Cyber threats are real. A securitymagazine.com report states that a cyber-attack occurs every 36 seconds. Now, think about the import of this in a world that is predicted to have over one trillion devices in a few years; this simply means that there will always be a vulnerable device available to be attacked.
The reality is that I have remained a committed advocate of technological advancement and development in Nigeria because I believe it can help us ramp up development, deal with the shameful problem of corruption and other vices. However, at the back of my mind, I understand the risks associated with such advocacy and that is the possible catastrophe ahead if we do not improve the cybersecurity consciousness of all stakeholders. So, what I find most worrisome is that in many cases of breaches, the weakest link is always a human being. For attacks on organisations, the hackers usually try to target an individual in that organisation. The big question is what can be done in such a situation?
One important measure is to come up with possible ways of preventing hacks into their systems by setting up measures that are capable of combating such breaches. Put simply, there are ways an individual can better protect his/her information from getting breached. A very fundamental way to do this, which should be known by an average Internet user, is to avoid using the same password across all your online platforms. This is to avoid a situation whereby all your online accounts can be compromised once one of your online accounts gets compromised. By having different passwords for each of your online accounts, you have the assurance that your other accounts remain largely safe, as the hackers cannot gain access to them.
I would like to consider the views of some experts on this matter. Braden Perry, a cybersecurity expert, gave his overview and one of his postulations is that traditionally, IT was not understood initially by many companies, especially by their top management. The role and responsibility of IT departments in some of these companies did not get the much-deserved support. After the various incidences of cyber-attacks, there now appears to be an increased understanding between the IT departments and management.
The top management cadre of many companies now mostly have renewed interest in their IT departments and they have, of course, been looking at the need to get updated resources that will keep the organisation and its data safe. Sadly, a number of companies are, however, still paying less attention when it comes to upgrading their information security system. They may, however, have cause to regret their nonchalant attitude towards ensuring the establishment of tight security measures in order to protect their online data from the prowling hackers.
Companies should realise that upgrading of security is paramount in the fight against cybercrime. Whenever a cybersecurity company rolls out an upgrade on any of its security products that your company is utilising, ensure that you carry out the upgrade. This is because failure to constantly upgrade as and when due renders your security obsolete in no time and exposes your online data to vulnerabilities from hackers.
From observations, board members, who are sometimes part of top management, tend to discard issues that they are not familiar with. For instance, when an IT department presents a plan for online security, the board members may want to defer the matter to a later date and by the time they realise the need to go ahead with the initial proactive plan of the IT department, it may then have become a reactive plan because cybercriminals may have struck from the point of vulnerabilities. It is imperative to get an experienced cybersecurity professional on board your organisation to serve as a liaison between the top management and the IT department. In case this is not, however, possible in your company, you should already take a cue from this piece, as a company owner or board member with no IT background or skills, to take seriously any request to tighten the online security of your company seriously.
A cybersecurity policy needs the right environment to be created for it to run at its optimal level and not only that, those policies must be proactive and not reactive to ensure that the company’s online data are secured all the time. “Is it 100 per cent safe? No, but…: Is 100 per cent cybersecurity safety possible. No. But every person/organisation should implement best practices to reduce the risk significantly,” the President and Chief Executive Officer, PhoenixNAP Global IT Services, Ian McClarty, said.
McClarty also noted that one of the ways to avoid a breach in cybersecurity is by avoiding free Wi-Fi connections. “There is always the problem of the ‘middle-man’ attack in such cases. You can get around this by not auto-connecting to unreliable Wi-Fi networks, but in the eventuality that you need to use it, then a VPN solution that blocks malicious traffic from your device is advised,” he added.
Can there ever be no incidences of cyber threats? From all indications, the answer is a resounding no. There are far too many threats to guarantee 100 per cent safety. However, measures can be put in place to minimise its effects. It all starts with continuously raising awareness about these issues.
In the words of the President, Cyber Security Experts Association of Nigeria, Remi Afon, “Nigeria has become more vulnerable to various cyber-attacks with no adequate controls and legal framework in place to combat this menace. The increase in cybercrime in Nigeria can be attributed to lack of policy direction and leadership by the government to combat the scourge. While cybercriminals are collaborating, sharing information and providing 24/7 support services in the dark web on various cybercrime activities, ranging from malware creation, compromised passwords sale, zero-day vulnerabilities, the government and private sectors are working in silos.”
There is no gainsaying the fact that we need to continuously increase cybersecurity consciousness for the benefit of Nigeria’s digital future.
ICT Clinic by CFA is published weekly in the Sunday Punch