The Nation Newspaper

Tag: Cyber Security

  • Experts call for collaboration on cyber security

    Experts call for collaboration on cyber security

    There is need for collective responsibility and proactive engagement in tackling growing cyber threats, experts have said.

    Experts, who spoke at the 2025 Cybersecurity Webinar of the Central Securities Clearing System (CSCS) Plc said cyber security requires actions from all levels of stakeholders in order to attain a certain level of optimization.

    The virtual webinar with the theme: “Securing Our World”, brought together participants from the Office of the National Security Adviser (ONSA), financial institutions, and global cybersecurity experts.

    Managing Director, Central Securities Clearing System (CSCS) Plc, Mr. Haruna Jalo-Waziri, emphasised that cybersecurity must be viewed as a shared duty across all levels of society.

    He said: “Whatever we do as individuals, teams, or organizations, we must all play a part in keeping our digital world safe. Our world is only as secure as the actions we take every day”.

    Jalo-Waziri explained that CSCS launched the annual cybersecurity seminar years ago to drive security awareness and thought leadership within the capital market, given the organisation’s role as a key market infrastructure.

    According to him, the seminar is a global call to action and a reminder that cybersecurity is a shared responsibility.

     “As leaders, we must demonstrate good security behaviour not only through policies but through our daily actions,” Jalo-Waziri said.

    He reiterated that at CSCS, cybersecurity is not merely a technology concern but a business imperative and shared value, embedded in the company’s decision-making and culture. He assured that CSCS would continue to invest in awareness programmes and empower its people to make secure, confident decisions.

    Delivering a presentation titled “Why the Human Firewall is Important,” Daniel Onyekpeze, Head of Incident Handling (ngCERT) at ONSA, highlighted the human element as a major vulnerability in organizational cybersecurity.

    He noted that most cyber incidents stem from human actions and urged organizations to prioritize continuous staff training to help employees detect and respond appropriately to threats.

    He said: “Humans remain the most targeted and affected in organizations. Regular training and a whole-organization awareness approach are key to building a strong human firewall”.

    Read Also: Dangote Refinery can meet Nigeria’s fuel demand, no need for importation – Group

    Speaking on “Cybersecurity in a Hyper-Connected World,” Zechariah Akinpelu, Chief Information Security Officer, Unity Bank Plc, observed that with over 30 billion Internet of Things (IoT) devices expected globally by 2030, the world has become more interconnected—and more exposed.

    While IoT technologies bring convenience, he warned, they also create new security risks that hackers actively exploit. Akinpelu advised individuals to adopt strong passwords, update devices regularly, and carefully manage app permissions, while urging organizations to implement Zero-Trust architectures, AI-based defense systems, and vendor risk management frameworks.

    Also speaking, Jon Hamlet of CyberSoc Africa, in his presentation titled “Global Threats, Local Impact – Enterprise Strategies for a Connected World,” stressed that Nigerian organizations must strengthen enterprise resilience by embedding cybersecurity into their corporate culture.

    He advised institutions to proactively manage risks across their supply chains, comply with regulations, and address global cyber threats with comprehensive risk management strategies.

    In his closing remarks, Adeyinka Shonekan, Executive Director, CSCS, reiterated the organization’s commitment to cybersecurity leadership.

    “In an increasingly digital and interconnected world, the responsibility to protect our systems, data, and people rests on all of us—individually, organisationally, and nationally,” he said. “At CSCS, we remain steadfast in advancing cybersecurity excellence within the capital market and the wider financial ecosystem. Collaboration, awareness, and innovation are the cornerstones of our resilience.”

  • Australia’s Cyber Security Push: Why Real-Time Monitoring Beats Annual Audits

    Australia’s Cyber Security Push: Why Real-Time Monitoring Beats Annual Audits

    Australia’s ambitious 2030 Cyber Security Strategy faces a major test as businesses struggle to move beyond outdated compliance methods. The federal government’s A$587 million commitment to become the world’s most cyber-secure nation demands more than good intentions and requires a fundamental shift from annual security theatre to continuous protection.

    The Australian Signals Directorate received nearly 94,000 cybercrime reports in 2022-23, which equates to roughly one attack every six minutes. Small businesses faced average losses of A$46,000 per incident, yet many organisations still rely on once-yearly audits that leave massive security gaps undetected for months. 

    Modern identity management solutions have emerged to address these vulnerabilities, with platforms such as Inclave providing Australian casino players secure biometric login options that use facial recognition and fingerprint scanning to eliminate password risks, and the system stores encrypted credentials across multiple gaming sites with two-factor authentication and real-time fraud alerts (source: https://esportsinsider.com/au/gambling/inclave-casinos).

    The Six Cyber Shields Strategy

    Canberra’s strategy centres on six interconnected Cyber Shields that target different aspects of national digital security. Shield 1 focuses on stronger businesses and citizens through free cyber-health checks and no-fault ransomware reports. Shield 2 addresses safe technology with mandatory security standards for smart devices, and Shield 3 builds world-class threat information that organisations can share effectively.

    The remaining shields target infrastructure protection, sovereign cyber capabilities, and regional leadership. These ambitious goals span three distinct horizons from 2023 to 2030, and each phase builds on previous achievements. Implementation remains patchy across Australian businesses, though.

    Seven years after the Essential Eight security framework launched, more than half of organisations still fall below Maturity Level 2 across the eight controls. An ADAPT survey of 84 Australian organisations, which included 29 infrastructure operators, revealed that patch cycles slip, multi-factor authentication stalls at the pilot stage, and backups frequently fail when ransomware attacks occur.

    The Annual Audit Problem

    Traditional compliance approaches create dangerous blind spots that attackers exploit. Companies pass audits in June, watch controls decay through July, and face failures by August, but the compliance certificate still proudly displays on their website. This tick-the-box mentality leaves organisations vulnerable precisely when attackers strike.

    Modern cybercriminals operate around the clock and probe systems for weaknesses that emerge between scheduled reviews. They exploit the gap between audit cycles because they know that most businesses lack real-time visibility into their security posture. Manual evidence collection compounds the problem, with teams that scramble for screenshots and logs that become stale before the assessment concludes.

    The Office of the Australian Information Commissioner recorded 483 data-breach notifications in the second half of 2023, up 19 percent from the previous six months. Many incidents involved compromised cloud providers or software vendors, which highlights how third-party risks multiply when monitoring remains sporadic.

    The Promise of Continuous Protection

    Advanced platforms now automate control monitoring and evidence collection, and they feed live telemetry into dashboards that alert administrators the moment patches slip or unauthorised admin accounts appear. Instead of annual scrambles for documentation, security controls report their health daily through integrated systems that connect cloud consoles, identity providers, and endpoint agents.

    This change turns compliance from reactive busywork into active protection. Live data monitoring spots security problems right away and sends warnings before bad settings turn into major breaches. Businesses that adopt always-on security monitoring see big improvements, and one company used an automation platform to get ISO 27001 certification in less than three months instead of the usual full year.

  • The necessity to focus on cyber security for a better connected World

    The necessity to focus on cyber security for a better connected World

    With the increasing Growth in Technological advances such as 5G, IOT, advanced Technologies in different fields such as Smart container terminals, self-driving vehicles, electric grid powered by renewables have also increased. What do these technological advances have in common? They depend on a lot of devices, including smartphones, sensors, cameras, and personal digital assistants being connected to a network. And while this connectivity enables the world to run smarter, it also puts cyber security at the forefront.

    Due to all these advances in Technology with increased connectivity of many devices there is an increasing risk that cyber-attacks pose. “The attacks will become a very common phenomenon in the coming world. “Any single one of these critical vulnerabilities can lead to your system being hacked and controlled by the attacker.”

    Read Also: Fighting malnutrition

    One of the major focuses is to ensure the reliability of open-source software. In recent years, open-source software has been playing an ever more central role in keeping the world running smoothly. In theory, software coded openly and collaboratively is as safe, if not safer, than proprietary software because anyone can inspect the source code for vulnerabilities. At the same time, open-source software can become a vulnerability itself if no one is actually checking the source code. We need to watch out for Vulnerabilities in Open-source software.

    Regulators need to move at the pace of Technological Advances, but sometimes technology evolves too quickly for regulations to keep up. “The tech industry moves quickly. And there is a big gap how to regulate at the speed of tech. Tech industry moves much faster than Most regulatory Bodies, and we don’t really have a good theory of agile regulation. So right now, us in society, need to work out how to regulate technology at technology’s pace.”

    Also, vendors need to produce products that are Robust full & resilient to cyber-attacks, Product and data configurations that can standard the increasing cyber insecurity in the Technology world, for example, firewall configurations must be able to defend against attacks from hackers.

    When Individuals, Companies are fully connected with out the fears of Cyber security Insecurities then we have a Safe connected world which increases Trust for Individuals and Companies to use more and More advanced technologies which improves their quality of Life.

    Report is from Huawei Nigeria CSPO Osita.

  • Why Nigeria should invest in cyber security – Expert

    Why Nigeria should invest in cyber security – Expert

    Nigeria has the potential to emerge as one of the leading producers of cybersecurity professionals globally, thereby generating substantial foreign exchange and revitalising the country’s economy from its current challenges.

    The head operations of Wellspring consulting, Omowunmi Oyetinbo, made this assertion while calling on government, private organisations and individuals to partner Wellspring Consulting and invest more in the training of the Nation’s youth as cyber security professionals.

    Read Also: Lagos raises cyber security board

    According to Oyetinbo, “The consulting firm is well grounded in training cybersecurity professionals which would open doors to endless career possibilities in the ever evolving tech-industry, both locally and globally.

    “Wellspring consulting is set to partner various organisations to sponsor young Nigerians, especially young women in building a career in Cybersecurity. The firm offers training and free global certification with a globally ranked IT security organization.”

    Oyetinbo, who describes cybersecurity as the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks, said Nigeria faces a critical shortage of cybersecurity professionals while there is high demand for the profession globally.

    She assured that any investment or training in cybersecurity would yield bountifully for Nigeria.

  • ‘We all must be involved in cyber security of children’

    ‘We all must be involved in cyber security of children’

    The advent of the internet has advanced the course of human race in no small measure. It has, however, come with its positive, as well as negative sides, especially with the various social media platforms and sites. Co-founder and CEO of Child Cyber Protection (C-C Pro), Delmwa Gogwim, in this interview with Sam Anokam speaks on some of these issues and what her organisation has been doing to curtail the accompanying dangers and protect the child.

    WHAT informed your interest in child cyber protection?

    I have always been a teacher even before I got trained. I have always been a children’s person. From that background, I noticed that some of my pupils at one point started getting distracted in class and we had to start checking to find out that it is either some of them now have phones at home or that ‘daddy bought us a computer.’ I said, if this is happening frequently, it then means that there is something that should be done; and so we did a little more research and I thought I could start an advocacy on child cyber protection. I did more research in Plateau State where I started. We went to three local governments and found out that children from ages 10 -11 at JSS 1 in remote areas were already sending nudes to adults.  I asked one of the girls with the permission of the school if she was aware of what she was doing. She said, they just asked for it. Using the word ‘just’ for me was a very major point. She didn’t even know what it was going to cost her as a person. So, we decided to register it as an NGO and talk to children.

    If you are telling a child not to do a thing, what else can you replace it with? Child cyber protection is not only telling them not to do this and that but we tell them what they can do with their time. We bring in creativity, innovation and then we bring in the parents. In our programme every year, we have a special programme we do with parents. They should be part of the advocacy because they are part of what happens to these children. This is what prompted the start of C-C Pro.

    How long have you been doing this and how has the experience been?

    We are four years old. It has been an amazing experience. We have a boy sadly at 14, who we had to connect to a psychologist because he could not stop masturbating. Interestingly, he doesn’t have an android phone, but he tells mummy and daddy that ‘they gave us assignments in school’, and they innocently gave him their phone. And they were never aware of what he was doing. Maybe he opened to us because he saw us as ‘friendly strangers’; and that was how we were able to seek help.

    Some of the success for us would be one of the secondary schools that we went to and taught them digital entrepreneurship. One of the boys, who wrote his SSCE and passed, is son of a widow who also knew how to sew. He had a Facebook account, so we told him he could use his Facebook account to promote what he his work. I say this with so much emotion because I still remember that phone call and he said; ‘Miss Bell, I got my first contract, a choir wants me to sew ties for them.’ That is just from Facebook. But we can do a whole lot more to reduce the sad part if we can sensitise these children. The difference with us is that we work with the parents and we work with the government and other stakeholders, because if your child is clean and my child is into yahoo, your child can become a victim and in turn affects you. So everyone has to be involved.

    So far, how many states have you covered?

    As I said, we started in Plateau state. When I moved to Abuja, it gave us an opportunity to have more connections to the neigbouring states like Niger, Nassarawa states. One of the things we do especially during our conferences is that we connect with these children from different states online. That is the power of the internet. Our last year’s event, that was the Nigeria’s Teen festival, we had about 12 states that were part of it.

    During our research for 2023, we had universities from all the six geo political zones playing roles. We are spreading. It might be slow but we are getting there.

    What plans do you have to expand your advocacy to other states?

    April 21st of every year is World’s Creativity and Innovation Day and part of our strategy is to teach young people that they can be a creative; they can be innovators. We are doing that event in Abuja and we are having Nassarawa, Niger with the FCT as part of it. We want to use that as a test to see how effective it goes. And the overall project for us under which we are doing this is called ‘The Digital Citizenship School Stop-by.’ By 2026, we hope to have gone to the six geo political zones and have what we call ‘the school ambassadors’. We pick two students- the head boy and head girl from every school, we train them and they in turn come back to their schools with the help of their principals and the proprietors and spread the words. We are hoping with the government’s intervention, we would be able to meet more demands on cyber security.

    Do you have any support from the government, individuals or are you funding this alone?

    The matter of funding is not so much an issue now. I think so far we have had support from the Nigerian Data Protection Commission. Last year they were fully part of what we did. NCC has been part of what we are doing as well. We also signed a partnership with the National Orientation Agency for one year. They want to be part of what we are doing. It might not be all finances for us but we need their wings to fly which is so important to us but then we cannot do without funding because we travel, we need to go to these children and all of that. The media is one aspect we would love to spread the word.

    Read Also: Google, Liquid, Anthropic partner on cyber security, others

    Are you also exploring other areas of collaboration with religious bodies and the likes?

    I have had an opportunity to speak in two churches. They gave me that invitation. When we finished talking most of the parents’ heads were down and I asked them that if you all know the strangers your child talks to in the community, do you know how many strangers your child talks to online? You keep telling them not to talk to this and that person but the biggest strangers are online and so I am always open to religious bodies to help us spread this word. Invite us wherever it is, we are willing and we are so glad to go and speak to them.

    What do you hope to achieve at the end of the day?

    We want a safe society for our children. We want a society where children are tolerant of each other. It is children that bully children online even adults are not left out of bullying. You see a child insulting somebody old enough to be their father because they are behind a device called a phone. I am looking forward to a society where Nigeria would be on the map for being one of the cleanest societies when it comes to the cyber world. Let other worlds emulate us, see and say Nigerians are using the internet for the right reasons.

  • Google, Liquid, Anthropic partner on cyber security, others

    Google, Liquid, Anthropic partner on cyber security, others

    Liquid C2, a business of Cassava Technologies, a pan-African technology group, yesterday announced collaborations with global technology leader Google Cloud and artificial intelligence (AI) company Anthropic to deliver advanced cloud, cyber security solutions, and generative AI (gen AI) capabilities to African businesses across the continent.

     Building on the last November signature of a Memorandum of Understanding (MoU) for collaboration with Google Cloud in Africa, Liquid C2 is set to improve cyber security and cloud offerings across the continent while introducing them to Google Cloud’s latest AI, data, collaboration, and security solutions.

    Customers of Liquid C2 can expect heightened security measures, access to advanced cloud technologies, and a commitment to securing their digital assets.

    Liquid C2 is set to be one of Google Cloud’s largest Managed Security Service Providers (MSSPs) in Africa, combining Google Cloud’s leading security solutions with Liquid C2’s expertise and vision in offering comprehensive security consulting. In addition, the collaboration enables Liquid C2 to bring the capabilities of both Google Cloud and Anthropic’s AI models to its customers via Google Cloud’s Vertex AI platform1, helping businesses develop and deploy solutions quickly within their cloud environments.

    As a strategic partner of Google Cloud’s innovative solutions in Africa, Liquid C2 will also deliver Google Workspace to customers across the continent. Designed to facilitate team connections in a cloud-native environment, Google Workspace also features embedded generative AI tools to help employees create content and achieve greater productivity and collaboration in the workplace.

    By fortifying cyber security measures and infusing gen AI capabilities, Liquid C2 envisions a future where security, collaboration, and innovation go hand-in-hand, creating a safer, more productive digital experience for all. As Africa continues to emerge as a hub for technological advancements, collaboration between leading companies like Liquid C2, Google Cloud, and Anthropic play a crucial role in driving progress, fostering innovation, and attracting global investment.

    In a separate but related development, Liquid C2 is also working directly with Anthropic, one of the largest and fastest-growing AI companies globally, to develop AI solutions for large enterprises that want to use it to improve productivity and revenue growth. Anthropic has a strategic partnership with Google Cloud, and Claude – Anthropic’s family of foundational AI models that excel at thoughtful dialogue, content creation, complex reasoning, creativity, and coding – is available in Google Cloud’s Vertex AI.                                  

    Liquid C2’s partnership with Anthropic signifies a shared commitment to empowering businesses in Africa with state-of-the-art AI solutions. By integrating AI models and services across various industries, Liquid C2 and Anthropic aim to accelerate growth for clients, further positioning Africa as a global player in the digital landscape. The collaboration presents opportunities to apply gen AI to African businesses irrespective of the industry or organisation size.

    Thomas Kurian, CEO of Google Cloud said: “Businesses are increasingly turning to generative AI to drive operational efficiencies, improve the customer experience, and empower their employees like never before. Building on Google’s commitment to investing $1 billion to boost Africa’s digital transformation, our collaborations with market leaders like Liquid C2 and Anthropic will help bring gen AI, security, and other cloud technologies to businesses across the continent. This partnership has the opportunity to transform how African businesses serve and engage their customers as we provide them a foundation for innovation.”

    Read Also: Time has preserved Awo’s principles, legacies – Tinubu

    Currently, more than 80per cent of the largest businesses and organisations operating in more than      31 African countries use a broad spectrum of advanced digital technologies from Liquid supplied by global vendors. Many are keenly interested in moving AI readiness. Liquid C2 will remain a multi-vendor provider, offering its customers best-in-class solutions.

     Co-founder and Executive Chairman of Cassava Technologies, Strive Masiyiwa, said: “Our collaborations with Google Cloud and Anthropic signify a significant step change in our journey as Africa’s leading cloud and cyber security provider. We recognise the importance of responsible AI in enabling access to economic opportunities and empowering individuals and businesses across the continent. Our partnerships with these two leading technology firms will help us deliver AI-powered solutions that address the unique challenges and opportunities in Africa’s digital transformation journey. Together, we are setting new benchmarks for these solutions that cater to the complex needs of a diverse clientele.”

    President of Anthropic, Daniela Amodei, said: “We’re excited to partner with Liquid C2 and Google Cloud, bringing frontier AI to businesses across Africa. Combining Anthropic’s safe, steerable AI with Google Cloud’s secure, scalable infrastructure means this partnership has huge potential to enable African companies to grow.”

  • ​’Cyber security breach erodes trust’

    ​’Cyber security breach erodes trust’

    Cyber security breaches are capable of eroding trust in digital platforms, a tech expert has said.

    Reacting to the arrest of persons behind the security breach at Patricia Technologies, an indigenous crypto exchange, the CEO of a crypto company, Seun Dania, therefore commended the successful efforts of the Nigerian Police Force in apprehending those behind the security breach.​

    Dania highlighted the significance of this development in restoring trust not only in Patricia Technologies but also in the African startup ecosystem at large. He emphasized that the apprehension of criminals by the police is a crucial step in dispelling concerns of funds mismanagement and in reaffirming the integrity of Patricia Technologies.

    Read Also; Kano CTC: Judicial officers involved will be punished – NJC

    While expressing his unwavering support for Patricia Technologies, Dania pointed out that such incidents, though challenging, test the resilience and potential of startups. He reiterated his commitment to invest in Patricia, not just financially but also in aiding them to rebuild a more secure platform.

    Addressing the affected users, Dania expressed deep empathy and reassured them of Patricia’s dedication to rectifying the situation and preventing future breaches. He underscored the importance of community support in overcoming such challenges and the vital role of startups in driving economic growth and innovation in Africa.

    Dania lauded the collaborative efforts of Patricia Technologies and law enforcement agencies in addressing the crisis. He urged the community to continue supporting local businesses, highlighting their role as pillars of hope and progress in the continent.

  • SGORL trains youths on cybersecurity

    SGORL trains youths on cybersecurity

    The need for strong cybersecurity was the highlights as computer analysts and other experts spoke at an interactive training session organised by Sterling Global Oil Resources Ltd., (SGORL) for students of Computer Science, Yaba College of Technology, Yaba Lagos.

    At the training which took place at the Bon Voyage Hotel, Victoria Island, Lagos, the Chairman, Nigeria Computer Society (NCS), Lagos State Chapter, Mr. Oladipupo M. Olakunle, said sophistication in cyber attacks and data breaches taking place on a daily basis, leading to heavy losses by big businesses makes strong cyber security more compelling.

    According to him, the internet has become an integral part of our lives and as more and more people across the world move towards online, the risk of cybercrime will continue to be amplified.

    He said: “With the advent of the ever-changing digital world, numerous cyberattacks and data breaches are taking place on a daily basis. Initiative like this enables students to gain significant perceptions and make them aware of the threats and risks.’’

    Read Also: Controversy over warning to ‘Iyana Oworo’ LASTMA officials over alleged extortion

    He explained that cyber security is one of the most critical aspects in our lives due to the increasing usage of different digital platforms adding that understanding exposures, how common cyber attacks work, and how to prevent such attacks is essential to preventing breaches and attacks.

    Vice Chairperson, Nigeria Computer Society, Lagos State Chapter,
    Mrs. Funmilola Omojola said breaches do not exclude any user of the cyber space, adding that all users are exposed to various security risks.

    “Cyber threats are continually advancing, so it is important to get trained about the pros and cons of digitalisation in order to know how to fortify ourselves against cyber attacks”

    She said cyber attackers persist to manipulate gaps and introduce new threats and vulnerabilities, and commended SGORL for creating this initiative aimed to promoting a safe digital culture among the students, as part of its sustainable effort to establish a safer digital world and preaching the integration of cyber security best practices.

    Students from Yaba College of Technology (YABATECH) were given the opportunity to present some of their projects relating to the latest cyber security trends.

  • Osinbajo advises stakeholders on cyber security

    Vice President Yemi Osinbajo has advised all stakeholders in the nation’s cyber space, including the National Assembly, cyber security experts, security and other related agencies, as well as the private sector to collectively share cyber security best practices and ensure speedy implementation of requisite policies, to curtail the activities of cyber crooks.

    Osinbajo, who spoke in Abuja while declaring open Cyber Secure Nigeria 2019 conference with the theme:  Implementing Cyber Security and Data Privacy Practices in Nigeria, said no individual, organisation or entity is immune to cyber-crimes because of the sophistication and severity of cybercrimes, hence the need for all to jointly end the menace to ensure a secure Nigeria, otherwise every internet user would be a victim.

    According to him, cyber security has become essential as individuals and national development increasingly rely on Information Communication Technology (ICT) tools. This, he said, calls for stringent regulations to ensure that criminal elements do not succeed in taking advantage of hapless internet users.

    “The collection and processing of personal data raises significant privacy and data protection concerns for every citizen; the legal remedy to this problem is data protection to ensure privacy,” he said, adding that the conference was apt and a welcomed development in line with the key policy thrust of the government through the Ministry of Communications in view of the rampant activities of the cyber criminals and internet scammers, popularly known as yahoo yahoo.

    Prof Osinbajo urged the participants to come out with  ideas to combat cyber threat, curtail cyber-crime and ensure data privacy practices in Nigeria, as well as produce useful outcome for submission to the government.

    He promised that the government shall surely articulate various submissions emanating from the conference and put them to use.

    Earlier in his address, Cyber Security Experts Association of Nigeria President, Remi Afon called on the government to establish a national cyber security center that will be saddled with the responsibility of co-ordinating and implementing cyber regulations.

    He expressed worry that cyber security threats landscape has evolved rapidly and increased in number and sophistication, which needed to be quickly checked to attain a regime of secured cyber space in Nigeria through concerted efforts from all critical stakeholders.

  • Cyber security trends to watch in 2019

    The planet has made its trip around the sun and as this year closes out, it is imperative to look ahead and think about the risks ahaed. The world is closing in on the next decade of innovation that would see an increase in biometric hacking, phishing attacks and sophisticated use of artificial intelligence (AI) among other top cyber security threats. Attackers are stopping at nothing to steal identities and evade detection through innovative techniques, writes Lucas Ajanaku.

    THIS year, cyber attacks and  breaches of data continued to increase in both frequency   and intensity. Organisations can expect more of the samein the coming year.

    The following will define the year:

     

    Biometric data theft

    While several major leaks of biometric data have already occurred globally, the Middle East and Africa regions could see the first attacks in the theft and use of biometric data in 2019, according to Kaspersky Lab.

    Senior Security Researcher at Kaspersky Lab, Fabio Assolini, said: “As more biometric systems for user identification and authentication are being implemented by various financial institutions in META (Middle East, Turkey and Africa), 2019 will see criminals exposing vulnerabilities in passcodes, touch ID sensors and facial recognition. While many financial organisations consider these emerging biometric-based solutions to improve security over current authentication methods, biometric data will increasingly be used to steal sensitive information.”

     

    AI, machine learning make attacks tougher to detect

    Chief Operating Officer at Telspace Systems, Manuel Corregedor, says 2019 will see more advanced exploitation of AI to carry out and conceal new exploits.

    “I believe we will see an increase in attackers utilising AI and machine learning as a means to make their attacks more difficult to detect or prevent,” he said. However, AI will also change the way the industry deals with threats.

    Cyber Security Specialist at Mimecast, Brian Pinnock, said AI and machine learning will play a more prominent role as the velocity and variety of attacks makes conventional approaches – such as blacklists – outdated and ill-equipped to deal with modern cyber threats.

    “Organisations will realise the importance of threat intelligence and will focus on the need for an ‘intelligence function’ to identify threats,” Pinnock said.

     

    Phishing scams to rise

    As e-mail attacks grow more frequent and complex, more organisations will be left scrambling for new ways to reduce risk and better detect and remediate threats in 2019.

    Pinnock says throughout next year, the most insidious development won’t be new attack types, but, rather, improved execution of existing attack types, especially those delivered via e-mail.

    He said: “Phishing techniques like the use of homoglyphs, elongated URLs, legitimate certifications (green lock), and credential-harvesting sites will increase. Flawless phishes will continue to prey on the gap in human firewalls, pivoting internally around organisations and intensifying efforts to better educate all staff.”

    Research Group leader for cyber defence at the Council for Industrial and Scientific Research (CSIR), Dr Jabu Mtsweni  said phishing scams are still quite popular as cyber security awareness remains low.

    “Denial-of-service attacks on government Web sites were also popular in 2018. This includes injection of malware on government Web sites that remain undetected. In 2019, malicious e-mail and links will continue to be used by criminals to get access to organisations’ networks.”

     

    Fake videos, era of fake news

    UK-based innovation foundation Nesta forecasts that 2019 will see a new level of malicious posts on social media as fake videos set the next stage in fake news.

    Lifelike computer-generated graphics – appearing to show video footage of events that never really happened – will be used to mislead the public.

    “We predict that within the next 12 months, the world will see the release of highly authentic-looking malicious fake videos, which could cause substantial damage to diplomatic relations between countries. Deepfakes, a new AI-based technology that makes it possible to create fake videos of individuals nearly indistinguishable from the real thing, will make this possible,” Nesta said.

    The innovation foundation believes that Deepfakes have the potential to spark a geo-political incident if a politician or celebrity is maliciously impersonated.

     

    Improved existing attack types

    In 2018, cyber attacks and data breaches continued to increase in both frequency and intensity, and organisations can expect more of the same in 2019, according to experts.

    Corregedor said the biggest cyber security event of 2018 is probably just the sheer number of data breaches that have occurred across industry sectors, some utilising advanced attacks, others as a result of mistakes made by the affected organisations.

    Over 4.5 billion data records were compromised worldwide in the first half of this year, according to Gemalto’s latest Breach Level Index.

    Pinnock said better social engineering, increases in credential stuffing attacks, and more complicated malware with multiple stages and different form factors for transmission will make threats incredibly tricky to detect in 2019.

    “With global cyber crime organisations growing in maturity and sophistication, many are now acquiring capabilities that were once the sole reserve of nation states.

    “We’re likely to see these cyber criminals use stolen credentials from the past few years’ data breaches to compromise the security of even the most secure organisations. Even companies with good cyber protection have little protection against the reuse of passwords that have been collected in other breaches,” Pinnock noted.

     

    Marginal dip in crypto currency attacks

    According to Kaspersky Lab, this year saw a rise in the malicious use of crypto currency miners, with virus attacks and malicious software against crypto miners growing almost fourfold.

    Kaspersky predicts that crypto currencies as a means of payment will decline further in 2019, and this trend is expected to lead to a slight decline in crypto currency threats.

    “In the face of huge commissions, slow transfers, a large price for integration, and, most importantly, a small number of customers, the use of crypto currency as a method of payment has declined steadily from 2017 and will continue to decline in 2019,” Kaspersky said.

    However, those crypto currency threats that do occur will be focused on mining malware, with the intervention of new players and the continuation of the use of ransomware.

    “In 2018, the META region became more appealing to cyber criminals, with financial and malicious crypto mining attacks taking centre stage.

    “Illegal mining of crypto currencies increased dramatically to overtake the main threat of the last few years – ransomware. We believe the reason for this is that mining is silent and causes less impact that ransomware, making it less noticeable,” Assolini noted.

     

    Mobile, in-the-app malware

    While malware that runs on the Windows operating system vastly outnumbers malware for any other platform, users of mobile devices are increasingly subject to malicious activity that pushes malware apps to their phones, tablets, or other devices running Android and iOS, according to computer network security company Sophos’ 2019 Threat Report.

    For some time, malicious versions of popular apps were predominantly found on third-party app stores. These can be sketchy places, hosting pirated and/or trojaned versions of legitimate apps, notes the report.

    Unusual malicious campaigns affecting the Android platform – phishing-in-the-app – can be expected in 2019, Sophos warned.

    “In 2018, we discovered one way that criminals can bypass the Play Market’s source code checks was by not including anything malicious in the app itself, but rather by making an app that, in essence, is a browser window to a phishing site. The apps, in this case, were designed in tandem with the phishing site so the user had a seamless experience,” the report noted.

     

    5G to fuel threats

    A number of 5G network infrastructure deployments kicked off this year, and 2019 is expected to be a year of accelerating 5G activity. While it will take time for 5G networks and 5G-capable phones and other devices to become broadly deployed, experts predict growth will occur rapidly.

    According to Symantec’s Cyber Security Predictions: 2019 and Beyond, growing 5G deployments and adoption will expand the cyber-attacks surface area.

    “As a stepping stone to broad deployment of 5G cellular networks, some carriers are offering fixed 5G mobile hotspots and 5G-equipped routers for homes. Given the peak data rate of 5G networks is 10 Gbps, the shift to 5G will catalyse new operational models, new architectures, and, consequently, new vulnerabilities.

    “Over time, more 5G IoT devices will connect directly to the 5G network rather than via a WiFi router. This trend will make those devices more vulnerable to direct attack,” Symantec said.

     

    IIoT attacks increasing

    Industrial IoT (IIoT) attacks through cloud infrastructure and over-reliance on AI in cyber security systems are two critical risks for enterprises in 2019, according to Forcepoint’s 2019 Cyber security Predictions Report.

    The report read in part: “In 2019, attackers will break into industrial IoT devices by attacking the underlying cloud infrastructure.