1.  Attacks by the Anonymous have exposed vulnerabilities in Nigeria’s cyber space. 

Nigeria fell prey for attacks known as hacktivism. Hacktivism is the act of using legal and/or illegal hacking tools in pursuit of political ends, free speech, and supporting human right and dignity. Those who perpetrate hacktivism are known as hacktivists. They are the modern-day equivalent of political protesters, expressing their frustration digitally. Anonymous is one of the most popular hacktivist groups in the world. 

Hactivist during the EndSARS protests.

The attacks that we saw on Nigerian government institutions, banking institutions and other organizations, were carried out by Hacktivists in support of the EndSARS protests that took place. 

2. How exposed are we?                                                 

During the attacks against Nigerian targets during the EndSARS campaign, there were cases of Doxxing (when a hacktivist group leaks confidential information of public figures) and DDoS attacks (where targeted computer systems are overloaded and  company or organization websites are crashed) that were reported. These included: The release of confidential information of some Nigerian police personnel, the hacking of twitter accounts of the Nigerian Broadcasting Commission, the Disruption of both the Central Bank of Nigeria website, and the Web version of the Nigerian Police Force website.        

The bad news is that the cyber attacks exposed the vulnerabilities of a number of Nigerian entities and institutions, and these were exploited by attackers. The good news is that the Cyber Security departments can begin to put the necessary measures in place to prevent a recurrence in the future.

3. Why so much exposure; what investments are needed to secure sensitive assets and how ready is govt to put money down?

Cyber-attacks are inevitable in today connected world. The discussion around cyber security is not “if” we get attacked, but “when” we get attacked. 

With this understanding, the government departments responsible for cyber security must take the necessary steps to improve their incident prevention, response, management and recovery processes. 

Some of these steps are not expensive, it’s just that it requires meticulous implementation and fewer room for errors. For example, some targeted systems tend to have out-date software. Preventing such attacks in the future will require regular audit of monitoring systems, to ensure they are up to date and functioning as they should. 

Attackers often go after what they deem as soft targets. So organizations must take steps to ensure they are not easy targets. Conducting tests to see where they are exposed/vulnerable and then setting up adequate defenses, will be a step in the right direction.