Cyber security experts have decried the level of preparedness of Nigerian organizations against cyber-attacks as a follow-up to a recent cyber security report which finds that over 90 percent of Nigerian organizations are operating below the security poverty line significantly exposing themselves to cyber security risks.
Joseph Mathenge, chief operating officer, Serianu- one of the authors of the report, described security poverty line as inability to meet basic needs necessary to detect cyber threats.
“When an organization does not have process and resources in-house to secure their organization against external or within attacks, unfortunately, in Nigeria we witnessed the overwhelming sense of hopelessness in being unable to meet anyone life basic needs.
“In our report we build on the concept of the security poverty line in which an organization is seen to be unable to effectively protect itself from cyber threat.
“In 2018 all organization needs to measure whether they have adequately invested to protect, detect, respond and recover to cyber events,” he added.
Ike Nnamani, president, Demadiur Systems, another contributor to the report, added components of security poverty line to include, policies on Bring Your Own Device (BYOD) of staff, monitoring of devices staff brought to the network as well as policy on insider staff that are disgruntled checking to tackle if such staff wants to perpetrate fraud.
Nnamani who spoke to Nigeria CommunicationsWeek on some of the key finding of the report, noted that 81 percent of cyber security incidents either go unreported or unsolved.
He said that the implication of this scenario allows the cyber criminals to get away with the crime if it is not reported to law enforcement agencies.
“When it is not reported it will be difficult to put the right policies in-place to prevent future occurrences. When it is unsolved, it shows that the right regulatory and legal policies are not yet in-place to ensure that law enforcement agents can prosecute offenders and get them punished,” he added.
On $649M annual cost of cyber- attacks in Nigeria, Nnamani identified areas that constitutes the figure to include, insider threat $194M representing 30%, attacks on computer system (unauthorized access and malware) $130M representing 20%, social engineering/ identity theft $97M accounting for 15% among others.
He stressed the need to create awareness as well as for organizations to work with the right agency to put in-place legal and regulatory framework that will ensure the cyber-criminals are punished.
“We need to fortify our critical national infrastructure against cyber-attacks,” he said.
Nnamani however, urged that Nigerian-specific cyber security program that takes into consideration the peculiarities of its environment and unique threats we face as a country need to be developed across all sectors of the society.
“Expertise has to be developed on how to identify potential security breaches, detect breaches when they occur in a timely manner, remedy the breaches, and develop mechanism against future similar occurrences,” he noted.