Enterprises are facing increasing threats which call for improved security tools that can be smoothly integrated into increasingly complex and diverse networks and critical infrastructure, and on the other, rapidly mounting competency from malicious actors.
This was the unanimous view of speakers at ESET Security Day 2021 held in Lagos recently.
The experts believe that to further address this in a comprehensive manner, businesses must deploy Endpoint Detection and Response (EDR) to ensure their entire platform is now secured.
The speakers also opined that both government and private sector operators must not neglect to secure the third-party data in their possession and should comply with data protection regulations.
Mr. Olufemi Ake, managing director, ESET West Africa (Anglophone countries), said that the conference held since 2011 aimed to educate subscribers and partners in West Africa on most issues that are currently trending around cybersecurity threats.
“We also viewed ESET Security Day 2021 to get closer to our subscribers and prospective customers. We also learned from them as they shared experiences in the corporate world in respect to security”, he said.
Speaking on ESET’s strides to protect its users from the rampaging cyber traitors, he said that with one billion users protected by ESET it is a great testament to the robust solutions and legacies products the company has built over the three decades ago.
“We have over a billion users that we secure globally currently. If you consider the fact that we have an agreement with Google to secure the backend of Chrome, you can deduce that with the number of Google Chrome users that amounts to over half a billion. So, we make bold to say that we have over one billion people that trust us to secure their devices. We are excited about this.
While addressing the customers in the West African region cutting across individuals, government, and private sector, he said that it is imperative for them (customers) to comply with privacy and security regulations.
“Like one of our speakers said, there has been debate about security and compliance, which one comes first. I would say that security should be considered first. Obviously, if you are not secured you can’t comply with set rules. All businesses in Nigeria and West Africa in general should value the third-party data in their domain. They should be responsible for securing the data. It is not just about making profits; it is also about preventing losses through direct leaks or through third-party subscribers who trust them to share their data with them.
This goes to show the need for encryption, multi-factor authentication, etc., to ensure the loose ends are protected.
Speaking on ‘Compliance: Staying Ahead and Undistracted’, Daniel Adaramola, a cybersecurity risk management expert, defined Information security as the protection of an organization against threats.
He said that while compliance to regulatory standards is important, however, the key driver of information security is the need to protect against constant threats to an organization.
“Regulatory compliance is done when the third party is satisfied. Information security is a carrot as it motivates the company to protect itself. There are also questions as to whether cybersecurity should be driven by government bodies.”
“Well, on one hand, they need to be involved in the protection of critical national assets. If those assets are down, it portrays grave danger to the economy and the nation at large. For instance, if the telcos are down, no connectivity, and the aviation sector, it means no flight to depart or arrive in the country. It is a huge economic sabotage.”
“Same time, there are areas where the private sector should be given the opportunity to thrive”, Adaramola explained.
Fowler Oriyomi, a cybersecurity risk consultant, talked about Managing Hybrid Systems in an Enterprise Environment, noting that as companies race to the cloud to improve efficiencies, reduce costs, and foster flexibility and agility, they are creating a patchwork of different cybersecurity protocols.
Oriyomi, who doubles as the Head of IT at Dangote, described the modern post-COVID company as “one million-armed octopus in thousands of locations and every arm is a digital access point that can be compromised by script kidders, social hackers, professional criminal hacking organisation or even nation-state actors”.
He aligned with the school of thought that “only by managing security in all those million access points can a company ensure safety – and avoid becoming another ransomware story on national news”.
He listed hybrid cloud operational concerns as include growing cyber threats, on-going regulatory push like the Nigeria Data Protection Regulation (NDPR), compliance related issues, inability of security to keep up with the pace of change in application, amongst others.
Speaking on IT security regulatory compliance, Oriyomi said that expectations have grown in the past two years and have impacted companies’ operations.
He however said that compliance is good for organisations to maintain standards. “These regulatory compliances attract fines and quite a number of organisations wouldn’t want that. It is GDPR in Europe, NDPR in Nigeria, POPI Act in South Africa and the regulations keep coming. And if you look at the clauses carrying fines there is no company that would want to fall into that.
Also speaking, Habeeb Adebisi, a senior digital security associate at Co-Creation Hub, advised organizations to intensify their cybersecurity defense approach.
He said it is regrettable that most people, including businesses, ignore security advisories and end up paying huge penalties as research finding indicates 90% of Organisations in Nigeria have suffered breaches.
“Our mandate is to ensure technology works in African society. We look at the West and see how technology is improving life and such is lacking here. So, along the line we discovered that one area people tend to ignore until it is late is security. For this reason, we take it very seriously”.
He said for instance, Cc-Hub’s Digital Rights and Inclusion has a cybersecurity approach and led to the establishment of DIGnified.
“We want to make sure technology works for everybody, but at the same time ensure the protection of the workers against malicious actors who are constantly working to breach their system and disrupt the workflow.
“About four years ago, we came up with the ‘Tech Squad’ programme, made up of young people interested in learning about technology and specifically in security. We train them and deploy them to organisations. By this, organisations in Nigeria will become more conscious of the security of their digital space.
“We also launched the SafeOnlineBus campaign through which we educate the masses on issues around the subject. We are also launching another campaign in collaboration with ESET called ‘Safer Kids Online’”.
He thanked ESET West Africa for believing in CCHub especially with regards to the Safer Kids Online.
Also commenting, Olabanji Soledayo, the marketing and retail sales manager at ESET Nigeria, said that is no longer enough to have basic anti-virus on a system.
According to him, threats have been designed to evolve to defeat the basic anti-virus. “So, in the enterprise environment where you have over 100 devices, there is a need for a dependable Endpoint Detection and Response (EDR) solution.”
Recall that version 1.4 of ESET Enterprise Inspector (EEI) was launched last year. EEI is a sophisticated Endpoint Detection and Response (EDR) tool that monitors and evaluates suspicious activity occurring on the network in real time and allows IT security admins to take immediate action when and where needed.
For over 30 years, ESET has become the European leader in cybersecurity solutions, and to date protects more than 1 billion users worldwide.
Since 2011, ESET has been organizing the ESET Security Days, an international event bringing together players in the cybersecurity ecosystem in nearly 50 countries.
ESET Security Day West Africa is part of a process of reflection and discussion between representatives of public institutions, researchers, users, and recognized experts on cybersecurity issues.
ESET Security Day is a professional all-day conference that responds to current events, regulations or legislative changes related to security and protection of personal data.
It also deals with the latest security solutions suitable for the corporate environment. An integral part of conferences is the introduction of the latest technologies and solutions that help companies prevent security incidents.