TechPression

Category: Cybercrime

  • Nigeria’s Data Breach: Illegal sites expose personal info for just N100

    Nigeria’s Data Breach: Illegal sites expose personal info for just N100

    Unauthorised websites have illicitly provided access to Nigerian citizens’ sensitive personal and financial data for as little as 100 Naira, Paradigm Initiative revealed.

    This alarming development presents a severe breach of fundamental privacy rights, posing significant risks to individuals and the national economy.

    On March 16, 2024, Fij.ng, an online media outlet, published an exposé titled, “ALERT: XpressVerify, a Private Website, Has Access to Registered Nigerians’ Data and Is Making Money From It.” The report detailed how the website www.XpressVerify.com.ng was accessing and commercialising personal data for profit. Although the website was swiftly taken down, Paradigm Initiative is pursuing legal action for Nigerian citizens.

    Read also: Shield your computer from threats using Norton 360

    Continued Violations

    Following the XpressVerify incident, further investigation revealed another website, AnyVerify.com.ng, which has been operating since November 2023. AnyVerify.com.ng offers a variety of personal data services, including National Identity Number (NIN), Bank Verification Number (BVN), Driving License, International Passport, Tax Identification Number (TIN), and more. All this data is available for just 100 Naira per request.

    Legal Actions and Government Response

    In light of these severe implications, Paradigm Initiative, through its legal partners, Vindich Legal, has issued a pre-action notice to several government agencies, including the National Identity Management Commission (NIMC), Nigeria Data Protection Commission (NDPC), and others. The organisation demands immediate investigation and corrective measures to prevent further breaches.

    Read also: NCC set to tackle e-fraud and data breaches

    Critical Concerns of the Data Breach

    Privacy Violation

    Unauthorised access to personal data is a blatant infringement on the privacy of Nigerian citizens. The dissemination of such information can lead to identity theft, financial fraud, and other malicious activities, including targeting individuals by criminals who purchase data that includes home addresses.

    Economic Impact

    The availability of sensitive financial data online undermines the stability of Nigeria’s banking system. Fraudulent transactions and identity theft can erode public trust in financial institutions, potentially leading to a financial crisis. Recent findings indicate significant losses suffered by financial institutions in Nigeria due to digital manipulation.

    National Security

    The breach of driver’s licence information and other personal data can compromise national security. Such information can be exploited by criminal elements for unlawful activities, posing a threat to the safety and security of the nation.

  • Microsoft Cybersecurity Training for Kenyan Students

    Microsoft Cybersecurity Training for Kenyan Students

    To improve the cybersecurity skills of 100 Kenyan students, the Microsoft Africa Development Centre (ADC) has teamed up with Cyber Shujaa.

    An intense three-month programme is offered to 70 undergraduate and 30 graduate students with fewer than two years of work experience.

    How do the cybersecurity modules help protect against threats?

    The program encompasses eight comprehensive cybersecurity modules delivered through a hybrid learning model, with theoretical and practical instruction delivered one-on-one in the classroom and weekly mentoring meetings.

    Read also: Microsoft, G42 to launch Geothermal-Powered Data Center in Kenya

    “This program is one of several ADC initiatives to improve skill development in Kenya’s tech industry. Although cybersecurity is critical to operations in many sectors, it has remained under-resourced in terms of human capital. This is the ADC’s contribution to establishing Kenya as the go-to destination for cybersecurity professionals, and we are delighted to do so with Cyber Shujaa.

    The participants will receive two Microsoft cybersecurity certificates, putting them in a better position to secure roles in the industry,” said Catherine Muraga, Managing Director of Microsoft ADC.

    Cyber Shujaa, formed by Serianu Limited, USIU-Africa, and the Kenya Bankers Association, teaches youngsters cybersecurity and data protection. Over 500 people have received competency-based skills training.

    Dr. Lola Omole-Odubekun, Interim Vice-Chancellor of USIU-Africa, remarked, “I am pleased to see that this initiative coincides with our strategic goals as a university. Our strategic strategy uses teaching, learning, and research to solve these problems.

    Serianu, a Kenyan company, is enhancing its Cyber Shujaa program to address the skills gap in the cybersecurity industry. The program, launched in 2016, has trained students from 67 universities nationwide. 

    The partnership, which includes Microsoft ADC, aims to provide upskilling opportunities for Kenyan women and men in IT and cybersecurity.

    Why is There a Global Shortage of Cybersecurity Professionals?

    A global shortage of cybersecurity workers has been found in recent studies, which the programme supports. According to a study by Kaspersky Cybersecurity, 41% of companies worldwide do not have enough digital security experts. Furthermore, the World Economic Forum and ISC2 study found that the world lacks 4 million cybersecurity experts.

    As stated in the Microsoft Digital Defence Report 2023, cyber threats have grown in sophistication, speed, and size, which poses problems for the online ecosystem’s security and resiliency.

    Read also: Microsoft Invests $70M in South African economy

    Additionally, the study stresses the significance of basic security measures, strong partnerships, and new developments in AI to fight changing dangers and safeguard the digital realm.

    At the launch, Igor Sakhnov, Corporate Vice President of Engineering at Microsoft, said, “This partnership is not only perfect timing, but it’s also expected to give the industry a much-needed boost, especially in Africa.”

    The programme covers eight topics: forensics, network security, application security, cloud security, incident response, security design, IoT security, and answering security questions. This gives participants a complete understanding of the cybersecurity environment.

    The cybersecurity upskilling project supports Microsoft ADC efforts like the faculty upskilling programme, Game of Learners, and the Women Inspiring and Nurturing Women (WINS) mentorship programme, which promotes IT proficiency.

  • Cybersecurity : Opera Mini Introduces PIN-Guarded Internet Access

    Cybersecurity : Opera Mini Introduces PIN-Guarded Internet Access

    Opera Mini, a global leader in browser innovation, introduced Locked Mode, a security feature for Opera Mini that allows PIN-protected browsing to further strengthen privacy protections.

    Users now have more control over their mobile browsing thanks to the new Locked Mode, which safeguards their tabs, history, and saved data and lets them establish a PIN that is separate from the device’s primary lock passcode.

    Jørgen Arnesen, EVP of Mobile at Opera, commented that PIN-Locked Browsing and Private Downloads redefine how users experience the web on shared devices, ensuring that personal information remains personal. By focusing on what users need most, such as privacy and security, Opera Mini is setting new standards in mobile browsing.

    Read also: 5 key takeaways from Africa CyberFest 2024

    He also added that this commitment is transforming user interactions on shared devices, building a foundation of trust and reliability that stands at the forefront of the mobile industry.

    Opera Mini: Enhanced Privacy Control

    When using Opera Mini in Locked Mode for the first time, users will be requested to set a unique PIN that differs from the PIN on their device. This improves privacy control, especially for those who frequently share an unsecured device with friends and family.

    Immediately the security lock is activated, all new tabs opened and data enters – such as URLs and search engines – are encrypted. These tabs and data are visible only when Locked Mode is active and unlocked with the correct PIN.

    In addition, the browsing history within Locked Mode remains inaccessible from the standard browsing mode, ensuring that any sites visited or searches made are kept private and visible only when Locked Mode is re-entered.

    To effortlessly move between regular and safe browsing modes, users can enable Locked Mode in Opera Mini via the O-Menu or the tabs switcher mode.

    PIN-Locked Browsing: A Game-Changer for Online Privacy

    Recent brand surveys carried out by the company in important regions like Kenya and Nigeria have shown a noteworthy trend: customers prioritise privacy when choosing a browser.

    Read also: Google partners with Kenyan authorities on Cybersecurity

    In these markets, a great deal of respondents, more than 90%, cited privacy as a key consideration when selecting a browser. This demonstrates the increasing worry that people have over the safety of their personal data when using the internet.

    The company responded to this worry by launching PIN-Locked Browsing, an innovative tool meant to tackle privacy issues head-on. Pin-locked browsing allows users to protect their browsers with a special PIN, preventing unauthorised access and guaranteeing the privacy of their personal data.

    When using this function, users can browse the internet with peace of mind because it adds another degree of protection. The company hopes to empower and enlighten users to take charge of their online privacy and secure their personal information from intruders by releasing this new feature.

  • Lagos Launches Cybersecurity Operations Centre (CSOC)

    Lagos Launches Cybersecurity Operations Centre (CSOC)

    The Lagos State Government in Nigeria has established the Cybersecurity Operations Centre (CSOC) to improve digital security and defend public infrastructure from cyberattacks.

    At the 2024 Ministerial Press Briefing at the Bagauda Kaltho Press Centre in Alausa, Lagos, on Monday, May 20, 2024, Honourable Commissioner for Science, Innovation, and Technology Olatunbosun Alake revealed this plan.

    The CSOC will monitor, detect, and respond to cyber threats in real-time, supporting the government’s objective to improve state security and governance.

    Read also: What’s the fuss about the Nigerian Cybersecurity Levy?

    Alake said the cybersecurity effort involved top cybersecurity companies and international groups. These partnerships will give the Lagos State Government cutting-edge technology and expertise to secure its digital infrastructure against intrusions. Advanced technologies and cybersecurity professionals will protect the facility.

    Lagos state Established the Cybersecurity Operations Centre Council

    The Lagos State Government has set up a cybersecurity board to work with the CSOC to create and carry out cybersecurity policies, programmes, and training.

    Alake said that the group comprises experts from the public and private sectors, but they wouldn’t say who they are.

    The council’s primary goal is to improve the state’s defence system by making sure that all security measures work together and are carried out.

    By creating this group, efforts from different areas will be merged to make a unified and all-encompassing hacking strategy. In addition to responding to threats, the council is also in charge of developing long-term plans to make the state’s cyber defences more resilient and better over time.

    Lagos State Launch Data Protection and Digital Transformation Projects

    The Lagos State Government launched the Data Protection Compliance Project to improve data security. Alake stated that the government has begun sensitising Heads of Accounts, Procurement, Planning, Legal Officers, Medical Directors, Body of Permanent Secretaries, Cabinet members, and Heads of Cadres nationwide across all MDAs.

    Read also: Cybersecurity levy circular withdrawn by CBN

    This project creates 70 MDA Data Protection Officers. The initiative protects Lagosians’ data privacy and promotes safe personal and corporate data interactions.

    Governor Babajide Sanwo-Olu launched the 6,000 km Metro-Fibre Duct Project in December 2023 to speed digital transformation. Alake presented an update. According to Alake, phase I of the project installed 2,700 km of uniform fibre ducts across the state. Complete 3,300 kilometres in Phase II. This massive fibre optic network will boost internet access and assist the state’s digital infrastructure, boosting economic and social growth.

    These efforts demonstrate Lagos State’s proactive approach to technology and digital security. By creating the CSOC, cybersecurity council, and data protection and digital transformation programmes, the state is promoting itself as a cybersecurity and digital innovation leader in Nigeria.

  • Morocco ranks 55th in global Cybersecurity rating

    Morocco ranks 55th in global Cybersecurity rating

    Morocco has been ranked 55th out of 70 countries in terms of cybersecurity. This is according to a recent report by MixMode, a prominent cybersecurity solutions provider in California.

    This evaluation considered various indicators, including the National Cybersecurity Index (NCSI), the Global Cybersecurity Index (GCI), the Cyber Exposure Index (CEI), and the Cyber Resilience Index (CRI). These rankings shed light on Morocco’s cybersecurity standing, revealing insights into both its strengths and areas needing improvement.

    Read also: TUC vows to mobilise nationwide protest against Cybersecurity levy

    Morocco’s overall score of 61 points placed it as the leading nation in cybersecurity within North Africa and the third in Africa. Qatar emerged as the frontrunner in the Middle East and North Africa (MENA) region, securing the 25th spot globally. Following closely were Saudi Arabia and the United Arab Emirates, showcasing the region’s collective progress in cybersecurity infrastructure.

    Tackling Cybersecurity Threats and Challenges

    The MixMode report also highlighted significant disparities in cybersecurity readiness worldwide. While countries like Finland, Norway, and Denmark excelled as the least exposed to cyber threats, others faced considerable vulnerabilities. Algeria, for instance, was listed among the top 10 countries globally most exposed to cyber threats, underscoring the urgent need for enhanced cybersecurity measures.

    Cyber threats have evolved into a global concern affecting organizations and governments alike. The MixMode report emphasized the growing sophistication of cyberattacks, ranging from malware to phishing attempts. Traditional security measures often struggle to match these evolving threats, necessitating proactive strategies to mitigate risks effectively.

    A collective effort to combat cyber threats

    Policymakers can leverage comprehensive cybersecurity indicators to formulate robust strategies for bolstering national and global cybersecurity resilience. The insights gleaned from such assessments enable targeted interventions to address vulnerabilities and enhance protective measures.

    Read also: Lawmakers urge CBN to withdraw Cybersecurity levy

    Advancements in technology, such as artificial intelligence (AI) and quantum computing, further complicate the cybersecurity landscape. Managing cyber risks now demands a multi-faceted approach that encompasses not only technical solutions but also regulatory frameworks, public-private partnerships, and international cooperation.

    Cyberspace is no longer an isolated concern but a critical aspect of national and global security strategies. Countries must prioritise cybersecurity investments, awareness, and collaborative efforts to effectively combat cyber threats and safeguard digital ecosystems.

  • Kenya to monitor cyber security threats directed at bloggers

    Kenya to monitor cyber security threats directed at bloggers

    The Kenyan government has established a dedicated unit within the Directorate of Criminal Investigations (DCI) to monitor threats directed towards Kenyan bloggers. 

    Kithure Kindiki, Kenya’s Cabinet Secretary of Interior, told senators that the country’s police are investigating reports of cyberbullying and physical assaults against people who voiced opinions different from the government’s. “Bloggers exercising their freedom of speech through cyberspace” are the intended beneficiaries of the government’s action.

    Read also: Africa Cyber Fest 2024 to address resilience of cybersecurity

    Ongoing investigation on cyber security threats

    Several cases involving gangs are currently under investigation by DCI detectives in 19 counties, according to the CS. During his address to the Kenyan Senate, Kindiki discussed the assassination of Daniel Muthiani Bernard, better known as Sniper, a blogger based in Meru.

    December 2, 2023, was the date of Sniper’s abduction. Nearby Tharaka Nithi county, on the banks of the Mutonga River, his corpse was discovered two weeks later, on December 16th. On December 22, Dr Johansen Oduor, a government pathologist, conducted a postmortem and found that Muthiani had been tortured to death.

    The death of Muthiani was allegedly connected to his alleged criticism of Kawira Mwangaza, the governor of Meru. Tabitha Mutinda, a senator-in-waiting, questioned the CS on the same matter, saying that the killer had a clear goal in mind: to silence those who criticised Governor Kawira.

    Kindiki said that even though the case is complex, they have a “water-tight” procedure in place and that everyone responsible will face the consequences of their actions. Despite his admission that this is a complex crime involving more than five persons, he said that authorities have not yet found sufficient direct or circumstantial evidence to press further charges against anybody else.

    Among the five individuals apprehended and brought before the court is an associate of Governor Mwangaza, Mr Murangiri Kenneth Guantai. Along with them are Vincent Muriithi, Chris (Christus Manyara Kiambi), Brian Mwenda (Brayo), and Dj Kaboom (Bonface Kithinji Njiiyia).

    The case is scheduled to resume on May 24th this year and was last mentioned on April 23rd. While the family awaits the course of justice, the blogger has not been laid to rest.

    Read also: Why CBN’s Cybersecurity levy on electronic transfers is crucial

    The work Kenya still needs to do

    Not long ago, nations all over the globe celebrated World Press Freedom Day. With a score of 53.22, Kenya currently occupies the 102nd spot out of 180 nations. While this is an improvement over 2023’s score of 51.15, press freedom remains a concern in the nation.

    The senseless killings of Peris Mugera and the Meru-based “Sniper” highlight the grave dangers faced by bloggers who voice differing opinions, particularly on political matters.

    The government appears to be making a new effort to safeguard the Fourth Estate. The new special unit will target members of criminal gangs who threaten or physically harm individuals for voicing differing viewpoints online. According to the CS, investigators are looking into multiple cases across 19 counties.

  • Why CBN’s Cybersecurity levy on electronic transfers is crucial

    Why CBN’s Cybersecurity levy on electronic transfers is crucial

    The National Security Adviser would supervise the cyber security levy deduction process, according to the Central Bank of Nigeria (CBN)

    The apex bank’s Director of payments system management, Chibuzor Efobi, and Director of financial policy and regulation, Haruna.B. Mustafa, issued a circular to banks, mobile money operators, payment service providers, and others. 

    According to the statement, the cybersecurity levy is being collected because of the 2024 cybercrime (prohibition, prevention, etc.) Amendment Act. This law says that 0.5% of the value of all electronic transactions should be taken out and put into the National Cyber Security Fund, which the NSA office will run. 

    Read also: Experts discuss cloud computing, Cybersecurity at Africa Cloud and Security Summit

    The memo also said that the deduction would be called a “Cybersecurity levy” and that the relevant financial institutions should start making the deduction two weeks after the secular.
    99538670 2031 4851 83be 0d18be444d66

    According to Section 44 (2)(a) of the Cybercrime (Prohibition, Prevention, etc.) (Amendment) Act 2024, the Office of the National Security Adviser (ONSA) shall administer the National Cybersecurity Fund (NCF), which shall receive a levy of 0.5% (0.005) equivalent to a half per cent of all electronic transactions value by the business specified in the Second Schedule of the Act.

    “Accordingly, all Banks, Other Financial Institutions and Payments Service Providers are at this moment required to implement the above provision of the Act as follows:”

    “Calculate the levy based on the total electronic transfer origination, then deduct and remit by the financial institution.”

    7ed28e52 a86c 4198 b576 554dce9ff319

    “The deducted amount shall be reflected in the customer’s account with the narration: ‘Cybersecurity Levy’.”

    Failure to comply with the cybersecurity levy: What happens?

    In addition, the apex banks warned that businesses that don’t pay their bills on time would face fines of at least 2% of their annual sales, as set out in the updated Cyber Crime Prohibition and Prevention Act. 

    “Penalties for Not Following Through” According to Section 44(8) of the Act, failing to pay the tax is a crime that can lead to a fine of at least 2% of the business’s annual turnover, among other things. 

    What changes will the CBN’s cybersecurity levy bring to financial institutions 

    It’s a significant change in the rules for Nigeria’s digital economy that the Central Bank of Nigeria recently told financial institutions they need to place a cybersecurity fee.

    All electronic transfers must have 0.5% of the value taken away by banks, mobile money operators, and payment service providers. This money must then be sent to the National Cyber Security Fund.

    In our increasingly connected digital world, cyber threats are becoming more common. This fund, run by the Office of the National Security Adviser, is meant to strengthen the country’s defences against these threats.

    Read also: Lagos sets up Cyber Security Advisory Board

    The government’s action shows that it is serious about protecting digital assets and keeping financial activities safe from possible cybercrime. However, this new tax also comes with problems and effects for both companies and consumers.

    The transaction fee may raise worries about the rising cost of digital services for ordinary consumers, affecting consumer behaviour and digital adoption.

    On the business side, companies have to change their financial plans to account for the levy. That’s to ensure they follow the rules while keeping their running costs low.

    The strategy is essential, and the harsh punishment for not following it—at least 2% of the annual turnover for companies that don’t—makes that point even more apparent. As this regulation takes effect, its implementation and players’ response will likely shape Nigeria’s digital finance ecosystem.

  • SHELT launches new business unit in Nigeria

    SHELT launches new business unit in Nigeria

    A new SHELT System Integration (SHELT SI) business unit in Nigeria has been launched by the prominent cybersecurity solutions provider SHELT.

    Expanding its offerings to accelerate Nigeria’s digital transformation, SHELT builds on its solid reputation over six years of serving the nation’s financial, telecom, and government sectors. Cyber Immune Limited, a Nigerian subsidiary of SHELT, will run the new division.

    With SHELT SI’s impartial and trustworthy knowledge, SHELT can help its Nigerian customers create and deploy solutions that are state-of-the-art, resilient, secure, and scalable.

    To attract Nigeria’s best and brightest minds, SHELT SI will team up with industry heavyweights to offer solutions for networking and cloud management, security, collaboration, managed services, communication, and IT professionals.

    Read also: Zambia arrests 22 Chinese men, others for Internet fraud

    About SHELT System Integration (SHELT SI) business unit

    It is believed that the new business unit will significantly accelerate SHELT’s expansion into Nigeria. After six years of reliable service to Nigeria’s banking, telecom, and government sectors, the firm claims to diversify its offerings to hasten its digital transition.

    As a result, SHELT SI, the new business unit, will become an essential part of the company’s offerings, helping clients in Nigeria with the development and execution of innovative, secure, resilient, and scalable solutions.

    Along with attracting top talent in Nigeria, the new business unit is expected to forge strategic partnerships with global leaders to offer various solutions, including networking and cloud management, security, collaboration, managed services, communication, and IT professional services.

    Cyber Immune Limited’s Country Manager in Nigeria, Mr Walid Bou Abssi, expressed his immense pride at the launch of SHELT SI in a statement about the expansion and its implications for the cybersecurity company. They are committed to supporting the country’s digital evolution, as evidenced by this expansion. Offering an unrivalled value proposition, SHELT SI is dedicated to delivering exceptional service to clients and fostering innovation and resilience in Nigeria’s cybersecurity and network infrastructure space.

    SHELT’s growth in Nigeria

    The establishment of this new division is the most recent in a series of planned investments by the corporation in Nigeria. The cloud and cybersecurity firm moved its headquarters to Lagos two months ago with the launch of its Security Operations Centre (SOC).

    Read also: How Cybercriminals evolve with technology

    In a statement, the company said that moving its headquarters to Nigeria reaffirms its commitment to investing in the country’s economy and developing its cybersecurity talent. A cutting-edge, round-the-clock SOC is available at the new SHELT Headquarters to assist customers in Nigeria and throughout Africa.

    The leading cybersecurity firm has also just launched its Training Academy, where aspiring and seasoned cybersecurity professionals can enrol to learn from the best in the business.

    In partnership with global cybersecurity organisations, the company’s Training Academy will grant students credentials, according to the business.

    Introducing the Training Academy, Mr. Walid Bou Abssi, Country Manager of SHELT Cyber Immune Limited, expressed his enthusiasm for the numerous future opportunities that the company will have thanks to the Academy’s launch.

  • How Cybercriminals evolve with technology

    How Cybercriminals evolve with technology

    The cyber threat landscape continues to develop, and ransomware and extortion will be lost in 2023 after two years of high but stable activity.

    Hackers are attacking IT and physical supply chains, unleashing mass cyberattacks, and finding new ways to blackmail organisations of all sizes. As expected, customers and clients prioritise cyber risk in the annual Allianz Risk Barometer study.

    In 2023, ransomware claims increased by over 50%. Ransomware-as-a-Service (RaaS) kits, which cost as little as $40, have contributed to the rise in attacks. Gangs also execute attacks faster, averaging four days compared to 60 in 2019.

    Nowadays, most ransomware attacks steal personal or sensitive commercial data, increasing their cost, complexity, and reputational risk. Allianz Commercial, a worldwide insurer, found that data exfiltration is tripling from 40% in 2019 to over 80% in 2022, with activity in 2023 tracking even higher.

    The cat-and-mouse game of protecting an organisation from penetration favours cyber criminals. Threat actors are studying ways to automate and accelerate attacks with AI to create more effective malware and phishing. With the rise of linked mobile devices and 5G-enabled IoT, cyberattacks are projected to accelerate.

    Read also: Cybercriminals take advantage of Black Friday with fake stores

    Cybercriminals’ methods evolve with technology. Cyberattacks increased in 2024, becoming more complex and widespread. Allianz’s worldwide risk engineers monitor the cyber scene to help organisations mitigate new threats. These threats are on our radar: 

    The power of AI (to accelerate cyber-attacks)

    It has come to my attention that AI-powered language models, such as ChatGPT, are being utilised by threat actors to generate code. Generative AI has the potential to assist individuals with limited expertise in the field of cybersecurity in developing fresh versions and variations of existing ransomware. This could lead to a rise in the number of attacks they can carry out. Given the evolving landscape of cybersecurity threats, we must reinforce our defences against the potential rise of AI-powered attacks.

    Voice simulation software has emerged as a potent tool for cybercriminals. There was an incident involving the CEO of a British energy provider who fell victim to a scam. They transferred approximately US$250,000 to a fraudster after receiving a call from someone claiming to be the head of the unit’s parent company. The caller requested the CEO to wire money to a supposed supplier. The voice was created using artificial intelligence. There is a concerning trend where deepfake video technology, initially created and marketed for malicious phishing scams, is now available on the internet at shockingly affordable prices, starting as low as US$20 per minute.

    There is a silver lining to this situation. There may be an increase in AI-enabled incidents in the future. However, the implementation of AI-supported detection systems should aid in the early identification of such incidents.

    Mobile devices expose personal and business data.

    Cybercriminals like smartphones, tablets, and computers with lax security and personal and business data. Poor mobile device cybersecurity has generated more occurrences for Allianz Commercial. Many companies authorised private device access to their corporate network without multi-factor authentication during the pandemic. This caused multiple successful cyberattacks and substantial insurance claims.

    Criminals target mobile devices with malware to obtain remote access, steal login credentials, or spread ransomware. Personal gadgets have weaker security. Public wi-fi can expose such gadgets to social media phishing attacks.

    Since 5G will power more connected devices, including sophisticated applications like autonomous cars and smart cities, it could cause problems if not appropriately regulated. Many IoT devices are easily discoverable, have poor cyber security, and lack MFA measures, which, together with AI, pose a severe cyber danger. Devices with default passwords are still online.

    Cyber security skills shortage affects the cost and frequency of incidents.

    Managing cybersecurity efforts will become more challenging due to a growing shortage of professionals. As an IT project manager, it’s essential to be aware of the current global cybersecurity workforce gap, which currently stands at over four million people. The demand for cyber security professionals is growing twice the supply rate, highlighting the urgent need for skilled individuals. According to Gartner, over half of significant cyber incidents by 2025 will be attributed to a talent shortage or human error.

    Due to the rapid advancements in technology, there is a shortage of skilled individuals to address the growing number of threats effectively. Getting skilled cyber security engineers is a significant challenge, leaving companies vulnerable to cyber events.

    Having a team of skilled personnel is crucial for effectively predicting and preventing incidents, ultimately minimising potential losses in the future. Like an IT project manager, the scarcity of cyber security experts also impacts the financial implications of an incident.

    According to the IBM Cost of a Data Breach Report 2023, organisations facing a shortage of security skills, experienced an average data breach cost of US$5.36mn, approximately 20% higher than the overall average cost.

    Read also: NCC issues public alerts on cybercriminals spreading malware

    Emerging cyber risks require early detection.

    Preventing cyberattacks is more complex and riskier. Thus, early detection and response systems are becoming increasingly vital.

    An unnoticed network gap could be your Achilles heel. Without efficient early detection technologies, unplanned downtime, additional costs, and a more significant impact on customers, revenue, profitability, and reputation might result.

    IT security budgets are mostly spent on prevention, with 35% on detection and response.

    Undiscovered intrusions can swiftly expand, and once data is encrypted and stolen, expenses can skyrocket—1,000 times higher. The difference between a €20,000 and € 20 loss.

    Future investments for most companies will include detecting tools. Early identification and good response will reduce cyber-attack damage and preserve the cyber insurance business.

  • Hackers breach SA’s corporate registration

    Hackers breach SA’s corporate registration

    The South African Companies and Intellectual Property Commission (CIPC), responsible for business registration and IP protection, reported a cyberattack on February 29th that let clients’ and workers’ information slip. As soon as the breach was discovered, specific CIPC platforms were shut down to limit potential damage.

    The agency said that current investigations would soon find out how much information was lost and share that information with the public. When founded in 2008, the CIPC took care of the records of millions of South African businesses. Its job is to make sure that Company and Intellectual Property Laws are followed and to make business easier.

    Read also: Lapsus$ Hackers Group Leak nearly 200 Gigabytes of Samsung Source Code In Cyber Attack

    The breach makes people worry that the names, addresses, and contact information of directors, owners, and copyright and trademark holders could be made public. Clients who were affected were told by CIPC to keep a close eye on their credit card transactions and only authorise requests that they knew were real.

    The agency regretted the security breach and worked to minimise client and employee impact. This incident is part of a more significant cyber threat trend facing the Department of Defence, the Western Cape Provincial Parliament, the Council for Scientific and Industrial Research, and President Cyril Ramaphosa.

    According to Section 22 of the Protection of Personal Information Act, 4 of 2013, CIPC’s media release was compliant. It described ICT and information security teams’ immediate responses, isolation, and confinement. The announcement warned affected clients to be cautious with financial transactions during the inquiry.

    CIPC’s Chief Strategy Executive, Mr. Lungile Dukwana, apologised for any inconvenience and assured stakeholders that all systems and platforms are being secured against unauthorised access.

    Hackers Send Fake, Data Breaches Notifications To Trezor Users

    Concerns and Risks After CIPC’s Cybersecurity Breach

    CIPC’s media statement transparency shows responsibility and proactive communication. Further inquiry and action may be needed to resolve regulatory concerns and ensure data protection law compliance, particularly the Protection of Personal Information Act.

    As the inquiry continues, concerned clients and staff may seek an explanation and resolution from the regulator, which could lead to enforcement measures. The Cybercrimes Act requires law enforcement cooperation to find perpetrators and preserve evidence for criminal procedures.

    Businesses and individuals can reduce data breach risks by remaining updated about CIPC’s response, addressing disputes with the authority, and improving cybersecurity.

    Given the changing cybersecurity landscape, organisations and people must be aware and take preventive steps to secure personal data and prevent attacks. To protect data and fight cyberattacks, government, corporate, and public collaboration is essential.