The Nation Newspaper

Tag: cybercrimes

  • EFCC clampdown on largest cybercrimes centre resolve to tackle menace – NBM of Africa

    EFCC clampdown on largest cybercrimes centre resolve to tackle menace – NBM of Africa

    The leadership of Neo Black Movement (NBM) of Africa has commended the Police Force (NPF) led by IGP Kayode Egbetokun and officials of Economic & Financial Crimes Commission (EFCC), under the leadership of Mr. Ola Olukoyede, for the dismantling of two major cybercrimes Centers in Abuja and Lagos respectively.

    Making the commendation in a statement by its President, Olorogun Ese Kakor, NBM described the clampdown on 792 crime suspects in Lagos by EFCC as a remarkable feat in the on-going war against frauds, cybercrimes and money laundering globally

    The body lauded the arrest of about 400 foreign nationals, mostly Chinese, Arabs, Filipinos and others during these sting operations, stating that this has further reaffirmed its earlier stand that some foreign collaborators are just out to dent the image of the country.

    NBM of Africa noted that by these achievements the Nigerian security outfits, especially the Police Force has proven to be one of the best in the world, in terms of intelligence gathering, information processing and global networking.

    It however appealed to the operatives of INTERPOL to corroborate it’s claims of arresting over 300 Nigerians by making available the names, pictures and locations available to the EFCC and the Nigerian Police for further investigation and prosecution of these criminals and their co-conspirators. 

    It maintained that the viral videos of the over 300 persons claimed to have been arrested by INTERPOL were videos of women and non of them looking like Nigerians but rather like Filipinos.

    The body  noted that the Nigerian security agencies have the data of all Nigerians and should be able to verify the names given to them by the INTERPOL.

    The body advised that INTERPOL synergies with the Nigerian security agencies would go a long way in achieving good results in the fight against cybercrimes and other social vices in the society.

    While condemning the intention of releasing those viral videos to denigrate Nigeria before the international community, the body called for the interrogation of those viral videos by the security agencies, as the intention to ridicule the good reputation of the country is unacceptable.

    According to the statement: “We the members of NBM of Africa, wishes to express our gratitude to the officers and men of the Nigeria Police Force (NPF) and the officials of the Economic and Financial Crimes Commission (EFCC) for the remarkable achievements recently recorded by the clampdown of two major cybercrimes centers both in Abuja and Lagos.

    Read Also: EFCC secures final forfeiture of warehouse, 54 steel containers

    “The arrest made by the Nigerian police and EFCC has shown that the Nigerian security outfits has one of the best intelligence gathering globally”.

    It stated that the fight against cyber crime should be taken more seriously instead of trying to link innocent groups with crimes in a bid to denigrate and blackmail Nigeria that is putting so much resources in the fight against cybercrime”.

    “With these breakthroughs that had  led to the arrest of over four hundred (400) foreign nationals, mostly Chinese, Arabs and Filipinos, has vindicated our earlier stand that most foreign nationals also disguised as Nigerians to perpetrates these criminal activities across the globe”.

    There are so many reported cases of foreigners carrying out cybercrimes disguising as Nigerians. There’s also a case of a 67years old American named Michael Neu from Louisiana who acts as a Nigerian Prince while scamming his victims.

    “The Nigerian government should seek for the extradition of these kind of persons so that he can be prosecuted here for the damages his actions had caused the image of the country”.

    “We also want to appeal that INTERPOL does not stop there but initiate the process of prosecuting all those it has indicted in its report, especially those it has labeled Black Axe members that it claimed were arrested, so as to serve as deterrent to others, mostly the teeming Nigerian youths”.

    “We wish to use this medium to reiterate once again that Neo Black Movement (NBM) of Africa has no business with Black Axe and should not be linked with such names. Therefore the name should not be used interchangeably. It is racist and libelous for anyone or organization to use NBM of Africa and Black Axe interchangeably.

    “NBM of Africa is a reputable organization with members from all works of life which includes senior citizens.We find it disparaging for anyone trying to destroy the name and image of the organization because of the word Black that is attached to the name of the organization”.

    “We can’t change the name of the organization because you hate blacks. The word Black in the Neo Black Movement has come to stay and cannot be changed because we want to please anybody. Being Black is our identity”

    “Lastly, we wish to urge the security outfits both locally and internationally to go after criminals that have committed crimes. Stop linking NBM to Black Axe, NBM has never been known as Black Axe and it is not Black Axe. Stop the denigration, stop the blackmail and go after individuals that have committed crimes”, 

    “NBM of Africa has made itself available to help curb this menace of cybercrime by sharing information if needed,” it concluded.

  • Microsoft chief: 600m cybercrimes occur daily

    Microsoft chief: 600m cybercrimes occur daily

    The CTO and Commercial Solutions Area Director, Microsoft South Africa, Colin Baumgart , has revealed that cyber attacks targeting customers have doubled in the last one year, reaching 600 million daily.

    Baumgart, who spoke yesterday in a virtual interactive platform with the press on a broad theme entitled, “Prioritising Security above all else – expanding Microsoft’s Secure Future Initiative”, stated that the cybersecurity landscape was undergoing a profound transformation, driven by the relentless evolution of technology and the increasing sophistication of cyber threats.

    He said his organisation’s ‘2024 Digital Defense Report’ highlighted an alarming rise in attacks, with incidents targeting customers globally, doubling to 600 million per day, revealing the growing collaboration between nation-state actors and cybercriminals. 

    According to him, they arrived at this figure as over 78 trillion security signals per day from the cloud, endpoints, software tools and partner ecosystem informed their insights. This he said has helped his organization to understand and protect against digital threats and criminal cyber-activity.

    “Data breaches,” Baumgart said, “have also been rampant, with TechCrunch reporting over 1 billion stolen records in 2024 alone,” saying “these breaches have not only compromised personal information, but have also emboldened criminals who profit from cyberattacks.

    Read Also: Cybercrimes: EFCC uncovers plot to protest, warns promoters

    “As the threats evolve, so must the strategies to combat them, requiring a concerted effort from individuals, organisations and governments alike”.

    Quoting statistics from Interpol, he stated that African Cyber threat Assessment Report, 2024, indicated the rapid growth of cybercrime which was further illustrated by the estimation that in 2023,  there was a 23per cent year-on-year increase in the average number of weekly cyber-attacks per organisation in Africa which average was the highest in the world.

    According to him, there is a widespread recognition of the need to build a security culture to increase the understanding of security’s value to the business, as well as drive security awareness.

    He advised that people, process and technology need to be in harmony  as businesses can have the most sophisticated technology and comprehensive processes in place to monitor, detect and respond to breaches, but if a person gives their password away or clicks on a phishing email, it becomes exponentially more difficult to protect the organisation.

    Baumgart stated that their ability to analyse vast amounts of data at lightning speeds, enables the identification of patterns and anomalies that may indicate a security breach, often before it occurs, saying this proactive stance is crucial in a time when reactive measures are no longer sufficient.

    He however, noted that in an era where digital threats are escalating in complexity and scale, we cannot just think about defending against cyber threats, there is a need to be advancing the way we design, build, test and operate our technology to meet the highest standards of security. All these are the reasons behind our creating the Secure Future Initiative (SFI), a multi-year undertaking to safeguard our digital ecosystem, he stated.

    He advised that organisations navigate this shifting terrain, adding that the synergy between AI and human intelligence will be the cornerstone of a resilient cybersecurity posture.

    He said by embracing the transformative potential of AI, while remaining cognisant of its risks, we are setting a new standard for digital defence that is robust, intelligent, and ever-evolving, he added.

    He said they have adopted an approach that is anchored in three fundamental principles of secure by design, secure by default, and secure operations, ensuring that security is not an afterthought, but a foundational element of everything we create.

    “This commitment to cybersecurity extends beyond our own products. Through collaborations and partnerships, we are contributing to a broader security ecosystem, sharing threat intelligence and best practices. This collaborative effort is vital because cyber threats do not recognise boundaries and can ripple through networks, affecting countless users”.

    He lamented that recent cyber threats have shown a marked increase in both sophistication and frequency, posing significant challenges to cybersecurity defences worldwide. A notable trend according to him, is the surge in mobile, Internet of Things (IoT), and operational technology (OT) cyberattacks, which underscores the expanding threat landscape beyond traditional computing environments.

    Earlier, Microsoft Chairman and CEO, Satya Nadella, recalled the launch of the Secure Future Initiative (SFI) by his Organisation to prepare for the increasing scale and high stakes of cyberattacks.

     He said for Microsoft, the idea is to bring together every part of Microsoft to advance cybersecurity protection across the company’s products and services.

    He lamented that last year, the cyber threat landscape continued to become more dangerous and complex as malign actors of the world, are becoming better resourced and better prepared, with increasingly sophisticated tactics, techniques, and tools that challenge even the world’s best cybersecurity defenders.

    The Microsoft boss said the company has been a victim of well-orchestrated attacks by determined and well-resourced adversaries and also reiterated that their customers face more than 600 million cybercriminal and nation-state attacks daily, ranging from ransomware to phishing, to identity attacks.

     Also, Corporate Vice President, Security, Compliance, Identity, and Management, Microsoft Africa,   Vasu Jakkal, said the increasing speed, scale, and sophistication of recent cyberattacks demand a new approach to security,as traditional tools are no longer enough to keep pace with the threats posed by cyber criminals.

    According to him, the changing threat landscape and evolution of Artificial Intelligence (AI) means that we need to think about cybersecurity differently. Customers face over 600m cybercriminal attacks daily, says Microsoft chief

    .Traditional tools not sufficient to check cybercrimes

    By Okwy Iroegbu-Chikezie

    The CTO and Commercial Solutions Area Director, Microsoft South Africa, Colin Baumgart , has revealed that cyber attacks targeting customers have doubled in the last one year, reaching 600 million daily.

    Baumgart, who spoke yesterday in a virtual interactive platform with the press on a broad theme entitled, “Prioritising Security above all else – expanding Microsoft’s Secure Future Initiative”, stated that the cybersecurity landscape was undergoing a profound transformation, driven by the relentless evolution of technology and the increasing sophistication of cyber threats.

    He said his organisation’s ‘2024 Digital Defense Report’ highlighted an alarming rise in attacks, with incidents targeting customers globally, doubling to 600 million per day, revealing the growing collaboration between nation-state actors and cybercriminals. 

    According to him, they arrived at this figure as over 78 trillion security signals per day from the cloud, endpoints, software tools and partner ecosystem informed their insights. This he said has helped his organization to understand and protect against digital threats and criminal cyber-activity.

    “Data breaches,” Baumgart said, “have also been rampant, with TechCrunch reporting over 1 billion stolen records in 2024 alone,” saying “these breaches have not only compromised personal information, but have also emboldened criminals who profit from cyberattacks.

    “As the threats evolve, so must the strategies to combat them, requiring a concerted effort from individuals, organisations and governments alike”.

    Quoting statistics from Interpol, he stated that African Cyber threat Assessment Report, 2024, indicated the rapid growth of cybercrime which was further illustrated by the estimation that in 2023,  there was a 23per cent year-on-year increase in the average number of weekly cyber-attacks per organisation in Africa which average was the highest in the world.

    According to him, there is a widespread recognition of the need to build a security culture to increase the understanding of security’s value to the business, as well as drive security awareness.

    He advised that people, process and technology need to be in harmony  as businesses can have the most sophisticated technology and comprehensive processes in place to monitor, detect and respond to breaches, but if a person gives their password away or clicks on a phishing email, it becomes exponentially more difficult to protect the organisation.

    Baumgart stated that their ability to analyse vast amounts of data at lightning speeds, enables the identification of patterns and anomalies that may indicate a security breach, often before it occurs, saying this proactive stance is crucial in a time when reactive measures are no longer sufficient.

    He however, noted that in an era where digital threats are escalating in complexity and scale, we cannot just think about defending against cyber threats, there is a need to be advancing the way we design, build, test and operate our technology to meet the highest standards of security. All these are the reasons behind our creating the Secure Future Initiative (SFI), a multi-year undertaking to safeguard our digital ecosystem, he stated.

    He advised that organisations navigate this shifting terrain, adding that the synergy between AI and human intelligence will be the cornerstone of a resilient cybersecurity posture.

    He said by embracing the transformative potential of AI, while remaining cognisant of its risks, we are setting a new standard for digital defence that is robust, intelligent, and ever-evolving, he added.

    He said they have adopted an approach that is anchored in three fundamental principles of secure by design, secure by default, and secure operations, ensuring that security is not an afterthought, but a foundational element of everything we create.

    “This commitment to cybersecurity extends beyond our own products. Through collaborations and partnerships, we are contributing to a broader security ecosystem, sharing threat intelligence and best practices. This collaborative effort is vital because cyber threats do not recognise boundaries and can ripple through networks, affecting countless users”.

    He lamented that recent cyber threats have shown a marked increase in both sophistication and frequency, posing significant challenges to cybersecurity defences worldwide. A notable trend according to him, is the surge in mobile, Internet of Things (IoT), and operational technology (OT) cyberattacks, which underscores the expanding threat landscape beyond traditional computing environments.

    Earlier, Microsoft Chairman and CEO, Satya Nadella, recalled the launch of the Secure Future Initiative (SFI) by his Organisation to prepare for the increasing scale and high stakes of cyberattacks.

     He said for Microsoft, the idea is to bring together every part of Microsoft to advance cybersecurity protection across the company’s products and services.

    He lamented that last year, the cyber threat landscape continued to become more dangerous and complex as malign actors of the world, are becoming better resourced and better prepared, with increasingly sophisticated tactics, techniques, and tools that challenge even the world’s best cybersecurity defenders.

    The Microsoft boss said the company has been a victim of well-orchestrated attacks by determined and well-resourced adversaries and also reiterated that their customers face more than 600 million cybercriminal and nation-state attacks daily, ranging from ransomware to phishing, to identity attacks.

     Also, Corporate Vice President, Security, Compliance, Identity, and Management, Microsoft Africa,   Vasu Jakkal, said the increasing speed, scale, and sophistication of recent cyberattacks demand a new approach to security,as traditional tools are no longer enough to keep pace with the threats posed by cyber criminals.

    According to him, the changing threat landscape and evolution of Artificial Intelligence (AI) means that we need to think about cybersecurity differently.

  • Sections 3, 4 & 5 of the Cybercrimes (Prohibition, Prevention, etc.) Act 2015.

    Sections 3, 4 & 5 of the Cybercrimes (Prohibition, Prevention, etc.) Act 2015.

    3. (1) The President may on the recommendation of the National Security Adviser, by Order published in the Federal Gazette, designate certain computer systems, and/or networks, whether physical or virtual, and/or the computer programs, computer data and/or traffic data vital to this country that the incapacity or destruction of or interference with such system and assets would have a debilitating impact on security, national or economic security, national public health and safety, or any combination of those matters as constituting Critical National Information Infrastructure.  

    (2) The Presidential Order made under subsection (1) of this section may prescribe minimum standards, guidelines, rules or procedure in respect of –

    (a) the protection or preservation of critical information infrastructure;  

    (b) the general management of critical information infrastructure;  

    (c) access to, transfer and control of data in any critical information infrastructure;  Designation of certain computer systems or networks as critical national information infrastructure.  

     (d) infrastructural or procedural rules and requirements for securing the integrity and authenticity of data or information contained in any designated critical national information infrastructure; 

     (e) the storage or archiving of data or information designated as critical national information infrastructure; 

    (f) recovery plans in the event of disaster, breach or loss of the critical national information infrastructure or any part of it; and 

     (g) any other matter required for the adequate protection, management and control of data and other resources in any critical national information infrastructure.

    Read Also: Nigeria, Belarus sign five-year action plan on agriculture, food security

    4. The Presidential Order made under section 3 of this Act may require the Office of the National Security Adviser to audit and inspect any Critical National Information Infrastructure at any time to ensure compliance with the provisions of this Act.

    5. (1) Any person who with intent, commits any offence punishable under this Act against any critical national information infrastructure, designated pursuant to section 3 of this Act, shall be liable on conviction to imprisonment for a term of not more than 10 years without an option of fine. 

        (2) Where the offence committed under subsection (1) of this section results in grievous bodily harm to any person, the offender shall be liable on conviction to imprisonment for a term of not more than 15 years without option of fine. 

        (3) Where the offence committed under subsection (1) of this section results in the death of person(s), the offender shall be liable on conviction to life imprisonment.

    *See also, Chapter 4 of the National Cybersecurity Policy and Strategy (2021).

  • NGO warns against drug abuse, cybercrimes among students

    NGO warns against drug abuse, cybercrimes among students

    The International Veterinary Vaccinology Network, (IVVN), African Schools Outreach Programme, Nigeria has warned students against engaging in drug abuse and cyber crimes.

    IVVN said drug abuse and cyber crimes can make students lose focus and hindered their dream of becoming leaders of tomorrow.

    Speaking while addressing students of Isale Oyo Community High School, a lecturer at the Department of Zoology, University of Ibadan, Dr. Funmilayo Afolayan, who is also IVVN Nigeria Coordinator, maintained that consequences of drug abuse and cybercrime were enormous.

    She lamented the rate at which students particularly those in public schools engaged in the menace is alarming which should be tackled before it get out of hand.

    Read Also; We fully back Air Peace – Keyamo

    He urged some of them already into the menace to speak out and seek help from their teachers, parents, or guardians.

    She also called on the students particularly girls to develop interest in science, adding that parents also needs to encourage and make provision for their children have more love for science.

    She thanked Oyo Commissioner of Education Prof. Salihu Adelabu for creating enabling environment for quality and adequate education to thrive.

    She however called on government at all levels to put more fund in education and refurbish laboratories in schools across the nation, saying state of laboratories in some schools has become worrisome.

    Principal, Isale Oyo Community School 1, Ademola Majekodunmi said education should not be left alone in hands of government, saying NGOs, civil society organisations and well meaning Nigerians also need to contribute their own quota to the progress of education across the nation.

  • NSA orders full implementation of cybercrimes Act 2024

    NSA orders full implementation of cybercrimes Act 2024

    The National Security Adviser, Mallam Nuhu Ribadu, has ordered full implementation of the Cybercrimes (Prohibition, Prevention, Etc) Amendment Act 2024.

    The order also includes the operationalisation of the National Cybersecurity Fund by all regulators and businesses specified in the second schedule of the Act.

    The NSA gave the order in a statement by the Head of Strategic Communications, Zakari U. Mijinyawa.

    The statement reads: “ Recall that on 6 July 2022 Nigeria joined 66 other countries that have signed and ratified the Budapest Convention on Cybercrime to enhance international cooperation, provide common platform and procedural tools for efficient and safe cyberspace pursuant to section 41(2) (a) of the Cybercrime Act 2015 requiring conformity of Nigerian cybercrime and cybersecurity laws and policies with regional and international standards.

    Read Also: Court vacates order declaring Rivers CoS, Edison, others wanted

    “This is further emphasized by one of the resolutions reached during the High Level African International Counter Terrorism Meeting which held in Abuja between 22 and 23 April 2024. The resolution called for the improved deployment of greater support and resources towards strengthening cybersecurity activities in Africa and taking concrete steps to prevent the use of social media and other platforms by terrorists and organised criminal groups.

    “In view of the need to secure Nigeria’s Critical National Information Infrastructure (CNII), counter terrorism and violent extremism, strengthen national security and protect economic interests, this notice calls for the full implementation of the Cybercrimes (Prohibition, Prevention, Etc) Amendment Act 2024, including the operationalisation of the National Cybersecurity Fund by all regulators and businesses specified in the second schedule of the Act.”

  • Stakeholders seek social media use against cybercrimes

    From Jamiu Abiodun

    Stakeholders in the information and communication technology (ICT) circuit are advocating a beneficial and decent use of the social media to address the menace of fake news, hate speech, advance fee fraud and other forms of cybercrimes.

    They made the plea at the fourth annual Nigerian Social Media Summit (NSMS), themed: ‘Social media as a tool for participatory governance’.

    The summit sponsored by Centre for Information Technology Advancement and Development (CITAD) – a civil society organisation, had in attendance ICT experts, youth bodies, Non-Governmental Organisations (NGOs), journalists and human rights activists.

    Keynote speaker and founder of Image Merchant Promotions Limited (IMPR) Alhaji Yushau Shuaib, urged youths to exploit ICT potentials to advance socio-economic development

     “We need to understand how to use the social media appropriately, both economically and also for advocacy in better governance,” he began.

    Shuaib, a Public Relations expert, added that while the use of social media for governance has become increasingly important, there is need to also adhere to ethics in order to check the spate of hate speech and fake news.

    Speaker of the Nigerian Youth Parliament (NYP), Mubarak Mijinyawa, and the National Youth Council of Nigeria President, Bello Shagari, called on youths to participate in democratic governance and decision-making through the social media.

    The Creative Director of Nigerian Technology Market, Olanrewaju Oyedeji, said the need to stimulate relevant discussions through the social media birthed the summit, adding that NSMS has become a household name which will continue to set agenda for the effective use of various social media platforms.

    The representative of FCT Police Commissioner, Mr Zakani Shekmaga, assured participants of the support of the police in their various activities.

    Chairman of the event and CITAD Executive Director YZ Yau, who earlier declared the event opened, underscored the need to build more impacts around the social media.

  • NCC: code to check cybercrimes coming

    The Nigerian Communications Commission (NCC) to establish an Internet Industry Code of Practice for internet service providers (ISPs) to checkmate growing cybercrimes.

    Its Deputy Director, Consumer Affairs Bureau, Mr Ismail Adedigba, who spoke  at the 102nd Edition of the Consumer Outreach Programme (COP) held at Mapo Hall, Ibadan, added that the code will be a regulatory intervention that will not only help to secure the country’s cyberspace against imminent threats from cyber attackers but also address such issues as online child protection, privacy and data protection, objectionable content, among others.

    Read also: LCCI: minimum wage, election may heighten inflation

    With: Mitigating the Effects of Cybercrime: Roles of Telecoms Consumers as its theme, Adedigba said while regulatory intervention and other initiatives are  ongoing to “sanitise our internet space, telecoms consumers, the majority of whom now use internet-enabled and other smart devices, must play their role.”

     

  • How to combat cybercrimes

    The world is going digital, with everyting becoming connected. Trends, such as artificial intelligence (AI), robotics, Internet of Things (IoT) and others, are taking the centre stage. The risks of cyber breaches become intense. There are, however, measures to avert breaches, reports LUCAS AJANAKU.

    In the digital world, cybercrime is growing rapidly and cyber criminals always appear to be a step ahead. There are technologies that can help protect an organisation’s data against attack, but there is also the need to create awareness among workers for fail-safe solution, Information Commmunication Technology (ICT) Manager at Sebata Municipal Solutions Gerrit Deyzel, says.

    According to him, this is particularly true for the public sector.”Municipalities are entrusted with citizens’ personal information and, with the Protection of Personal Information Act (POPIA) due to come into force by the end of the year, the organisation needs to change the way it thinks about data security and data protection. There’s a need to educate staff members around the importance of ensuring that the data at their disposal is not exploited, or ‘hijacked’, but handled with the strictest confidentiality,” he was quoted to have said by iTWeb.

     Awareness campaign

    Deyzel says having the proper technology safeguards in place are a first step, but aren’t sufficient protection on their own. “Despite 2017 being marred by devastating global ransomware attacks, the security solutions that we’ve implemented for most clients have held fast. This is a testimony to the importance of educating staff about cyberattacks, and not just relying on technology, even if it does have state-of-the-art security, to defend the organisation.

    “Creating awareness among management, teams and staff members is primary, as is adopting a proactive mindset. They need to understand what cybercrime is; that they mustn’t open attachments; which e-mails are okay to open; what ransomware attacks are; and how they work. If the end-user is educated around cybercrime, you’ve won 70 per cent of the battle against it.”

    Awareness campaigns can take the form of workshops, mailers, posters in public spaces within the business. They need to be accompanied by regular security assessments to identify where breaches could occur.

    Deyzel says: “An organisation is often quick to blame its technology supplier if there’s a cyber-attack; they don’t realise it’s actually caused by user behaviour within the organisation.”

    Deyzel advises that various divisions get together and have discussions around ransomware and explain how it works and how to avoid it. He says: “Users need to know what to look out for in e-mails, such as spelling errors or slightly different e-mail addresses, or no signature at the bottom. These are just a few small things that can be used to identify a suspicious e-mail although this is just one of the attack methods used by cyber criminals.”

    Something that compounds the issue is people who work from home or who use USB sticks to copy items to and from their computers; they could just as easily be transferring a virus or other malware at the same time.

    Backup data

    Having a decent backup solution is extremely important, he continues. “Ransomware is becoming so advanced that it’s outpacing the patches being issued, so without a backup, there’s an excellent chance that you could lose all of your business data.”

    Cyber crime’s biggest risk and cost comes from the loss of business continuity. Ransomware is one of the most common forms of cyber-attack at the moment, and if an organisation’s data is being held ransom, service delivery will be impacted. Much of the time the organisation is required to pay a ransom to get its data back, but there are no guarantees this will happen. From a business continuity point of view, there’s no difference between the theft of company devices that contain data, or the organisation’s data being locked down by ransomware. It’s the same end result.

    Deyzel says: “The best line of defence is to have a backup solution that is able to get the organisation up and running again.”

    The backup solution must encrypt the data, a copy should be kept offsite and the backup must be kept separate from the original data, he says. It’s also important to regularly test backups. “You need to ask yourself, how quickly can you restore your data and how current is the data stored in your backup? POPIA is going to play a big role here, as the regulator won’t accept poor backup policies as an excuse for data loss.”

    Incident response plan

    The organisation needs to be able to respond to and report on security breaches swiftly and effectively. Again, POPIA has a role to play here, as it requires organisations to do this. “There are three steps that any organisation should follow in the event of a data breach.

    “Firstly, you need to be able to respond quickly and report equally quickly on what happened. Then you need to get your environment up and running as quickly as possible. Finally, you need to make sure that a breach like that won’t happen again,” Deyzel says.

    All of the above steps must be covered in the organisation’s incident response plan. He adds: “Once POPIA comes into force, there may be legal implications if you’re unable to report on how the breach happened.”

    Restricting access

    It’s also important to defend the organisation against deliberate, internal breaches by ensuring each person only has access to the data that is relevant to their role within the organisation. Data should be siloed and protected by passwords and other security measures to keep it secure. This is a topic that should also be raised in the awareness campaigns, says Deyzel.

    An organisation needs to carry out security assessments to determine what data its users need to access in order to perform their specific function in the business. The rest of the organisation’s data should be off limits. By limiting access to data and systems, you reduce the likelihood of your data being breached. You also need to ensure that people who leave the organisation have their access revoked.

    Less data, fewer problems

    Finally, the organisation must only use the quantity of data that’s required for a defined purpose and use an archiving solution to store old or unused data. This will result in the organisation having less data on the active system to backup and recover should a breach occur.

    POPIA says only the minimum amount of personal information should be collected or processed. If you aren’t using the data, store it somewhere and keep it safe.

  • How to combat cybercrimes

    The world is going digital with everyting becoming connected. Trends such as artificial intelligence (AI), robotics, Internet of Things (IoT) and others are taking centre stage. As things get connected, the risk of cyber breaches becpme intense. There are however measures that could be put in place to avert breaches, reports LUCAS AJANAKU.

    In the digital world, cybercrime is growing rapidly and the cyber criminals always appear to be a step ahead. While there’s plenty of good technologies out there that can help protect the organisation’s data against attack, there is also need to create awareness among workers around cybercrime if you want to have a fail-safe solution, ICT Manager at Sebata Municipal Solutions Gerrit Deyzel, says.

    According to him, this is particularly true for the public sector. “Municipalities are entrusted with citizens’ personal information and, with the Protection of Personal Information Act (POPIA) due to come into force by the end of 2018, the organisation needs to change the way it thinks about data security and data protection. There’s a need to educate staff members around the importance of ensuring that the data at their disposal is not exploited, or ‘hijacked’, but handled with the strictest confidentiality,” he told iTWeb.

     Awareness campaign

    Deyzel says having the proper technology safeguards in place are a first step, but aren’t sufficient protection on their own. “Despite 2017 being marred by devastating global ransomware attacks, the security solutions that we’ve implemented for most clients have held fast. This is testimony to the importance of educating staff about cyberattacks, and not just relying on technology, even if it does have state-of-the-art security, to defend the organisation.

    “Creating awareness among management, teams and staff members is primary, as is adopting a proactive mindset. They need to understand what cybercrime is; that they mustn’t open attachments; which e-mails are okay to open; what ransomware attacks are; and how they work. If the end-user is educated around cybercrime, you’ve won 70 per cent of the battle against it.”

    According to iTWeb, awareness campaigns can take the form of workshops, mailers, posters in public spaces within the business. They need to be accompanied by regular security assessments to identify where breaches could occur.

    Deyzel says: “An organisation is often quick to blame its technology supplier if there’s a cyber-attack; they don’t realise it’s actually caused by user behaviour within the organisation.”

    Deyzel advises that various divisions get together and have discussions around ransomware and explain how it works and how to avoid it. He says: “Users need to know what to look out for in e-mails, such as spelling errors or slightly different e-mail addresses, or no signature at the bottom. These are just a few small things that can be used to identify a suspicious e-mail although this is just one of the attack methods used by cyber criminals.”

    Something that compounds the issue is people who work from home or who use USB sticks to copy items to and from their computers; they could just as easily be transferring a virus or other malware at the same time.

    Backup data

    Having a decent backup solution is extremely important, he continues. “Ransomware is becoming so advanced that it’s outpacing the patches being issued, so without a backup, there’s an excellent chance that you could lose all of your business data.”

    Cyber crime’s biggest risk and cost comes from the loss of business continuity. Ransomware is one of the most common forms of cyber-attack at the moment, and if an organisation’s data is being held ransom, service delivery will be impacted. Much of the time the organisation is required to pay a ransom to get its data back, but there are no guarantees this will happen. From a business continuity point of view, there’s no difference between the theft of company devices that contain data, or the organisation’s data being locked down by ransomware. It’s the same end result.

    Deyzel says: “The best line of defence is to have a backup solution that is able to get the organisation up and running again.”

    The backup solution must encrypt the data, a copy should be kept offsite and the backup must be kept separate from the original data, he says. It’s also important to regularly test backups. “You need to ask yourself, how quickly can you restore your data and how current is the data stored in your backup? POPIA is going to play a big role here, as the regulator won’t accept poor backup policies as an excuse for data loss.”

    Incident response plan

    The organisation needs to be able to respond to and report on security breaches swiftly and effectively. Again, POPIA has a role to play here, as it requires organisations to do this. “There are three steps that any organisation should follow in the event of a data breach.

    “Firstly, you need to be able to respond quickly and report equally quickly on what happened. Then you need to get your environment up and running as quickly as possible. Finally, you need to make sure that a breach like that won’t happen again,” Deyzel says.

    All of the above steps must be covered in the organisation’s incident response plan. He adds: “Once POPIA comes into force, there may be legal implications if you’re unable to report on how the breach happened.”

    Restricting access

    It’s also important to defend the organisation against deliberate, internal breaches by ensuring each person only has access to the data that is relevant to their role within the organisation. Data should be siloed and protected by passwords and other security measures to keep it secure. This is a topic that should also be raised in the awareness campaigns, says Deyzel.

    An organisation needs to carry out security assessments to determine what data its users need to access to perform their specific function in the business. The rest of the organisation’s data should be off limits. By limiting access to data and systems, you reduce the likelihood of your data being breached. You also need to ensure that people who leave the organisation have their access revoked.

    Less data, fewer problems

    Finally, the organisation must only use the quantity of data that’s required for a defined purpose and use an archiving solution to store old or unused data. This will result in the organisation having less data on the active system to backup and recover should a breach occur.

    POPIA says only the minimum amount of personal information should be collected or processed. If you aren’t using the data, store it somewhere and keep it safe.

  • Expert Condemns Abuse of Cybercrimes Law, say it is used to Harass Ordinary Nigerians

    Expert Condemns Abuse of Cybercrimes Law, say it is used to Harass Ordinary Nigerians

    Speaking at the Research Methods Workshop for Internet Policy and Advocacy in Kampala, Uganda, a digital rights expert, Tope Ogundipe has condemned the abuse of Nigeria’s Cybercrimes Prevention Act to harass journalists and ordinary citizens.

    Ogundipe, who currently serves as Director of Programs at the Pan-African social enterprise, Paradigm Initiative, led a session on “Cybercrime, Digital Rights and Law Enforcement in Nigeria.” She traced the origins of Nigeria’s Cybercrimes Act 2015 and its current use as the prime tool in the hands of the rich and powerful in Nigeria to facilitate the arrest and harassment of journalists, bloggers and ordinary citizens for comments made online.

    She noted, “Since the passage of the Cybercrimes Act 2015, there has not been one incident where it has been used to prosecute a real cybercrime case. Instead, it has been used to arrest ordinary citizens for comments made online deemed offensive to the powerful in Nigeria.

    “Journalists in particular have been at the receiving end of these arrests using the Cybercrime law, because a large number of journalists have been arrested in Nigeria using sections 24 and 38 of the law.”

    Paradigm Initiative, in partnership with Media Rights Agenda and Enough is Enough Nigeria, in response to the use of the Cybercrime legislation in the arrests of citizens have challenged the constitutionality of sections 24 and 38 of the Cybercrimes law in court.

    “The case has been in the courts since 2016. We lost at the court of first instance and we are now at the Court of Appeal. Strategic litigation could be a long and drawn out process and as such patience and perseverance is required in this endeavour,” Ogundipe submitted.

    During the workshop, which held between from February 26 – March 3, over 35 researchers and practitioners from across Africa were gathered at Kabira resort Kampala Uganda for an intense week of study on research methods that underpin Internet policy and advocacy on the continent. The workshop participants were drawn from 16 African countries while the faculty were drawn from within Africa, Europe and the United States.

    The Workshop ended with participants asking questions from the session leader, particularly on how best to conduct strategic litigation within their countries and was organized in conjunction with the Internet Policy Observatory at the Annenberg School for Communications, University of Pennsylvania.