Sub-Saharan Africa’s SMEs, A Growing Favorite Target Of Threat Actors

When it comes to malware development and infection campaigns, it does not matter where the vulnerable computer systems are located. Malware in the wild are not limiting themselves to just infecting devices from a certain region or country, they don’t respect national borders once it is already on the public Internet. Sophos has emphasized that fact when they checked the malware situation in Sub-Saharan Africa, more particularly, Nigeria. In Nigeria, 60% of businesses usually encounter a once-a-year infection of one or two of their computers used for day-to-day operations.

Of all of Nigeria’s firms, the antimalware vendor revealed that only 38% have enough cybersecurity infrastructure to handle the aftermath of a cyber attack. The biggest sector that is fully vulnerable are the SMEs (Small and Medium Enterprise), from the data coming from Sophos’ study, 43% of the attacks are against SMEs. Unfortunately, due to limited funding, only 14% of SMEs in Nigeria can survive after a typical cyber attack.

“Cyber-criminals and hackers will infiltrate your company through your weakest link, which is almost never in the information technology (IT) department,” emphasized Jimi Falaiye, Sophos Nigeria Country Manager.

Malware authors do not need to reinvent the wheel when it comes to infection propagation for their creations. All they need is the creation of mass emails containing malicious attachments, the same technique successful malware used in the late 90s and early 2000. Many computer users still refuse to change their behavior, as opening a malicious attachment from a random email message is still an effective way to spread virus infections between computers at least up to the year 2018. The persistence of users of opening attachment is, in fact, responsible for 94% of all infection incidents in Nigeria. In a conservative estimate, Sophos believe that $1 trillion is being spent yearly just to contain malware infection globally, an amount of money so huge that it can help a country with their financial issues if used for national interest.

“Reports revealed that 81 percent of businesses have experienced ransomware; 66 percent have suffered a data breach; 35 percent were victims of ransomware. Antivirus protects you from classic dangers such as known viruses, Trojans, and worms – ‘known’ being the operative word here. An antivirus cannot protect without a signature database for detection. But, most antivirus programmes are reactive. A study has found that a typical anti-virus will only stop between 30 and 50 percent of new malware when it first appears. Unless the anti-virus software has seen a particular threat in the past, it won’t necessarily protect your computer,” explained Nathanael Odofin, Sidmach Technologies Research analyst.

Any company that highly depend on antivirus software only is just waiting for trouble in both the long run and the short run. System security has aspects beyond installing software that scans for malware alone, one of which is patching the software being used as soon as the update becomes available. “It is not about security for just the hardware, the emails and everything within your network protocol that requires protection, this forum was basically organized to bring these professionals together and expose them to insights about what is happening in Nigeria and across the world,” said Olanrewaju Adelanwa, Sidmach’s CEO