[ad_1]
When it comes to cybercrime in Nigeria, the traditional suspects are hackers, scammers, and internet fraudsters who operate from anonymous apartments across the country. But there’s an additional actor in this game, one who rarely makes headlines. Insiders! They are frequently employees, contractor or helpdesk staff.
I’ve seen it too many times. An attacker on the outside can try to guess your password all day, but an insider does not have to guess. They are already aware of this. They have seen it written on a piece of paper in the workplace. Worst case scenario, you may have granted them access to your computer at one time before, hence they can gain access to your computer without any even causing any major breach.
What’s more disturbing is that in many situations, the crime occur through collaborations between two actors. Let us not pretend, there is a lot of financial hardship today. Salaries are not enough, they are often delayed and job security is uncertain. When someone approaches an underpaid employee with an offer to help access customer confidential data, move money in-between accounts, or reset a few accounts, it turns into a moral test that many are unprepared for.
There was a case involving a bank staff member that stood out to me. From the outside, everything appeared to be normal, just another day at the branch. However, behind the scenes, he was collaborating with a fraud ring to gain access to customer accounts. He did not need any hacking tools. He only needed a few internal overrides, resetting security credentials, and turning a blind eye to suspicious transfers. Millions disappeared from various accounts in minutes. And by the time anyone noticed, the damage had already been done, caused by someone trustworthy who was sitting right inside the system.
The sad reality is that small businesses are particularly more vulnerable. Many are unable to afford costly security measures or hire competent security professionals. They show high trust level by providing newly hired employees administrative access. Because they’re busy trying to develop and survive, cybersecurity is frequently neglected until after an incident. However, this is exactly what makes them an easy target.
In many small businesses, one person manages customer service, sales, billing, and IT all at once. If that person goes rogue or is merely manipulated, the consequences can be terrible. Worse, it is often difficult to prove. Also, insiders know how to hide their tracks because they are familiar with the internal structure. And when a company does not even maintain sufficient logs or backups, the consequences are irreversible. When something gets compromised from the inside, no firewall can prevent it.
This article is not meant to bring distrust or paranoia to business owners or business executives. It’s about accepting the truth of where we are. Nigerian firms, particularly those that are still expanding, must take internal controls as seriously as they build products. This includes conducting ethical conversations that includes establishing boundaries, not everyone should have access to everything. It includes understanding what happens when someone resigns and moving quickly to withdraw access. Above all, it includes checking in with your employees not only as workers, but also as humans under stress. The workers that colluded with criminals were not always malicious; they simply thought they had no other choice. The actual solution is more than just stronger passwords and security cameras. It’s in the leadership, culture, fairness, accountability and understanding that, while the threat may emerge from within, so can the remedy. The same people who could jeopardise your business can also help safeguard it if given the proper tools and trust.
.Adesola, Security+
Cybersecurity Analyst
Email: [email protected]
[ad_2]
Source link
Click Here For The Original Source.
