How secure is Nigeria’s cyber space?
By Chukwudi Ekezie and Ijeoma Olorunfemi, News Agency of Nigeria (NAN)
Often Nigerians are inundated with messages on their telephone sets and e-mails asking them to subscribe to goods and services.
The recipients, especially public service workers, are encouraged to apply for loans from micro-credit outfits on very liberal conditions, including not providing securities for the facilities.
Repayments for such loans, which can be obtained within 24 hours, are cheap with interests on single digit.
Others request prospective subscribers to buy household goods on credit and the repayment plan spread overtime.
Prospective subscribers are asked not to worry about the mode of repayment since the vendors can access their payroll information from their employers.
This has often been the case with Federal Government employees enrolled in the Integrated Personnel Payroll Integrated System (IPPIS).
While the promoters of the services claim they work with IPPIS, the agency under the Office of Accountant-General of the Federation, denies knowledge of the transactions. Meanwhile, the workers on the receiving end moan.
Apart from public sector workers, bank customers receive similar solicitations from banks which they do not bank with. The banks ask them to apply for loans.
For instance, in 2015, Amecom investment, a marketing company based in Abuja approached staff of a government agency to solicit patronage for its goods. In spite of not supplying goods, IPPIS deducted sums from the salaries of persons who showed interest.
Mr Livinus Ugochukwu, a former employee of News Agency of Nigeria (NAN) said that in August 2018, IPPIS deducted N10,158.33 from his salary and credited Full Range Micro-Finance company, an organisation he did not know.
Ugochukwu said IPPIS also deducted N8,784 from his salary in May and credited Brain Integrated System, another organisation he did not know.
Another public sector worker, Mrs Hadiza Aliyu, said she received a text message from CreditWallet, a micro-credit company, telling her that she had been pre-qualified for N500,000 loan.
On enquiry about how the loan would be re-paid, a desk officer with the company said the group was working with IPPIS.
In all cases, the data of the prospective subscribers are compromised by organisations and individuals they had been entrusted. And so many worry about the security of Nigeria’s cyber space.
This is more so as Nigeria works toward establishing a digital economy with the re-christening of Ministry of Communications as Ministry of Communications and Digital Economy.
Cyber security or information technology security is the body of technologies, processes and practices designed to protect networks, devices, programmes and data from attack, damage or unauthorised access.
Highly beneficial to government, the military, corporate institutions who store unprecedented, sensitive information on computers and other platforms, such data require protection.
According to Deloitte, a multinational network company that provides audit, tax, consulting, enterprise risk and financial advisory services, countries, including Nigeria, are facing cyber security breaches.
The most recent case was the Facebook data scandal that affected up to 87 million users, while there were cases of phishing attacks, malicious software embedded at the point of payment and ransomware that affected unsusceptible citizens.
Central Bank of Nigeria’s Cyber Security Framework and the European Union’s General Data Protection Regulation (GDPR) raised awareness on cyber security in the country in 2018.
An ICT security expert, Mr Kenneth Okereafor, said there were serious cyber attacks on public, private sector targeting vital operations and assets.
Okereakor said the attacks were organised, disciplined, aggressive, well resourced with perpetrators as nations, terrorist groups, criminals, hackers or people with intention to compromising internet security.
“Currently, there is effective deployment of malicious software causing significant potential disruption of critical information systems and services, as well as over commercialisation of cyber security skills and the exploitation of citizens’ ignorance.’’
The expert said a survey reported that 60 per cent of Nigerian firms suffered cyber attack yearly.
He claimed the Federal Government lacked guidelines and standards for the acquisition of technology infrastructure and solutions across systems as well as risk management processes.
“The mechanism for cyber incident response is not standardised in agencies, government enforcement of compliance to existing cyber security legislations is weak and there is no prioritisation of cyber security capacity development in federal agencies.’’
Okereafor urged government to adopt a single Technology Risk Management Framework supported by legislation to incorporate internet security as part of information system acquisition and implementation.
“As an oversight, the Federal Government can create a single Technology Risk Body to provide a consistent framework for protecting information at all levels.’’
He said with cyber risk management framework, citizens and the country would have enabled strategic, long- term and short-term cyber security and consistent management of technology supply chains.
The expert said the framework would bridge the gap between technology and business and provide realistic support for existing, future regulation requirements.
Dr Vincent Olatunji, the Chairman, Data Implementation Committee, National Information Technology Development Agency (NITDA), also acknowledges the threat to Nigeria’s cyber space.
Olatunji said: “Individuals own their information. Data collected on a consumer cannot be sold to third parties.
“Companies must protect an individual’s Internet Protocol (IP) address or cookie data with the same rigor as a name, address, national identity number and bank verification numbers and also request for data transfer.’’
He said if cyber security must be applicable to systems in the country, privacy of data must be designed in respect of the data subject and policies and procedures for managing security breaches put in place.
“Businesses need to review their data protection policies, technology for compliancy; they should encrypt data in their possession and be up to date with security solutions.
“Personally obtained data and collected by a data controller with consent from the subject should be used for the specific purpose and not for the promotion of businesses or distributed without authorisation,’’ Olatunji said.
Olatunji said the implementation of National Data Protection Regulation (NDPR) would generate revenue for the country and reduce cyber attacks on Information Systems.
He noted that UN Conference on Trade and Development put the value of digital economy at over seven trillion dollars with an annual growth rate of 30 per cent.
The director said regulation would attract investors, create employment, increase Gross Domestic Product, create positive image for the country, make businesses competitive and ensure adaptation to regulation processes of EU GDPR easily.
He added that NDPR would impact organisations and individuals by reducing cost, IT time, maintenance expenses, slower backup and data centre costs.
The Director-General of NITDA, Mr Kashifu Inuwa, said there was increasing use of digital technologies which were continually exposing sensitive information and critical systems to risks and threats in the cyberspace.
Inuwa said cyber criminals accessed government and individual data to mislead the citizens.
According to him, the growth in digital economy is also equating threats that can bring organisations and countries down through financial and reputational losses.
He said government and industries need to enhance cyber security mechanisms in the wake of evolving threats to online activities.
“The growth and potential of the digital economy depends on the trust on the internet and in cyberspace.
“The digital economy is estimated at 22.5 per cent of the world’s economy and yet has not been fully exploited.
“Digital investments have growth multiplier effect in national GDP, where it increases the national economic output.
“The Nigerian digital economy is known to account for up to 13.8 per cent of the nation’s GDP.
“It is, therefore, obvious that the digital economy is a platform to increase the growth of the national economy.
“The digital economy leverages on cyberspace, characterised with evolving cyber threats.’’
The director-general said that security on privacy and trust were critical issues for a thriving digital economy and that government and industries must deploy measures to repose trust in the IT system.
Inuwa, however, said NITDA was responding to the challenge through cyber security trainings for network administrators in Ministries, Departments and Agencies (MDAs) as well as the security agencies.
“NITDA has conducted cyber security Sensitisation Awareness Campaigns in the six geopolitical zones which started in 2018 and is continuous till 2020.
“NITDA has also established a multi-stakeholder platform called Nigeria Cyber Security Alliance for coordinating cyber security activities for the private and public sector in Nigeria.
“We have collaborations with national and international organisations for the implementation of the National Cyber Security Strategy.’’
He said to ensure the regulation kept pace with rapidly evolving technological trends, NITDA also introduced NDPR, National Information Systems in addition to reviewing Network Security Standards n line with its Rulemaking Process.
He said MDAs had a shared responsibility to build resilience, trust and confidence in Internet System.
“We all have a shared responsibility to ensure that we keep government information, services, networks and infrastructure secure.
“We have to work together if we are to increase our resilience against malicious cyber risks and threats.’’ (NANFeatures)
- If used please credit NAN and the writers)
Credit : NAN