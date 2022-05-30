A new research by Kaspersky, a global cyber-security and digital privacy company, has found that the number of Trojan-PSW (Password Stealing Ware) detections in Nigeria surged by as much as 147 per cent in the first quarter of 2022 when compared with the same period of 2021.

Trojan-PSW, a malware that steals passwords along with other account information, enables attackers to gain access to the corporate network and steal sensitive information.

The firm in its findings published on Monday said small businesses in Nigeria are still in danger of exposure to malware and face an 89 per cent increase in Remote Desktop Protocol attacks in 2022.

A total of “2,654 detections” were reported in 2022 “compared to 1,076 in 2021,” the report said.

According to the statement, when a small business owner is lumbered with the responsibilities of production economics, financial reports and marketing all at the same time, cyber-security can often appear complicated and, at times, unnecessary.

But this disregard for IT security is being exploited by cybercriminals.

Kaspersky said its researchers assessed the dynamics of attacks on small and medium-sized businesses between the first quarter of 2021 and that of 2022 to identify which threats posed an increasing danger to entrepreneurs.

Key findings

While the number of internet attacks decreased in the first four months of 2022 in Nigeria (56,836 infections in 2022 compared to 99,146 infections in 2021), they remain a concern and need to be protected against, Kaspersky stated.

“Even small businesses with limited IT resources still need to protect all their working devices, including computers and mobile phones, from cyber-threats.”

It said with an increasing adoption of the remote working model, many companies have introduced Remote Desktop Protocol, a technology that enables computers on the same corporate network to be linked together and accessed remotely, even when the employees are at home.

In Nigeria, the number of attacks on RDP has increased significantly, precisely by 89 per cent.

“In the first four months of 2021, there were 161 000 RDP attacks detected and blocked by Kaspersky in the country. For the same period in 2022 the number has risen to 303,500 attacks,” the statement said.

Kaspersky stated that having a special security solution enables attack visualisation and provides IT administrators with a convenient tool for incident analysis.

“The faster they can analyse where and how a leak occurred, the better they will be able to solve any negative consequences.”

Denis Parinov, a security researcher added: “With the shift to remote working and the introduction of numerous advanced technologies in the daily operations of even small companies, security measures need to evolve to support these sophisticated setups.”

Cybercriminals, he observed, are already way ahead of the curve so much so that virtually every organisation will experience a breach attempt at some point.

For small companies, it’s not a matter of whether a cyber-security incident will happen but when.

“Having trained staff and an educated IT-specialist is no longer a luxury but a must-have part of your business development,” Parinov said.

Key recommendations

The study suggested that business owners provide staff with basic cyber-security hygiene training considering that many targeted attacks start with phishing or other social engineering techniques.

“Using a protection solution for endpoints and mail servers with anti-phishing capabilities to decrease the chance of infection through phishing emails,” the report said.

Taking key data protection measures often safeguard corporate data and devices, including using password protection, encrypting work devices and ensuring data is backed up.

“Keep work devices physically safe, do not leave them unattended in public, always lock them and use strong passwords and encryption software,” the cyber-security firm advised.

