Ben Uzor Jr
The cybersecurity capabilities in many
Nigerian companies have not kept pace with a rapidly changing world, Tope
Aladenusi, head, security privacy and resiliency, Deloitte, said at the Chief
Information Security Officers (CISO) Roundtable conference on cybersecurity. This
worrisome situation, according to him poses grave danger to the sustainability
and longevity of the business, as successful cyber attacks could have negative
impact on shareholder value. The Lagos conference however provided a veritable
platform for CISOs in the financial services, oil and gas, telecommunications
industry, amongst others, to share contemporary ideas on current trends and
mitigation measures in an evolving cybersecurity landscape. The conference,
Aladenusi said is coming at a time when data from critical sectors of the
economy are migrating online and are been exposed to complex and sophisticated
cyber attacks.
He listed some of the possible cyber
threats, the assets they could affect, and the overall consequence of successful
attacks. “For example, Denial of Service attacks (DOS) can adversely affect an
online service. The attendant reduction in the amount of sales could ultimately
lead to revenue loss”, he added. In his presentation, entitled: ‘Cyber-attacks:
Current Trends and mitigation measures’, Aladenusi said current trends have
shown that even the most security conscious organisations are constantly been
compromised by malware, inspite of the high expenditure on IT security. “The
traditional approach to information security is very reactive; it waits for
incidents to occur and relies on controls such as firewalls, anti-virus,
passwords, Intrusion detection/prevention systems (IDS/IPS) etc.
“However, these traditional security
controls are becoming less effective against modern day threats as: Firewalls
can be easily bypassed, Passwords are crackable, Antivirus, IDS/IPS is limited
…. Most cyber attacks that occur go undetected and unaddressed. He advised
businesses to move towards developing a more proactive, preemptive, and mature
approach towards security. Speaking in the same vein, Osioke Ojior, Group chief
risk officer, Interswitch, said there was need for Nigerian firms to begin to
integrate cybersecurity into their business strategy. Outlining proposed
activities for security and strategy, he told the conference: “Define processes
to support business functions. Prioritise processes with respect to the
strategy. Define types of information needed to execute, incorporate security
requirements into processes, and establish enterprise architecture with
embedded information security architecture. Kayode Alawonde, head of
Information Technology, Asset Management Corporation of Nigeria (AMCON) spoke
on the role of insider threats in orchestrating cyberattacks.
He said insider threats are threats
within organisations that can potentially exploit vulnerabilities of
information assets. People, according to him are the weakest chain of
information security and need to be secured for total Security. Insider
threats, Alawonde added should be looked at in the context of the Information
Security Triad of confidentiality, integrity and availability. “Businesses need
to deal with unauthorised disclosure of information assets.Who is seeing what
they should not see? Who can take out information that they require within the
company alone? They need to deal with unauthorised modification of information
assets. Who can modify data illicitly to get gain? How prone are systems to
accidental modifications?“Lastly, they need to deal with accessibility to
Information assets when required. Can authorised staff access information as at
when required? Is there any disruption of services possible?” he added.
No comments:
Post a Comment