Messing with data
In a statement issued on Tuesday, Communications and Digital Economy Minister Isa Pantami said at least 1,550,000 attacks were recorded on…
In a statement issued on Tuesday, Communications and Digital Economy Minister Isa Pantami said at least 1,550,000 attacks were recorded on public websites daily before the 25 February elections; they increased to 6,997,277 from within and outside Nigeria on Election Day. The incidents include Distributed Denial of Service, email and IPS attacks, SSH Login Attempts, Brute Force Injection attempts, Path Traversal, Detection Evasion and Forceful Browsing. The statement added that a committee set up to mitigate the activities of cyber criminals during the elections worked from 24–28 February.
Consistent with INEC’s thesis on election security, where it insisted before the elections that its database had come under multiple attacks (at the time, it declined to give a number), Mr Pantami is simply keying into well-known perceptions of Nigeria’s poor track record on cybersecurity. His report begins to diverge from reality in the figures he has mooted. Konbriefing.com, an independent research outfit providing IT security solutions around governance, risk & compliance (GRC), reported that in February, it recorded 115 cyber-attacks worldwide, with the United States and Germany suffering the most breaches with 29 and 24, respectively. The report did not mention Nigeria but had Mali, Morocco and Poland suffering an attack each. More broadly, it is head-scratching for a country to suffer nearly seven million cyber-attacks in one month. However, there are reasons for Pantami’s possible overestimation. In May 2022, the Nigerian Communications Commission (NCC) reported that Nigeria loses about $500 million yearly to cybercrime, accounting for 0.08 percent of the country’s Gross Domestic Product. Many of the attacks have targeted financial institutions, leading to disillusionment with the banking industry by people who have lost their funds to hackers, a problem that regulatory agencies have also noted. In January, the Nigeria Data Protection Bureau (NDPB) said it launched an investigation into (data breach) allegations of unlawful disclosure of banking records, unlawful access and processing of personal data made against Guaranty Trust and Zenith Banks. According to the Nigeria Inter-Bank Settlement System (NIBSS), “within nine months of 2020, fraudsters attempted 46,126 attacks, and they were successful on 41,979 occasions representing 91% of the time.” Such a high success rate is telling of poor cybersecurity infrastructure, and its damming consequences on the country’s economy cannot be overemphasised. Back to the Communications Minister’s comments on the elections, it is difficult to believe his claims when acclaimed cybersecurity insiders say only about 2,200 attacks happen daily in the US. Globally, organisations are said to have dealt with a daily average of 29.3 attacks in the fourth quarter of 2022, and while attacks in the Europe, the Middle East and Africa region (EMEA) were higher than the global average, it is still difficult to see how Nigeria’s election is valuable enough to inspire millions of attacks.