REMOTE CONNECTIONS UP 44 PER CENT DURING COVID-19 LOCKDOWN IN NIGERIA
As a result of the COVID-19 Pandemic, many organisations in Africa are finding themselves transitioning their workforce to work from home. IT departments are re-architecting their environments on the fly to allow for remote access. According to a report by Serianu made available to Nigeria Communications Week, “in Nigeria, remote connections have increased by around 44% since the onset of Covid-19 with highest increase realized in March, 2020 after the president declared lockdown in key cities. Lagos is the most affected state, hosting over 40 per cent of the identified vulnerable connections put at over 4,500 vulnerable connections.”
The report noted that with the increased usage of these services comes an increased risk of compromise. Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) services have registered a history of security issues and publicly disclosed vulnerabilities and many organizations are slow to patch their systems for known exploits. William Makatiani, Managing Director, Serianu Limited, identifying how organisations can protect themselves said: “It is important to remember any time you try to access something remotely there is a risk. And because Remote Desktop Protocol fully controls a system, you should regulate, monitor and manage who has access closely.
Enable strong passwords and account lockout policies to defend against brute-force attacks; use two-factor authentication; audit your network for systems using RDP for remote communication. Disable the service if unneeded or install available patches. Users may need to work with their technology vendors to confirm that patches will not affect system processes among others.” Also responding to the report, Kenneth Okereafor, cybersecurity and Biometric expert said that COVID-19 pandemic has a peculiar impact on the state of cybersecurity in Africa, “peculiar due to our unique economic and developmental challenges. The social distancing requirements of the pandemic have necessitated the embrace of technology for remote office colloquially referred to as “Work from Home” since we live in a highly connected world of data”.
He identified three major cybersecurity issues which organisations in Nigeria have to contend with as employees work from outside of a traditional office environment are. “First, sensitive official data being transmitted across unsafe telecommunications channels and poorly-protected telecommuting systems can be intercepted by internet fraudsters and used to defraud banks, gain unauthorized assess activate ransom advantage, or can be simply modified for use in future cybercrime.
“As such, organizations must therefore ensure that their remote work communications channels including WIFI, radio, web portals e.t.c, are protected with strong encryption technologies and intrusion detection systems. “Secondly, data leaks associated with insecure teleworking systems could become rampant due to poor access control mechanisms. The resulting privacy breaches have a long-term negative effect on the reputation of the organization and could trigger costly litigations, operational disruption, or negative impact on business survivability.
“As a remedy, prior to adopting remote work systems, corporate organizations must provide strong identity authentication systems to forestall impersonation and to enforce multi-layered verification of legitimate personnel authorized to access classified data. “More so, with slow networks, remote working could become a nightmare that will affect the prompt availability of data at the point of need. Delayed access to data could impose life-threatening impacts on organizations that rely on the timeliness of data access for services such as banking transactions, emergency healthcare, aviation control, and crime forensics. “To this end, a holistic Coordinated Continental Cybersecurity Agenda (CCCA) to prevent, detect and mitigate the COVID-19 induced cybersecurity breaches is proposed, including benchmarking, idea sharing, cybersecurity legislation and attribution, capacity development, and technology transfer.