Barka da asuba,
That’s “good morning” in Hausa
Nigerian cybercrime apologists sometimes ascribe its perpetrators with a Robin Hood-esque quality. Their defence: They steal from the so-called “rich” to give to the poor.
The presumption is that all victims of cybercrimes are foreigners or foreign entities.
This type of thinking is not only flawed but also self-destructive.
Using that logic, surely Nigerians fall under some other cybercriminal’s “rich” list. As for the digital Robin Hoods, not only does charity begin at home, sometimes, so do their crimes.
Living in denial
In its 2020 State of the Cloud Security report
, cybersecurity giant Sophos surveyed 65 Nigerian organizations and found that 86%
of them had suffered public cloud incidents in the past year.
The study ranked Nigeria #1 for cyberattacks in Africa and #2 in the world after India.
But while the findings are damning, they must be placed in the proper context.
Sophos surveyed 3 times as many Indian businesses as Nigerian businesses, so there are questions around sample size. Also, they only studied 2 African countries, the other being South Africa.
Nigeria’s culture of underreporting and not disclosing cybersecurity incidents obfuscates any meaningful comparison with South Africa.
In February, Nedbank, one of South Africa’s biggest banks, suffered a data breach
that affected 1.7 million customers. Per the POPI Act, the bank disclosed this information to the victims.
If that same incident were to happen in Nigeria, the bank would be required to notify the regulators but they wouldn’t be required to notify the victims.
That needs to change.
Nigerian’s cyberattack immunity bubble needs to burst, while businesses need to suffer the full cost of reputational damage whenever they are unable to protect their customers.