By SAMSON AKINTARO
With increasing demand for online presence, businesses must also prepare for the inherent risk of cyber-attacks, experts have warned. This came with a declaration that every business, either small or big, that operates in the digital terrain has become a potential target of cybercriminals.
The experts, who spoke at the Nigerian Capital Market Information Security Forum, noted that as businesses are going digital, more and more criminals are also going digital and are even moving ten times faster than the businesses. Speaking specifically on the rise of digital business and digital crimes, Mr. AdeoluBajomo, Executive Director, Market Operations and Technology at the Nigerian Stock Exchange, said 94 per cent of businesses with 10+ employees are now online, while the value of the internet economy in G20 economies is estimated to be $4.2 trillion.
With that, he said there has been 44 per cent increase in cyber incidents (1.4 per organization weekly, while there had been 1.85 million new malware samples in Q1’17 alone, which translates to 323,000 daily or 1 new malware every 4.2 seconds. Bajomo added that global economy now loses $445 billion annually to cybercrimes.
Also speaking at the forum, Mr Tope Aladenusi, Chief Strategy Officer (CSO) for Deloitte West Africa, said for every business online, “cyber-attack is not a matter of if but when. All companies are prone to attack, so if you want to go digital, you must also plan to manage the risk.” Aladenusi expressed worry that most organisations in
Nigeria do not see the need to spend money on cyber security until they experience attack.
Emphasizing the need for organisations to plan ahead for cyber-attacks, MrAdemolaAlabi, CEO AAA Consulting, said with the sophistication of cyber criminals, it is becoming impossible for organisations to avoid attacks totally, but they can limit its impacts by planning ahead and mapping out response plans before it happens. Alabi warned that already, there is a silent rise of cyber army who are between the ages of 15 and 19, being built online, which means that organisations should also double their preparations for attacks.
Also speaking,MrsFavour Femi-Oyewole, Chief Information Security Officer at NSE, said cyber security is often taken solely as an Information Technology problem, while it is a strategic risk management issue. “Cyber security has become a core governance issue for boards as company after company has been rocked by cyber security incidents.
It is a significant risk that can have a huge material impact on the organization and also have the potential to expose board/ council members to personal liability. The Board should proactively stay informed, support awareness programs company-wide, and treat information security as priority” she said.
According to her, the best way to manage this dynamic cyber threat is to develop organizational cyber resilience. “Cyber Resilience is the ability to prepare for and adapt to changing conditions, withstand and recover rapidly from disruptions.We must ensure our technical security controls evolve and adapt to ever-changing cyber threats and vulnerabilities” she said.
On why it may be difficult to end cybercrimes, Bajomomentioned the borderless nature of the threat as a factor. According to him, lack of a harmonized and cooperative regulatory environment also weakens cross-border cooperation while there is shortage of dedicated and skilled IT security specialists and cyber professionals globally.
Advising companies on how to be resilient to cyber-attacks, he urged companies to assess themselves to know their weaknesses and vulnerabilities within theirorganization. “Understand how they connect and prioritize them. Adopt a holistic and formal approach to keep abreast on modern threats and solutions. This would clarify misconceptions surrounding capability and implementations.
Getting security budget approval requires an understanding of numbers; you should be able to build an investment case in acquiring security solutions and making necessary investments to tighten security. Leverage Global Standards: Cybersecurity efforts are most effective when leveraging and building upon existing standards such as ISO 27001:2013 and ISO 27002” Bajomo advised.
The NSE ED also urged governments to secure their digital infrastructures for economic growth and protection. According to him, policy makers can achieve this by: “Providing resources for the development of cyber security; Identifying countries that are safe havens for perpetrators of crime and fraud and target them for diplomatic initiatives formulated to change their practices; Leveraging and building upon existing bilateral and multilateral agreements on cross border prosecutions of crime and espionage; Bolstering awareness and outreach campaigns; Utilizing Private and Public Partnerships to review and continue to improve the state of cyber security in the nation; and Drafting guidelines and directives towards protecting citizens from cybercrime such as the UK’s GDPR and the Nigerian Cybercrime Act.”