Nigeria: Companies’ Losses to Data Theft Bigger than Financial Fraud
Olufemi Ake, country manager, ESET Nigeria and Ghana has called for comprehensive approach to combating and mitigating cybercrimes in the West Africa market, adding that focusing squarely on electronic financial (eFinancial) frauds to the expense of other sectors would create room for increased data/information loss by companies.
Ake, who spoke to Nigeria CommunicationsWeek in his office on the sideline of 2016 CyberXchange Conference said that Nigeria and neighbouring countries must step up cyber crime laws enforcement too.
Ake spearheads the strengthening of the ESET brand in the region by opening access to strong, trust-based relationships with private & public sectors and ensuring symbiotic business relationship and growth with partners of ESET within the operational markets.
Before joining the Africa markets, he had offered professional advice and consultancy services to clients in the United Kingdom while working with Capita, Lloyds Banking Group and BNP Paribas Real Estate. He had acquired indispensable knowledge in analysing market trends and implementing business requirements from the organisations he has worked for to date.
Ake relocated to join Diageo Plc where he worked with regional sales teams that collectively improved and implemented strategic plans for sales distribution with a number of initiatives which made a huge impact within months where he recorded an outstanding growth of +5.9% & +5.2% in Market Share in two top brand categories in 2012. ESET is equally benefitting from his wealth of experience with phenomenal double-digits growth recorded year-on-year since joining the business.
He graduated as a Planner at the University of Sheffield, United Kingdom and has immense passion in impacting lives positively. His best part of his experience is the ability to work with people of different social and moral background, taking their views on board and applying them to various elements of his profession. He spoke to Peter Oluka
How to Manage ‘Insider’ Instigated System Breaches There is always the saying (I will use ICT security in this case as an example) ‘ICT security is as good as the weakest link of the strong chain’. So, you can have millions of dollars ICT security investment, but if the ‘user’ or staff is ‘weak’ when it comes to taking measures not to expose the organisation, you need to be concerned. They have to be aware of the dangers of not keeping company’s ‘data or information’ secured. They need to ask levels of questions while dealing with outsiders. This is how social hacking occurs- where an insider provides information to an external person, allowing access to company data or secure environment. So, it is advisable to have concrete arrangement with your staff on how to manage the gateway to the company data/information.
West African Cyber Security Ecosystem To put it straight, individuals, organsiations and the government at large, will be in trouble if cyber criminals come to terms the resources available in West African market. In the other hand, if we know what we can gain financially and otherwise by preventing attacks, we can reduce the risks. Organizations in the West African region need to step up their cyber defense, especially Nigeria and Ghana. The markets’ focus has been on electronic financial frauds involving individuals. However, cyber crime goes beyond efinancial fraud. Our government agencies need to be watchful on how information and data is kept. Big data, Internet of Things (IoTs), artificial intelligence and so many internet dependent devices, robots as well, are pushing for availability of more data online, especially with third party involvement. The focus should be that our data are secured, because is not just money. Many of them do it for bragging rights. They steal as much data, disrupt systems/data, selling data abroad just for fun/fame or to prove a right. Therefore, we need to focus on comprehensive approach to information/data security, not just financial fraud. According to Barrister Adebayo Shittu, Minister of Communications, we lost about N127billion to cyber crime in 2015, but if you measure what companies lose to information and data theft, it is beyond measures. We have to ensure companies put strong levels of security to prevent impending dooms, especially in regards to securing customers’ data.
Enforcement Key to Cyber Security There is no option to enforcement in entrenching cyber security processes in any organization or among government agencies. You can have ‘paper-tiger’ laws; very robust in its provisions, but without enforcement, the system can never feel the impact. Take for instance, in Lagos, there are laws prohibiting indiscriminate parking of cars, however, not until LASTMA and other agencies took it up, the laws were ‘somehow’ idle. To some people, because enforcement involves money, they would want to cut corners. But, if you refuse to insure your car, for instance, when an accident happens, you bite your tongue. This applies to institutions; if you have policy framework, maybe to have two-factor authentication for internal processes which is supposed to curb unauthorized access to company network or resources and there is no enforcement to that effect, people can breach it. Some companies even forget or play down on renewing their cyber security licenses. That makes them even more vulnerable.
Free Internet/Downloadable Anti-Virus: How Secured? They are safe and secured to an extent. We also offer such free anti-viruses for mobile and computers ranging from three months to year usage. But they give you basic anti-malware and virus. When it comes to taking to another level like anti-phishing as a feature to prevent intentional hacking targeted at your user name and password, the free anti-virus wouldn’t give you such protection. We also have a feature called anti-theft, which helps you lock and wipe device data remotely and also gives you information on recovering your lost or stolen mobile phone or computer. It also takes webcam or phone camera pictures of the unsolicited user of the lost or stolen device; which is a sort of insight on recovering your device. So, I will not advice people to depend so much on free anti-virus downloadable from the internet.
Telecos, Banks and Phish Emails The first step to preventing falling prey of phish emails is: ‘if you are not sure, do not click’. Someone sends you congratulatory email or text that you have won a jackpot. But, it is obvious you never played a raffle. On the banks’ side, they clone the emails and send you message, asking for confirmation of a transaction. Did you do such transaction? Do you think a bank will send you email requesting for password or PIN? This sort of mail is meant to scare you. By clicking, you automatically grant them access to your computer or data and may end up collecting your sensitive information or even going as far as encrypting your files. So, in that case, what is advisable is to call the bank if you are in doubt and if related to financial transactions. If it is general phishing email, please do delete immediately from your inbox.
Growing Cyber Threat On Schools, NGOs, Religious Organisations, etc. ESET’s message to everyone is: secure your devices. As far as your device is connected to the internet or you use it to exchange data, there is need to secure it. Before now, churches, schools or non-governmental organizations seemed not attractive to cyber criminals, but we have seen a growing number of schools coming to us to secure their environment due to increasing cyber security threats. You have exam questions, payrolls, congregation personal and sensitive data and so many other information that requires protection. Can you imagine a scenario where a pastor has prepared his sermon and on Sunday morning upon mounting the podium, he file gets encrypted or completely erased? In the present world, your eyeglasses, microwave, refrigerator and others will get connected, it calls for more care. Cyber criminals ‘seize’ air control towers and redirect aircrafts or make them ‘blind’ and they can’t land. The world can be shut down. Recently, we have seen high profile internet security breaches. That’s why I said the more Nigeria is being recognized at the international scene, the more cyber related attacks we should expect.
Sectorial ICT Security: Health It is going to be disastrous when cyber criminals face the health sector. The only thing is that most of our hospitals are still paper prone environment. However incidences in the health sector actually lead to breakup of homes, suicide, especially when they expected the hospital site to be protected. This is because doctors hold tons of confidential records of patients which in the real sense of it, should be encrypted and kept away from any third-party. Exposing these would certainly lead to disruption, series of lawsuits, and distrust in the system. So, the emergence of paperless hospitals is better for higher productivity, but the hackers tend to feed on them too. Hence there as an exchange of data, it can be intercepted. Imagine a hacker goes into a hospital’s records and steal information about the President’s or a Governor’s health status, publish same, it can cause chaos in the society.
Grooming Cyber Security ‘Armies’ The government should support IT. I like what the current administration is trying to do by focusing on IT entrepreneurs. There is so much focus on Nigeria lately which cumulated to the founder of Facebook paying a visit to Co-creation Hub and Andela. It is a positive sign that IT is recognized. However, there is need for more support in providing direct IT jobs in the civil service and soft landing for entrepreneurs to set up their businesses in order to create more jobs within and outside of the IT sector. There are so many bureaucratic processes that need to be revisited. IT is expensive currently in Nigeria because we import most of the solutions we provide. If we are able to provide them locally; Nigerians writing IT security codes, providing security solutions and setting up research centres to analyse malware and other forms of threats, it will provide safe climate for us and we can export too. At that point, IT security becomes cheaper and companies wouldn’t be reluctant in renewing licenses in some cases.
ESET’s Impact On Cyber Security Solutions in Nigeria ESET, basically, focuses more on educating and sensitizing our users and the public in generalon the importance of IT security. The aim is to have our users enjoy safer technology and secure all data-exchange or internet-connected devices –‘smartphone, tablet, servers or computers’ with our easy to use and affordable security solutions. That is our goal.
Solutions ESET solutions are segmented into two, tailored to provide security for users at home and businesses. We have business security solutions such as Two-Factor Authentication (2FA), Back-Up and Recovery, Data Encryption, Data Loss Prevention, Productivity Management, Enterprise Endpoint, Server and Mail Security Solutions. Our Two-Factor Authentication (2FA) solution helps prevent unauthorised access to companies’ data or the environment. These days, usernames and password are becoming less secure and cumbersome for users to manage hence the need for additional level of security which our 2FA solution offers with a one-time digital burn-after password which can be set up on user’s mobile devices. We also provide solutions which offer Full-Disk encryption to help secure data and information running through your mobile phones or computers. This helps prevent third-party access to your data in case of loss or theft. Our home security solutions offer Parental Control, Internet Security, Antivirus and Mobile Security for personal devices. The ESET Parental Control helps parents manage children’s activities on their mobile phones and internet with web and application control features.
ESET’s Preparedness to Offer Insights to Users on Cyber Security Prevention Absolutely, we are proactively leading a course for insights to aid users be ahead of breaches. In light of this, ESET have released a threat intelligence service that can be used by companies to detect, analyse emerging threats and also go as far as actively preventing potential damages, or at least to implement the necessary measures to mitigate them. The essence is to provide organisations the idea of where to prevent such happenings in near future. The solution is called ESET Threat Intelligence and it is compatible with all non-ESET existing security solutions within the company IT infrastructure.
On our subscriptions, we are quite affordable as compared to others. To businesses, ESET is one of most affordable and effective IT security solutions that they can buy in Nigeria and Ghana. Every now and then, we also run cost-cutting promotions for our users to have soft landing when buying or renewing their licenses due to the economic situation of the country. ESET recognizes Nigeria and Ghana; that is why we are here.