybercriminals. Attackers know these systems run business-critical applications and house sensitive information, so any data breach could provide access to information they can later use in the service of a range of cybercrime activities.
As these systems increasingly shift to the cloud and integrate a growing suite of business applications, the opportunities for cyberattackers increase too.
The amount of transactional data in typical ERP systems, for example, represent a veritable gold mine to cybercriminals. So does the information about vendors, suppliers and partners - the more cybercriminals know about the internal operations of a business, the easier they will find vulnerabilities to exploit.
The Nigerian Data Protection Regulation, which was announced in 2019, is Nigeria’s most comprehensive data protection law and is set to transform how organisations collect and process data in the country. Organisations should look at shifting their attitudes to security and treat it as a critical business imperative for both compliance and better protection against attack.
Taking steps to securing West African enterprises
A risk-based approach that is endorsed by the board and focuses on protecting the organisation's key assets is needed. Organisations need to get a holistic view of their security risks and then implement solutions and processes that help secure and protect data, applications, systems and end-users.
The best defences typically includes both technical security and transactional monitoring - in real time - to allow security teams to take accurate and appropriate action to keep systems operating and data safe.
Integrating an Enterprise Threat Detection solution for example gives insight into suspicious activities in an organisation’s ERP and other business-critical applications. This allows organisations to identify breaches as they occur and react in real time to neutralise any dangers.
A real-time data platform can help efficiently analyse and correlate log data to help security teams understand what happened within an application, database, operating system or network component, and improve how the organisation scouts for cyberattacks across its most valuable IT assets.
The importance of ERP systems to the effective running of West African enterprises makes them prime targets for cyberattacks. SAP has worked with enterprise security leaders around the world to develop tools that seamlessly integrate with ERP systems and help protect an organisation’s critical data assets from cyberattacks and data breaches.
Organisations across the region need to recognise the threat that cybercrime pose to their operations, their reputations, their employees and their partners. Business leaders, their security teams and their technology partners need to urgently implement new controls or risk becoming the latest victim in a rising tide of highly damaging - and increasingly sophisticated - cybercrime.