The International Telecommunications Union (ITU) has evaluated nations in the Global Cyber security Index (GCI), and placed Nigeria on number 14. It, therefore, behoves on all exposed to the computer or internet, whether as a group, individual or organisation in Nigeria to be wary of the threat. AYONI M. AGBABIAKA reports.
Cyber security requires coordinated efforts throughout an information system Elements of cyber security include: Application security, Information security, Network security, Disaster recovery / business continuity planning, Operational security and End-user education One of the most problematic elements of cyber security is the quickly and constantly evolving nature of security risks.
The traditional approach has been to focus most resources on the most crucial system components and protect against the biggest known threats, which necessitated leaving some less important system components undefended and some less dangerous risks not protected against.
Such an approach is insufficient in the current environment.
What is cyber security? Cyber security comprises technologies, processes and controls that are designed to protect systems, networks and data from cyber attacks. Effective cyber security reduces the risk of cyber attacks, and protects organizations and individuals from the unauthorized exploitation of systems, networks and technologies.
What are the consequences of a cyber attack? Cyber attacks can disrupt and cause considerable financial and reputational damage to even the most resilient organisation.
If you suffer a cyber attack, you stand to lose assets, reputation and business, and potentially face regulatory fines and litigation – as well as the costs of remediation. The UK government’s Cyber Security Breaches Survey 2017 found that the average cost of a cyber security breach for a large business is £19,600 and for a small to medium-sized business is £1,570.
The cyber threats organisations face Although larger organisations tend to have a realistic appreciation of the cyber threats they face, many small to medium-sized enterprises are unclear about the ways in which they’re vulnerable, and as many as 45% mistakenly think they’re not a viable target. In fact, all Internet-facing organizations are at risk of attack.
And it’s not a question of if you’ll be attacked, but when you’ll be attacked. The majority of cyber attacks are automated and indiscriminate, exploiting known vulnerabilities rather than targeting specific organizations. Your organization could be being breached right now and you might not even be aware.
Creating a solid cyber security foundation The most effective strategy to mitigate and minimize the effects of a cyber attack is to build a solid foundation upon which to grow your cyber security technology stack. Solution providers often tell their clients their applications are 100% compatible and will operate seamlessly with the current IT infrastructure, and for the most part, this is true.
The problem arises when we start adding IT security solutions from different manufacturers regardless of the granularity of their configuration settings – technology gaps will always be present. And technology gaps will always appear for one simple reason: developers will always keep certain portions of their code proprietary as part of their competitive advantage. Hence, true compatibility and interoperability may only be 90%.
These are known as technology gaps. It is through these gaps that attacks usually occur. A solid cyber security foundation will identify these gaps and propose the appropriate action to take to mitigate the risk of an attack. A solid foundation provides organisations the confi dence to build their cyber security strategies.
Cyber incident response management The speed at which you identify a breach, combat the spread of malware, prevent unauthorized access to data and remediate the threat will make a significant difference in controlling risk, costs and exposure during an incident. Effective incident response processes can reduce the risk of future incidents occurring. With an effective incident response plan, you will be able to detect incidents at an earlier stage and develop an effective defense against the attack.
The Nigerian approach To deal with the current environment, advisory organizations are promoting a more proactive and adaptive approach. With the global and peculiarity of Nigeria cyber space the National Information Technology Development Agency (NITDA), NITDA has commenced this year’s nationwide cyber security awareness workshops.
These sensitization exercise is part of the Agency’s continuous efforts aimed at equipping citizens with foundational knowledge as well as share best practices on staying safe in cyberspace. NITDA in a statement by the Director – General, Dr. Issa Ali Pantami, stressed that “there has been a tremendous increase in the number of incidences where Nigerians have lost money and data through vulnerabilities arising from lack of knowledge on how to manage their online presence and personal details.
“ The cybercriminals use social engineering, phishing mails, and probably specific to Nigeria, the use of text messages pretending to be sent from banks, requesting for PIN or revalidation of BVN numbers. “To the unaware, such are the sources where vital information needed for making unauthorized withdrawals from victims’ bank accounts occur. The Agency added that “A more worrisome and recent trend is the SIM Swap cases, where the victim’s SIM card is swapped; an operation that makes the victim’s phone inaccessible while funds are transferred. NITDA stressed that “Knowing that everyone that uses ICT devices is vulnerable, these workshops target executives of registered associations and groups (translated into the most predominant language of the zone), with the ultimate aim to reach their members.
“We have also deployed effective conventional channels and social media in conveying the stay-safe message. The workshops use presentations and interactive demonstration of trending concepts like SMS, SIM Swap, malware, phishing, social engineering and its manifestations, to disseminate the staysafe tips. Cyber security has attracted the attention of governments, enterprises, groups and individuals and countries owing to the damage it could cause a nation’s economy should critical infrastructure be affected.
“The International Telecommunications Union (ITU) has evaluated nations in the Global Cyber security Index (GCI), placing Nigeria on number 14. He noted that these programmes are also aimed at improving the county’s standing on GCI. Also, NITDA has planned effective capacity building programmes that will culminate in organizational and individual certifications, while using Research and Development (R&D) results to feed these enlightenment programmes and aid relevant Agencies and Corporates in permanent mitigation strategy. It has also utilized interagency collaborations for improved legal and institutional framework for a holistic improvement in the cyber security resilience of and profile of the country. The first phase of the series of workshop was held in Katsina, Katsina state for the North west Zone on Thursday 29th March, 2018 and attracted participants from government agencies, military and paramilitary organizations, the academia, registered cooperatives and associations and the private sector from the states of the zone.
The second phase has been concluded on Thursday 19th April, 2018 at Yenagoa, Bayelsa state, for the South south Zone with participation from all states of the zone. “Dates and venues for subsequent workshops will be made public in due course,” he assured The National Information Technology Development Agency (NITDA) is an agency of the federal government. The Agency was created in April 2001 to implement the Nigerian Information Technology Policy and co-ordinate general IT development and regulation in the country.
Specifically, Section 6(a, c & j) of the Act mandates NITDA to create a framework for the planning, research, development, standardization, application, coordination, monitoring, evaluation and regulation of Information Technology practices, activities and systems in Nigeria; and render advisory services in all information technology matters to the public and private sectors including introducing appropriate information technology legislations and ways of enhancing national security and the vibrancy of the industry
