Office of National Security Adviser (ONSA) has expressed concerns over lack of interest by government agencies and private organizations to use its robust cybersecurity infrastructure for monitoring and securing their digital networks against cyber-attacks, Nigeria CommunicationsWeek has learnt.
Bala Fakandu, deputy director, Office of National Security Adviser (ONSA), said that there are huge gaps between government agencies and private organizations capacity to handle cyber-attack, noting that ONSA has overwhelming information generated through its deployed infrastructure to monitor cyber- attacks in the country which are not being used by the people.
“We have found out that Agencies are scared of using our robust cybersecurity infrastructure to protect and monitor cyber-attacks because they feel that we are going to use the opportunity to spy on them,” he said.
Fakandu stated this at the unveiling of 2017 Nigeria Cyber Security Report in Lagos and stressed the need for collaboration among agencies and organizations in cyber defence strategies.
Unveiling the report, Ikechukwu Nnamani, chairman of Demadiur Systems, said that one of the findings in the report is that Nigeria has the lowest number of cybersecurity expertise.
This according to him ‘is a combination of two things, except reports like this, come out, people will not know because if you don’t have data, you won’t be able to know where you stand and what to do.
“Secondly, there is no clear-cut program to train people and get them certified and secure the system. I believe that Nigeria has been lucky as a country because before now a lot of our critical infrastructure is hosted abroad. With the Internet of things that people are now pushing, the moment you go there you are on an IP address and it becomes a connected system. The moment all these happen and you are not secured, it becomes a problem.
On insider threats, Nnamani said that organizations must recognize that insider threat is a possibility. “Once that happens, it becomes easier to start looking for the solution. One of the advantages of getting managed secured services from a trusted organization with experience is that they help you check based on the business rules that have been set.
“Such an experience organization should be able to know that suddenly a network administrator, for example, is doing something that is not right or intentionally leaving the system vulnerable. An external team can help you manage that because they have nothing to gain to be culpable.
“Most time when you outsource such services, there is always a managed service agreement tied to it, which if you breach, and the company that is supposed to protect you will pay some damages.
Because such agreements are in place, they always try to make sure they are not breached. Ultimately, if you don’t have resources to manage cyber threats inside, then you really need to outsource,” he said.
Daniel Adaramola, information technology unit, Heritage Bank, said the majority of bank data sit in the hands of third-party infrastructure providers which increases the risk of attacks.
He stressed the need for local certifications in cybersecurity to support the existing international certifications such as ISO 27001 and PCIDSS.