There is no doubt that the consequences of the Covid-19 pandemic have triggered remarkable changes in the digital behavior of individuals and organizations. The desire to adapt to the post-pandemic new normal required a thorough assessment of pandemic-related IT and cybersecurity changes.
As businesses adapted to a new operating paradigm in which remote working became the “new normal,” the coronavirus epidemic presented further obstacles. As a result, businesses accelerated their digital transformation and cybersecurity became a major concern.
When cybersecurity concerns are ignored, the reputational, operational, legality and compliance implications can be severe. This article looks at the evolution of cybersecurity in the post-Covid-19 era.
1. OVERVIEW OF CYBERSECURITY
Cybersecurity is a core aspect of information and computer technology (ICT). Cybersecurity is the collection of technologies, processes, and practices that protect a company’s assets from unauthorized access or authorized misuse. Unauthorized personnel can be classified as hackers, nation-state operatives, and script kiddies, while authorized personnel who abuse their assigned privileges are referred to as malicious insiders1.
2. FINTECH CYBERSECURITY THREAT
Financial cyber threats such as extortion, denial of service attacks and credit card fraud have become increasingly common due to the widespread use of various digital wallet techniques. These hacks can potentially compromise the financial sector system. Some of the most well-known hacks in the financial industry have damaged vital economic infrastructure such as messaging systems. Additionally, these attacks can cause service disruptions by destroying hardware and compromising critical business data.
The two most common cyberattacks on FinTechs worldwide are data breaches and distributed denial of service (DDoS).
Covid-19 pandemic – the game changer
Cybersecurity became collateral damage during the Covid-19 pandemic and cyberattacks have become the fastest growing crime globally in the post-Covid era.
The changes in the work environment, particularly the security challenges of remote work, have created a breeding ground for cyberattacks, phishing, the infection of IT systems with malware (including ransomware, spyware, worms, Trojans and viruses) and hacking, among others.
Cybercriminals are taking advantage of the current unprecedented pandemic crisis to launch increasingly sophisticated, massive and frequent cyberattacks. Additionally, the likelihood of cybersecurity incidents increases due to insecure technical infrastructure, poor data security practices, and a lack of cybersecurity awareness as organizations transition to remote work. Today, the healthcare, education and financial sectors are becoming lucrative and soft targets for cybercriminals as their data and ICT infrastructure are critical to day-to-day operations2. Research by the Boston Consulting Group (BCG) found that the banking and finance sector is 300 times more at risk of cyberattacks than other companies.
The case in Nigeria
Cybercrime has become a global phenomenon, with widespread internet connectivity facilitating actions such as bank account robberies, identity theft, identity theft and theft of corporate secrets. Analysis of the most common cyber risks over the past few years has shown that the size and impact of these risks are not constant. As of 2022, Nigerian businesses have been reported to suffer 2308 cyber attacks every week.3
Cyberattacks can have far-reaching and devastating financial and reputational impacts on organizations and individuals. The investigation also found that financial losses and data breaches were the most severe consequences for Nigerian organizations.
Nigerians have become cyber creatures and are spending a lot of time online. As the digital world expands, so does cybercrime in Nigeria. The need to combat these seemingly uncontrollable phenomena led to Cyber Laws in Nigeria. Cyberlaw acts as a shield over cyberspace and prevents cybercrime from occurring. The government is committed to developing and enforcing regulations to combat illegal activity online.4
Cybersecurity legal requirements applicable to organizations in Nigeria (especially related to financial institutions)
Cybercrime in Nigeria is primarily regulated by the Cybercrimes (Prohibition and Regulation) Act of 2015. The Cybercrimes Act prescribes minimum standards that apply across industries in Nigeria and includes within its scope data protection/information security. It was enacted in 2015 to provide much-needed legislation to combat the growing cybercrime threat. An attempt has also been made to merge all other sector-specific regulations that contain cybercrime provisions into coherent legislation.
The Anti-Terrorism Act also includes important provisions to curb cybercrime in financial institutions.
- Sections 19 and 37 of the Cybercrimes Act require financial institutions to:
- grant both posting and access privileges to a single employee;
- implement effective anti-fraud measures to protect customers’ sensitive information;
- Verifying the identity of customers conducting electronic financial transactions before issuing cards and other related electronic devices;
- Apply KYC principles to customers before executing customer electronic funds transfer, payment, direct debit and issuance orders; and
- provide express legal authorization for an unauthorized charge to a customer’s account or reverse such charge within 72 hours.
- In addition, under Section 44 of the Cybercrimes Act, banks and other financial institutions are required to pay a levy of 0.005% of all electronic transactions they conduct to the National Cybersecurity Fund (the “Fund”).
- Section 14 of the Terrorism Protection Act requires financial institutions to report suspicious terrorism-related transactions to the Financial Intelligence Unit within 72 hours of such transactions. The TPA defines “acts of terrorism” as intentionally and maliciously committed acts affecting or destroying a governmental or public facility, transportation system, infrastructure facility, and information system. This obligation arises when the financial institution has reasonable grounds to believe that the funds involved in the transaction:
- obtained from legal or illegal sources but intended to be used for acts of terrorism;
- Proceeds from a terrorist financing crime or
- belonging to a person, entity or organization that is considered a terrorist or terrorist organization.
- The Central Bank of Nigeria mandates all banks and payment service providers to maintain a dedicated fraud desk to assist customers in electronic fraud, suspend or restrict customer accounts upon receipt of fraud complaints, etc.
The post-Covid period is expected to be characterized by financial and operational difficulties and increased cyber threats. This will likely be the new normal until the pandemic is truly behind us and its dust settles. As a result, organizations of all sizes, industries, and financial resources are reassessing their cybersecurity and budget goals. The need to reassess cybersecurity measures has created a shared sense of urgency and a desire to adopt cybersecurity models that include perimeter protection, enhanced automation, next-generation identification, access controls, and integrated security.
It is also imperative that legislators reflect cybersecurity concerns in policy corridors and other appropriate places, as this is likely to lead to a raft of market-driven developments and legislation shortly.
1. Understanding Cybersecurity Management in Fintech by Gurdip Kaur, Ziba Habibi Lashkari & Arash Habibi Lashkari
2. https://bsabh.com/cybersecurity-for-smes/?utm_source=Mondaq&utm_medium=syndication&utm_campaign=LinkedIn integrationRetrieved May 19, 2022 at 12:00 p.m
3. https://businessday.ng/technology/article/nigerian-businesses-suffer-2308-cyber-attacks-every-week/Retrieved May 17, 2022 at 7:55 am
4. https://www.mondaq.com/nigeria/security/1088292/cybercrimes-and-cyber-laws-in-nigeria-all-you-need-to-knowRetrieved May 19, 2022 at 11:41 am
The content of this article is intended to provide a general guide to the topic. Professional advice should be sought in relation to your specific circumstances.