Security Survey on E-Business Platforms in Nigeria
A deeper level of detail
With the Cashless Policy initiative introduced by the Central Bank of Nigeria, there has been an astronomical growth in e-Business in Nigeria. The channels used for e-Business range from the Internet Banking sites to online retail stores and mobile payment delivery channels. As a result of the rapid adoption of e-Businesses across various industries and institutions, there are also growing concerns about the security of these new business platforms (underlying technology, transactional environment etc.) and the potential misuse of personally identifiable information (PII).
The Security, Privacy and Resiliency team of Deloitte conducted a security survey of e-Business platforms in Nigeria. It was carried out using passive web analysis techniques described in the methodology documented in page 7.
Information was collected from the e-Business platforms of over 120 organisations in Nigeria. The organisations included in the survey covered the following industries:
- Banking and Financial Institutions
- IT/Telecommunication companies
- Payment processors
- Online retail markets
The main objectives of this survey were:
- To evaluate the security level of e-Business platforms, technology and supporting infrastructure covered in this survey.
- To provide a statistical representation of vulnerabilities and weaknesses in e-Business platforms in Nigeria.
- To raise awareness about the security risks of unsecure e-Business platforms and provide security tips and recommendations to improve the security of Nigeria's cyberspace.
The survey was carried out between April 2013 and June 2013. Statistical techniques were used to reach the conclusions and platform-specific information was not revealed. Our analysis revealed that a large number of e-Business platforms in Nigeria exist with security flaws that could be easily exploited by a hacker or malicious user in performing unauthorised online transactions on such platforms. Security flaws like unsecure transmission of user login credentials, disclosure of sensitive user and technology information and poor session management, appeared to be pervasive across e-Business platforms in various industries.
Our results showed that of the total platforms sampled, online shops/retail markets appeared to have the highest number of information security flaws, closely followed by financial institutions. In addition, 28% of the e-Business platforms reviewed transmit user credentials over unsecure channels (e.g. a user's password is transmitted in plain text). This makes the user's password visible to a malicious user or hacker who may intercept the communication between a user's system and the e-Business application server.
We hope this survey results would provide more insight on the security posture of the e-Business platforms in Nigeria and provide tips on how we can secure these platforms.