While organizations across West Africa work to recover from the economic impact of the pandemic, the global cybercrime industry is going into overdrive.
An increasingly sophisticated cybercrime industry is launching a range of attacks aimed at organizations and critical infrastructure. Such attacks are growing in volume and sophistication, putting our collective economic recovery at risk at a time when organizations invest more heavily in digital technologies.
Global attacks on Internet of Things devices, for example, have risen 300% in 2019 alone, and cost organizations untold amounts of revenue and disruption to their business operations.
One study found that the average cost of cybercrime is $13-million per successful attack, a huge 72% increase over the past five years. The growing digitization of industries across the region, and the increasing power of the tools at cybercriminals’ disposal, mean the cost of such attacks is likely to grow even further over the coming years.
In short, cyberattacks are posing an existential threat to the economic recovery of the West Africa region.
Cybercriminals set sights on oil and gas ‘whales’
The oil and gas sector is central to the economic fortunes of the West Africa region. In Nigeria alone, the sector accounts for 10% of GDP, and revenue from petroleum exports contributes 86% of total exports revenue.
Upstream revenue for oil and gas in the region is expected to register a compound annual growth rate (CAGR) of 6.7% between 2020 and 2025, while crude oil production could register a CAGR of 9.63% over the same period.
Worryingly, cyberattackers are ruthlessly targeting the global oil and gas sector. A 2017 study found that 68% of companies in the sector had experienced at least one compromise that had resulted in the loss of information or a disruption in their operations in the past year.
In a recent example, cybercriminals successfully shut down the Colonial Pipeline, effectively halting 50% of the supply of petrol and diesel to the US East Coast. In another example, ExxonMobil revealed it blocks more than 64 million emails, 139 million internet access attempts, and 133 000 other potentially malicious actions every month.
The economic consequences of a successful cyberattack on this critical sector can be devastating to a region already suffering collateral damage from the pandemic. The situation calls for a radical rethink of how organizations across the region – and across industries – bolster their defenses and protect against cyberattacks.
Attacks on ERP systems growing
As the nerve center of modern intelligent enterprises, ERP systems are increasingly targeted by cybercriminals. Attackers know these systems run business-critical applications and house sensitive information, so any data breach could provide access to information they can later use in the service of a range of cybercrime activities.
As these systems increasingly shift to the cloud and integrate a growing suite of business applications, the opportunities for cyber attackers increase too.
The amount of transactional data in typical ERP systems, for example, represent a veritable gold mine to cybercriminals. So does the information about vendors, suppliers, and partners – the more cybercriminals know about the internal operations of a business, the easier they will find vulnerabilities to exploit.
The Nigerian Data Protection Regulation, which was announced in 2019, is Nigeria’s most comprehensive data protection law and is set to transform how organizations collect and process data in the country. Organizations should look at shifting their attitudes to security and treat it as a critical business imperative for both compliance and better protection against attack.
Taking steps to securing West African enterprises
A risk-based approach that is endorsed by the board and focuses on protecting the organization’s key assets is needed. Organizations need to get a holistic view of their security risks and then implement solutions and processes that help secure and protect data, applications, systems, and end-users.
The best defenses typically include both technical security and transactional monitoring – in real-time – to allow security teams to take accurate and appropriate action to keep systems operating and data safe.
Integrating an Enterprise Threat Detection solution for example gives insight into suspicious activities in an organization’s ERP and other business-critical applications. This allows organizations to identify breaches as they occur and react in real-time to neutralize any dangers.
A real-time data platform can help efficiently analyze and correlate log data to help security teams understand what happened within an application, database, operating system, or network component, and improve how the organization scouts for cyberattacks across its most valuable IT assets.
The importance of ERP systems to the effective running of West African enterprises makes them prime targets for cyberattacks. SAP has worked with enterprise security leaders around the world to develop tools that seamlessly integrate with ERP systems and help protect an organization’s critical data assets from cyberattacks and data breaches.
Organizations across the region need to recognize the threat that cybercrime pose to their operations, their reputations, their employees, and their partners. Business leaders, their security teams, and their technology partners need to urgently implement new controls or risk becoming the latest victim in a rising tide of highly damaging – and increasingly sophisticated – cybercrime.