Apart from the increasingly sophisticated nature of cyber-attacks, many businesses (in Nigeria) still do not really believe they could be targeted by cyber-attacks, typically arguing they have no data worth stealing.
This was reveled today during a press conference by the Information Technology Systems and Security Professionals (ITSSP), a cybersecurity advocacy group under the Nigerian Computer Society (NCS).
Speaking at the press conference meant to address critical cyber security issues mitigating smooth development of information security in Nigeria, the National President of ITSSP, Professor Adesina Sodiya, said, consequently, the business owners are unwilling to invest in basic security management and control systems, and assumes the IT department will take care of any security issues that may arise.
He emphasized that it is important for the organisations to understand the nature of threats against their businesses and the impact of a breach on production, finances, intellectual property and reputation.
ITSSP major areas are:-
He said, “Organizations must continuously monitor their networks and have the ability to detect and mitigate intrusions as quickly as possible.
“Every organisation must develop information security policies, procedures and plans; and these need to be updated regularly and enforced to help keep pace with the constantly evolving threat landscape. Human beings are often the weakest link”.
According to Prof. Sodiya, an extremely high proportion of attacks involve social engineering approach.
“Many Nigerians, and even people all over the world, are still increasingly fallen victims of socially engineered attacks. In 2016, there are records that financial institutions in Nigeria faced Distributed Denial of Service Attacks (DDoS).
“This confirms that online activities are not completely secured. Security awareness and training are therefore indispensable. Attackers may be using customized attacks, but operating methods typically remain the same”.
“Looking ahead at the future, security will probably be established by balancing controls and risks to produce scalable and flexible strategies. More persistent internal monitoring and sharing of security intelligence are necessary for a more effective security approach. For a security strategy to be workable for the present and the long terms, it is important to look ahead.
“Organizations tend to focus on reacting to security threats rather than being proactive. Functioning in this way provides no future growth in the adoption of the security framework.
“It is essential that organizations remain flexible and adaptable to achieve the long term security benefits.
“The organizations current security state, relative to the risk they are willing to take and effective security alignment will determine the achievable desired security posture for the future”.
Nodding in agreement with the Prof. Sodiya, the Vice President of ITSSP, Liberty Echewodoh, highlighted the need to understand that information security in not only about firewalls, antivirus software and passwords.
“Information security is a continuous process that requires modern approaches and persistent management.
Collaborative strategy and efficient practices are required in protecting valuable assets of organisation to achieve major security goals of confidentiality, integrity and availability (CIA)”, he said.
Meanwhile, Professor Sodiya, added that in the light of the above, it will then require inter-professional expertise and collaboration from IT Security Experts, Investigation officers, Prosecuting officers, Lawyers, Judges and Courts with enough experience to adjudicate in any judicial resolution that involves e-driven activities.
“It is therefore an enormous task to focus on capacity building and sustainability in an environment that is embracing multi-facet e-services like ours without equal amount of energy geared towards developing necessary structures.
He listed the challenges as:
In financial sector, the enormity of fraudulent activities going on daily as being reported periodically by the Fraud Forum Unit of CBN is alarming.
The Central Bank of Nigeria, the Courts, and Federal Bureau of Statistics cannot provide sufficient data that can mitigate such activities adequately. Some banks also experienced distributed denial of service (DDoS) attack in the last two years.
More and more individuals and organisations continue to experience different levels and types of cyber-attacks in Nigeria.
It has been forecasted that the next world war will be fought in the cyberspace. How prepared are we? There is now cold cyber war all over the world.
“Do we have well experience information security experts in various organization? What is the level of cyber readiness in various organization? Where is IT Security Policy for National, State, Agencies, Higher Institutions of learning, as well as coordinating strategies; Media houses both Print and Electronics are not left out because they currently depend on e-platforms to function effective nowadays”.
In view of the above, ITSSP calls for full Implementation of the Cybercrime Act 2018; “Professional bodies should be included in the Council”, the President said.
“ITSSP calls for efficient and coordinated Computer Emergency Response (CERT).: The Cyber Security Act that domicile in National Security Adviser’s office should create a civil arm of Cyber Security in executing its mandate like (Computer Emergency Response Team ‘CERT Nigeria’) with the professional agencies such as NITDA, CPN, Nigeria Computer Society (NCS), NBA where civilian population can easily relate, because the NSA is currently being viewed as arm forces affairs only.
“Strong Collaboration with relevant government agencies. In order to effectively curb the menace of cyber criminals in Nigeria, we seek strong collaboration with relevant stakeholders like CBN, NIRA, NCC, NPF, ICPC, EFCC, NITDA, NBA and banking institutions in Nigeria. Relevant government security agencies like Nigeria Police Force (NPF), Independent Corrupt Practices and Other Related Offences Commission (ICPC), Economic and Financial Crimes Commission (EFCC), and National Identity Management Commission (NIMC)
“There is need for adequate and accurate cybercrime data and statistics in the country. The system for realising this should be developed and maintained by ITSSP. ITSSP will develop an intelligent incident handling system.
“Support for capacity building in all areas of Information Security. NITDA and other stakeholders should support the development of high level skill in Information Technology.
“Of greatest importance is capacity building in this area, the Cyber Crime Art of 2015 in trying to address this established a fund for such development to be managed by its board. As it is now, this fund account is yet to be opened not to talk of collecting fund into it despite the fact that the Board had been in existence for over a year; just like NITDA also set up Information Security Department saddle with responsibility of Cyber Security.
“Civil arm of Cyber security coordination to complement what was done by NSA.
In his contribution, the ITSSP’s National Secretary, Mr. Rogba Adeoye, said that all stakeholders must join and cooperate to fight in the cyber security warfare.
“We need to be proactive and not only reactive. We need to rapidly promote and develop information security in Nigeria”, he said.