绿帽献妻

*Experts, in a recent survey, stated 90 percent of respondents highlighted that decisions Information Technology leaders made have left companies and organisations vulnerable, and recommended the need to reform cyber-risk training in order to regain some control of this

Gbenga Kayode | 绿帽献妻

It is a universal objective statement of fact that the increasing wave of malware attacks on businesses, organisations and governments in cyberspace has continued to be on the front-burner of telecommunications and Information and Communications Technology (ICT) cybersecurity-related discourses in recent times.

绿帽献妻 had reported that Ric Longenecker, Chief Information Security Officer (CISO) at Open Systems, in an interview disclosed there are four million vacant positions in cybersecurity industry worldwide, but the cybercrime world is not short of talent at any time!

The expert stated that 鈥渢he idea of me as a CISO finding, hiring, and trusting a brilliant potential cybercriminal is a real stretch.鈥�

Longenecker also asked rhetorically: Why does anyone become a criminal? Opportunity, circumstances (environment), and timing.

鈥淎nd right now, if you live in some countries and are smart, there’s more opportunity in crime than in pursuing a desk job.

鈥淲hile there continues to be a shortage of good people in the industry, there’s a large trust factor that plays out, as well as traditional approaches to hiring still in play.鈥�

Is IT much of a priority in your business or organisation?

Experts, in a recent survey that polled 5,321 IT and business decision makers from enterprises larger than 250 employees across 26 countries, noted a sense of the scale of the issue of IT security globally.

They stated that it is a perennial challenge, with business owners and executives having to juggle many competing interests, alongside the safe running of their computing infrastructure.

However, the opinion of professionals tasked with keeping businesses safe on the front line of their IT defences are clear: that businesses are willing to compromise on cybersecurity in favour of digital transformation, CyberNews report said.

And worse still, several IT professionals reportedly, have felt pressured to downplay the severity of cyber risks to their Board.

It was gathered that the 鈥榮hock survey results鈥� uncover a fundamental issue with the world of business today: reliant on ensuring business as normal, it often downplays the potential risks to its enterprise, and puts IT low down on a list of priorities to tackle.

According to Trend Micro, barely 50 percent of IT leaders and 38 percent of business decision makers believe the C-suite completely understands cyber risks.

Likewise, seventy-seven percent of both IT and business leaders think that their organisations should hold more people responsible for managing/mitigating risk.

Task of curbing cyberthreats in Nigeria鈥檚 cyberspace

绿帽献妻 recent report noted that stakeholders in the private and public sectors of the Telecoms and ICT industry in the Nigerian economy warned that the West African country may not be able to prevent cyberattacks in view of the observed status quo in the ecosystem.

They hinted that corporate organisations and individuals might suffer colossal damage, unless the government and relevant regulatory agencies rise to the occasion to control the tide promptly.

The rapid adoption of technology-driven security tools as effective cybersecurity measures in tackling threats and vulnerabilities has not brought about the desired results in the country, according to the experts.

The stakeholders also noted that their concern was against the backdrop of several cases of cyberattacks, which affect critical sectors of the economy, that are recorded in recent times.

Office of the National Security Adviser on cyber awareness

The publication reported that the Office of the National Security Adviser (NSA) to the President acknowledged the establishment of NCC-CSIRT as a clear demonstration of the regulatory Commission’s resolve to support the Federal Government in minimising risk that will emanate as the country embraces advanced technologies to facilitate the much desired digital transformation in the country鈥檚 economy.

NSA Major-General Monguno (Rtd.), represented at a forum by Brigadier-General Samad Akesode, Director of Communications at Office of the NSA, said in a statement that the NSA recognised the commitment of the NCC to creating awareness on the implementation of national cybersecurity policy in Nigeria.

By establishing the CSIRT, Monguno said that the telecoms sector regulatory Commission has taken a step that could only be described as 鈥渋mpeccable and timely鈥�.

According to him, the move is in conformity with the highest standards and international best practice, which aligns with the requirement of the Cybercrimes (Prohibition, Prevention, etc) Act 2015.鈥�

The ONSA, he noted, has promised even greater collaboration with the NCC on the country鈥檚 cybersecurity drive.

Activating the NCC-CSIRT to combat cyberthreats

Recently, the Federal Government of Nigeria admitted that the country had recorded well over two million cases of cyberthreats in the first half of 2021.

Amid the reported threats, however, Prof. Umar Garba Danbatta, Executive Vice-Chairman and Chief Executive Officer (EVC/CEO) at a recent forum declared that the commissioning of the NCC Computer Security Incident Response Team (NCC CSIRT), which he described as the telecoms sector鈥檚 version of the Nigerian Computer Emergency Response Team (ng. CERT), is a testament of the Commission’s resolve to promote a healthy digital environment in the telecoms sector.

Danbatta, therefore, urged cybersecurity stakeholders in the Telecoms/ICT industry to key into the National Cybersecurity Policy and Strategy (NCPS) 2021, and accelerate the adoption of its various components to curb attacks in the country鈥檚 cyberspace.

The NCC EVC/CEO stated cybersecurity is a collective responsibility, and no single government, business or individual is immune to it, or can do it alone.

Disclosure of exposures to cyberthreats

The survey report also indicated that the gulf between the realities and what businesses want to portray publicly is an issue in tackling potential threats in cyberspace.

In his remarks on the issue, Bharat Mistry, UK Technical Director for Trend Micro, said: 鈥淚T leaders are self-censoring in front of their Boards for fear of appearing repetitive or too negative, with almost a third claiming this is a constant pressure.

鈥淏ut this will only perpetuate a vicious cycle where the C-suite remains ignorant of its true risk exposure.鈥�

Mistry also noted: 鈥淲e need to talk about risk in a way that frames cybersecurity as a fundamental driver of business growth 鈥� helping to bring together IT and business leaders who, in reality, are both fighting for the same cause.鈥�

As regards an attempt to veneer to lie or mislead a business or organisation in this regard, experts said that balancing what is right for the bottom line and what is right for ongoing IT security is vital.

鈥淚T decision makers should never have to downplay the severity of cyber risks to the Board. But they may need to modify their language so both sides understand each other.

鈥淭hat鈥檚 the first step to aligning business-cybersecurity strategy, and it鈥檚 a crucial one. Articulating cyber risks in business terms will get them the attention they deserve, and help the C-suite to recognise security as a growth enabler, not a block on innovation,鈥� stated says Phil Gough, Head of Information Security and Assurance at Nuffield Health.

Report also indicates that what it found was a belief among those tasked with keeping IT departments secure within businesses, that the leaders they tasked often were not up to the job.

Forty-nine percent of respondents in the study claimed that cyber risks are still being treated as an IT problem, rather than a business risk.

Nonetheless, researchers stated this is worrying, in view of the huge impact that something like a ransomware attack can have on the ability for a business to continue operating.

In her contribution, Dr. Linda K. Kaye, Reader in Psychology at Edge Hill University, opined 鈥渋t appears that many business and IT leaders feel 鈥榦ut of control鈥� when it comes to managing cyber-risks.

鈥淭here may be a number of ways they can regain some control of this. One way of helping encourage agency in this may be to reform the focus of cyber-risk training.

鈥淩ather than it being solely on awareness-raising of risk, it could draw in scientific insight into the range of cognitive biases and processing involved in susceptibility to well-designed phishing scams for example.

鈥淭his could help all employees understand themselves as active agents in mitigating these risks but also highlight that any 鈥榲ulnerabilities鈥� to these are largely a part of simply being human,鈥� says Dr. Linda K. Kaye, Reader in Psychology, Edge Hill University.

Kindly share this story

绿帽献妻

Digital transformation and organisations鈥� worldwide compromise on cybersecurity

Kindly Share This Story

ABOUT US

SECTIONS

SECTIONS

QUOTE

Connect With Us On:

CONTACTS: