In spite of the fact that the Cybercrime Act was passed into law in 2015, key stakeholders, such as the Judiciary and the Law Enforcement agencies are yet to come to terms in understanding and implementing the law. I recently had a discussion with Remi Afon, President of Cyber Security Experts Association of Nigeria on the activities of the Nigerian Cyber Security space.
On whether the Nigerian cyber security space is safe or not, Remi is of the view that it is not yet in a safe position. This is because Nigeria faces a lot of threats and man of the things we are supposed to put in place to allow us move closer to being safe are not in place.. According to him, some of the things that are supposed to be in place include proper regulation. He stated that, although, we have a Cybercrime law in place, there are still some other laws that are supposed to be put in place, such as the Data Protection law. The Data Protection law, he maintained, will force organisations to be more responsible in protecting other people’s data under their custody and the ability to know and inform whenever there is a reach.
Remi stated that lots of attacks are going on in the country which were not reported and these are making organisations very irresponsible. He is of the opinion that there is the need for responsibility, governance and compliance when it comes to cybercrime in Nigeria.
When asked to give examples of cyber-attacks that were not reported, Remi was, however, reluctant to do this because he stated that he got those information in confidence. He, however, opined that some Telecommunications companies in Nigeria, on good report, have admitted being attacked and data stolen from them. He also noted that some banks have been attacked, with some being reported and taken into account by the CBN while others were not reported.
Reacting to the figure of cyber-attacks reeled out by the National Security Adviser for last year, Remi said it is just a tip of the iceberg, noting that lots of cyber-attacks took place in this country last year that went unreported, hence, those figures were not part of the figure stated by the National Security Adviser. He also stated that the figures given was just the financial loss incurred due to the breaches and does not include loss to other countries from cybercrime activities in Nigeria.
On whether Nigeria is taking the issue of Cyber security seriously or not, Remi is of the view that we are not. He stated that there is the need to have a body in charge of cyber security as we have in some advanced countries. He stated that CERRT that is on ground in Nigeria is not working. Their website is not anything to write home about.when compared with similar sites in other countries in terms of threat intelligence carried out, mehods of gathering information and working with stakeholders. Remi, therefore, recommended the complete overhaul of the entire cyber security posture of the country. He stated that a cyber security strategy and policy which were done by the last administration are in place, but these now needs to be implemented.
When asked of what will happen if we neglect to do what we ought to do in terms of checkmating cybercrime, Remi stated that we have a lot of critical infrastructure in this country which can be brought down. Ransomware threats are also on the cards. Reacting to whether hi Association is in collaboration with the security outfits in the country, he said that his Association has been trying to hav an audience with the National Security Adviser but this has not yet materialised. He said security outfits may not be taking his Association seriously because they do not know the impact of cybercrime.
Top cyber security threats that Remi thinks we are facing in Nigeria include Ransomware, The CEO Scam, Online Assisted Kidnapping and Cyber-bullying. He emphasized that cyber-bullying is a crime punishable within the purview of the Cybercrime law, but in spite of the fact that people are carrying out this crime in Nigeria, no one has has been prosecuted so far.
On people’s assertion that the Cybercrime law is tilted towards financial aspects of cybercrime, Remi is of the opinion that it is not true because the law covers both the financial and non-financial aspects of cybercrime. When asked whose responsibility it is to enforce the Cybercrime law, he stated that that is another gap to be filled because the law says that all relevant agencies are responsible for its enforcement. He said that one of the things his Association is advocating for is that a specific body be assigned to enforce the Cybercrime law. The outfit will have to be prosecuting cyber criminals and carrying out and carrying out a lot of research on threat intelligence. He stated that the outfit will have to be proactive and penetrate the dark web to know what is happening there, etc.
Remi is of the view that Blockchain technology is a good technology that has come to stay and the earlier we embrace it because, in the long run, it will make physical cash outdated. He state that there is a way to block money laundering and other vices while using the Blockchain technology.
You can view the full interview here.