Connect with us


Cyber Security Maturity across Sectors; Lessons from the Colonial Pipeline experience

It is common knowledge that cyber security aims at ensuring confidentiality, integrity and availability of data and critical information, writes Chioma Chigozie-Okwum



Chioma Chigozie-Okwum

Cyber threats feed on the vulnerabilities of their targets, they exploit loopholes in the security paraphernalia to wreck havocs.

This is the chief reason why it is imperative for enterprises across all sectors to reduce their risk appetites to its barest minimum.

It is common knowledge that cyber security aims at ensuring confidentiality, integrity and availability of data and critical information.

The focus of enterprises with regards to cyber safety however, depend on their business model and the type of services they provide, as this determines what deliverable is of more value to them. For financial institutions, the confidentiality of data and information is paramount as this helps them ensure that there are no unauthorized access to critical credentials guarding customers’ funds.

Manufacturing and operational enterprises place critical value on availability of data and information as delay could cause colossal damages leading up to huge losses in revenue.

Integrity of data is of chief importance in some other sectors like education, health etc.

Growing and improving cybersecurity maturity hence is fundamental and should be pursued by every sector of human endeavour, this is because cyber incidents occur across sectors and is not localized solely to the financial sector.

The colonial pipeline breech of the 7th of May 2021, that witnessed the American oil company fall prey to ransomware attack, where an old Virtual Private Network that didn’t require a second layer authentication was exploited by cyber threats, causing the company losses in revenue, loss of public image, dissatisfaction of their teeming customers, and nearly 5 million Dollars in paid ransom.

ALSO READ  Kaspersky detects doubling of email spoofing attacks in recent months

The lessons that must be taken away from this incident are one too many, hence the need for enterprises to critically analyse this incident and draw valid lessons towards safeguarding their enterprises. The lessons drawn include:

Cyber incidents have the tendency of crippling the functionality of both information technologies and operational technologies in an organization, this effects could grind an organization’s operations to an abrupt halt. This has become more prevalent as enterprises increasingly deploy IoTs.

This hence raises the concern of operational enterprises and indeed enterprises across all sectors in Nigeria, to embrace total quality management in their deployment of cyber security regimes.

Cyber threats feed on the vulnerability of their preys

Cyber threats patiently and meticulously test the vulnerability of target’s perimeter in a bid to identify loopholes through which they would gain foothold, launch command and control, escalate privileges and unleash attacks.

It becomes imperative that enterprises ensure that they test extensively and eliminate loose ends.

Old connections, obsolete hardware, abandoned software, disengaged staff, malicious insiders and poorly implemented authentication regimes are mostly exploited by cyber threats.

Cyber security is a process and not an event, cyber security teams should focus and secure critical infrastructure and ensure staffers understand the dangers a breech can cause. This promotes strict adherence to cyber security hygiene best practices and hence eliminates vulnerabilities arising from human errors.

Ransomware attacks are on the increase

Individuals, organizations and governments are targeted daily in several attacks. Cyber threats cripple the activities of their victims until ransoms are paid.

ALSO READ  GhostEmperor: Chinese-speaking APT targets high-profile victims using unknown rootkit - Kaspersky

The danger in obliging ransomware attacks is the uncertainty of threats pulling the plugs on the attacks even when ransoms have been paid.

There is no certainty as to if the hijacked contents would be returned unmutilated, neither is there certainty that the attacks would not be repeated. It hence is imperative enterprises ensure total quality risk management. The best form of security is proactively wedging off attacks.

The discussion of cyber security maturity for enterprises in Nigeria should be a critical discussion making headlines in cyber talks.

The need to bring enterprises to the knowledge that cyber threats attacks not just financial institutions but other none financial institution alike and bringing them to the realization that the results of these could be crippling and devastating, is a noble cause to embark upon.

Cyber security is a global challenge and treating it as such is vital if we hope to enjoy the serenity that comes with safety online.

Author’s bio:

Chioma Chigozie-Okwum indigenous to Imo State, Nigeria is a cyber-security researcher, content creator, educator, speaker, strategic planner and “tech-futurist”.

Chioma is currently a lecturer at the department computer science as well as the Director of Information and Communication Technology at the Spiritan University, Nneochi, Abia State, with interests in human factor security, indigenous solution development and persuasive cyber safety adoption.

She can be reached via: [email protected]

1 Comment

1 Comment

  1. Pingback: Cyber Security Maturity Across Sectors; Lessons From The Colonial Pipeline Experience | Techvalley

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.