The Nation Newspaper

Tag: Cybersecurity

  • HP report lists cybersecurity risks for not securing devices

    HP report lists cybersecurity risks for not securing devices

    A report by HP Inc. has highlighted cybersecurity implications of failing to secure devices at every stage of their lifecycle. The findings show that platform security – securing hardware and firmware of PCs, laptops and printers – is often overlooked, weakening cybersecurity posture for years to come.

    The report highlights cybersecurity challenges facing organisations – from supplier audit failures to weak BIOS passwords, Fear of Making Updates (FOMU), a $8.6 billion lost/stolen device epidemic, and growing e-waste.

    The report, based on a global study of 800+ IT and security decision-makers (ITSDMs) and 6000+ work-from-anywhere (WFA) employees, shows that platform security is a growing concern with 81 er cent of ITSDMs agreeing that hardware and firmware security must become a priority to ensure attackers cannot exploit vulnerable devices. However, 68 per cent report that investment in hardware and firmware security is often overlooked in the cost of ownership (TCO) for devices. This is leading to costly security headaches, management overheads and inefficiencies.

    Read Also: How fund saved from subsidy removal is being spent, by govt

    Findings from across five stages of device lifecycle  show that 34 per cent respondents  say a PC, laptop or printer supplier has failed a cybersecurity audit in the last five years, with 18 per cent saying the failure was so serious they terminated their contract.

    The report said every year, lost and stolen devices cost organisations an estimated $8.6 billion. One in five WFA employees have lost a PC or had one stolen, taking an average 25 hours before notifying IT.

    Chief Technologist for Security Research and Innovation at HP Inc., Boris Balacheff, said: “Buying PCs, laptops or printers is a security decision with long-term impact on an organisation’s infrastructure. The prioritisation, or lack thereof, of hardware and firmware security requirements during procurement can have ramifications on the lifetime of a fleet of devices – from increased risk exposure, to driving up costs or negative user experience – if security and manageability requirements are set too low compared to the available state of the art”, Balacheff said

  • CSCS calls for unified cybersecurity strategies

    CSCS calls for unified cybersecurity strategies

    Chairman, Central Securities Clearing Systems Plc (CSCS), Mr. Temi Popoola has emphasised the crucial role of artificial intelligence (AI) and robust infrastructure in bolstering cybersecurity measures.

    Popoola spoke at the 5th CSCS cybersecurity conference held in collaboration with the Office of the National Security Adviser (ONSA).

    He highlighted the increasing risks posed by cyberattacks, which can disrupt entire nations.

    He noted recent incidents, including a breach of Microsoft’s Azure cloud platform that compromised sensitive United States government data and coordinated ransomware attacks targeting Nigerian financial institutions.

    He added that AI’s predictive and responsive capabilities are essential in combating these threats.

    According to him, with global cybercrime projected to reach $10.5 trillion annually by 2025, according to Cybersecurity Ventures, there is the necessity of a unified approach.

     “The synergy between AI and infrastructure is not just an option; it is our lifeline,” Popoola said.

     He emphasised that organizations must elevate cybersecurity to a board-level priority, integrating it into all decision-making processes.

    Chief Executive Officer, Central Securities Clearing System (CSCS), Mr. Haruna Jalo-Waziri, said that cybersecurity transcends being a mere technical issue; but a strategic imperative that necessitates the collective efforts of all stakeholders within the financial ecosystem.

    He reiterated CSCS’s full commitment to leveraging AI-driven solutions to enhance defenses and maintain the integrity of its systems.

     “There is an urgent need for robust cybersecurity measures. We must improve our understanding of these threats, and we must learn, decide, and act quickly and decisively,” Jalo-Waziri said.

    Read Also: Training to enhance awareness and skills for cybersecurity

    Director General, Securities and Exchange Commission (SEC), Dr Emomotimi Agama, also addressed the necessity of prioritizing cybersecurity in safeguarding Nigeria’s financial markets.

    “As we undergo digital transformation, cybersecurity must be foundational to our strategy. Protecting investor data and ensuring the integrity of financial transactions is critical. The SEC is dedicated to fostering a resilient market ecosystem through collaboration, regulation, and the adoption of advanced technologies like AI,” Agama said.

    Head, International Cooperation, Directorate of Cybersecurity, Office of National Security Adviser (ONSA), Saad Abubakar underscored the importance of a multi-stakeholder approach in addressing the evolving cybersecurity landscape.

    According to him, by working together, all sectors could create a more secure environment, thereby safeguarding national interests.

  • Training to enhance awareness and skills for cybersecurity

    Training to enhance awareness and skills for cybersecurity

    By Osita Iweze

    While cybersecurity certainly requires sophisticated technology interventions, staff training is equally important in protecting client information, writes Osita Iweze | Head | Cyber Security Officer | Huawei Nigeria |

    Conscious of this, Huawei conducts regular employee awareness and skills enhancement programmes.

    We have done training across a range of cybersecurity and privacy-protection topics and held exams for all Huawei employees, with a 99% success rate.

    We also encourage employees to improve their cybersecurity and privacy expertise through external training and professional certification. To date, more than 500 employees have obtained external professional certifications such as IAPP (privacy) and CISSP (cyber security).

    Huawei has the most IAPP-certified employees in the world. Our Cyber Security & Privacy Protection Knowledge Centre, a one-stop learning and training platform, is already helping employees improve their skills and enhance their knowledge.

    More than 620 000 hours of coursework has been completed by our employees, with a total of more than 290 000 individual enrollments in our 111 courses. This means the average Huawei employee has spent more than two hours taking cybersecurity and privacy training.

    Huawei also remains committed to complying with privacy protection laws and regulations around the world. We have adopted industry-recognised best practices, and have embedded Privacy by Design into product and service-development processes.

    These initiatives contribute to a holistic framework for personal privacy protection policy. We have increased our investment in the management of data-subject rights assurance, developed explicit management requirements and processes, and deployed them in a unified IT system, ensuring that we can promptly process data subjects’ requests.

    To date, we have handled more than 10 000 data-subjects requests. In addition, we completed 26 internal audits to ensure that our personal privacy protection policy has been implemented in a consistent and effective manner. We also passed five external audits as well as one professional inspection by a regulator.

    We understand that cybersecurity is only as effective as the team that implements it. Organisations in the information space would also be well served to ensure that employee training keeps pace with the cybersecurity technology they employ.

  • WAYC ambassador launches cybersecurity initiative to empower youths

    WAYC ambassador launches cybersecurity initiative to empower youths

    In a bid to promote digital safety and security, West African Youth Council (WAYC) Ambassador, Enoch Odunayo, has unveiled a comprehensive cybersecurity initiative aimed at educating and empowering Nigerian youths.

    The initiative, tagged “Cybersecurity for Nigeria’s Future,” seeks to address the growing concern of cyber threats in the country, particularly among young people. 

    With Nigeria’s rapid digital transformation, Odunayo emphasized the need for a culture of cybersecurity awareness among citizens.

    “Nigeria’s youth are increasingly engaged in online activities, but this comes with its own set of challenges. Our mission is to equip them with the knowledge and skills necessary to navigate the digital landscape safely and responsibly,” he said.

    The initiative’s objectives include,  nationwide awareness and education campaigns, skill development programs in cybersecurity fundamentals, promoting responsible digital citizenship, collaboration with stakeholders, creating safe online spaces, fostering innovation in cybersecurity solutions.

    Read Also: Cybersecurity levy: ‘Direct your anger at lawmakers, not Tinubu’

    Odunayo called on Nigerian youth to join the mission, stressing that cybersecurity education and awareness are crucial to protecting individuals and the nation’s collective future.

    To achieve these goals, the initiative will offer, free training programs via Telegram, collaborations with educational institutions, government agencies, and private sector organizations, advocacy for responsible online behaviour and digital rights.

    “Together, we can build a resilient society equipped to face the challenges of the digital age. Let us unite in our commitment to creating a safer, more secure Nigeria where every citizen can thrive in the digital world,” he added.

    This initiative is a significant step towards safeguarding Nigeria’s digital future and empowering its youth to become responsible digital citizens.

  • FG targets improved cybersecurity, productivity through digital technology

    FG targets improved cybersecurity, productivity through digital technology

    The federal government has begun training middle cadre civil servants in ministries, departments, and agencies of government on digital technologies, cybersecurity, and related information and communications Technology (ICT) fields

    The government maintained that cybersecurity and improved productivity remained a top priority of the present administration given the current challenges facing the country.

    The Ministry of Communications, Innovations, and Digital Economy, under the leadership of Dr. Bosun Tijani, is spearheading a transformative programme aimed at modernizing government operations.

    Launched in June, this monthly initiative will continue until all Ministries, Departments, and Agencies (MDAs) are included.

    According to the Ministry, the programme is a strategic effort to engage civil servants in the Tinubu administration’s transformation agenda, shifting from traditional methods to digital or automated systems.

    The training, held in batches at the Digital Economy Complex in Mbora, Abuja, focuses on the theme “Building Trust in Digital Public Services: The Critical Role of Cybersecurity.”

    Read Also: Reconsider 18 years minimum age to write WASCE, Ajadi urges FG

    Additionally, the Ministry is committed to promoting the adoption of modern technology tools to enhance government service delivery, improve productivity, bolster food security, and safeguard the integrity of the nation’s cyberspace.

    Tagged as “Delv in Government,” the programme would assist government diversification of the revenue base and improve the country’s Gross Domestic Product (GDP).

    Our Correspondent gathered at the weekend during the programme that the Minister had never missed any session since the programme started because he was passionate about carrying everybody along in ensuring the digital transformation of the country’s workspace.

    Speaking at the event, the Director General of the National Information Technology Development Agency, NITDA, Kashifu Inuwa Abdullahi said the programme was necessary for the transformation of the digital workspace and the need to ensure the integrity and security of the entire system.

    Abdullahi who was represented by the Acting Director of Standards, Guidelines, and Framework at NITDA, Mr Emmanuel Edet said the” delve in government programmes” was designed to put together developers working for federal government agencies and departments in order “to create a community of IT tech-savvy staff and share ideas on how to develop service delivery in government through technology.”

    He said: “So basically on a monthly basis, we gather here together, pick a theme and discuss how to enhance our knowledge, and share practices on how we can better use technology to deliver government services.

    “All Ministries, Departments, and Agencies of government are participating in the programme.

    It serves also as an educational channel where people compare notes, identify similar challenges, identify how those challenges have been resolved in other government agencies, and move the country forward through the deployment of modern technologies.

    “It is important that at this level all tools of modern technology are used to improve cybersecurity, enhance productivity, and build confidence and trust in the day-to-day activities of government.

    “Security in technology is absolutely necessary to create trust and confidence to enable people to use the technology. The government is adopting all necessary tools, migrating from IPv4 to IPv6, Internet of Things (IoT), Artificial Intelligence (AI) and providing certain layers of security for all transactions and communications in cyberspace “.

  • Group unveils plans to create 3 million cybersecurity-related jobs by 2030

    Group unveils plans to create 3 million cybersecurity-related jobs by 2030

    The Centre for Cohesion and Development (CCD), a non-governmental organisation promoting cybersecurity and cyber hygiene has unveiled a plan to create millions of jobs in information security for the young people in Nigeria. 

    In a short ceremony attended by select journalists and members of civil society, the Group’s Lead Director Dr. Uche Igwe described the global rise in cybercrime as an opportunity for young people in Nigeria to develop career pathways in cybersecurity to fill the skill gap. 

    According to him, there is a huge shortage of cybersecurity professionals globally. Available statistics indicate that at least four million cybersecurity professionals are required globally annually. 

    “We plan to ensure that Nigeria contributes 500,000 talented individuals to that pool per annum. That will be 3 million jobs over the next six years. 

    “Currently, we have a plan in place to achieve that. We are convening the Abuja Dialogue on Cybersecurity to ensure that we get the buy-in of relevant actors including government and civil society. 

    “Our young people are exceptionally talented. What they need are life-transforming skills that will give them access to the international job market. 

    “The energy that some of them channel to cybercrime can be diverted to productive use through the right training, guidance and capacity building,” Dr. Igwe stated. 

    The group announced a shift in the date of the proposed Dialogue to the 3rd and 4th of September at BON Elvis Hotel Wuse 2. 

    Read Also: Tinubu sowing seed of progress, prosperity, says Sunday Dare

    According to the Deputy Chairman of the Organizing Committee, Ibrahim Lawal, this postponement is to allow for the nationwide protests scheduled to be held from the 1st of August. 

    The group regretted the inconveniences that may be experienced by participants and delegates who are already preparing to attend the Dialogue from far and near. 

    The group provided assurances to ensure that relevant stakeholders will be able to attend the event to collectively discuss how best to grow a thriving domestic cybersecurity workforce that could be exported physically and virtually to other countries. 

    The Abuja Dialogue on Cybersecurity is organised in collaboration with the Nigerian Police National Cybercrime Centre (NPF-NCCC) and supported by the Nigerian Communications Commission (NCC), and National Information Technology Development Agency (NITDA) among others. 

    The session will double as a preparatory meeting for the Africa Cyber Defense Forum scheduled to be held in Kigali Rwanda from the 15th-18th of October.

  • ‘Cybersecurity Levy  failed due to poor communication’

    ‘Cybersecurity Levy  failed due to poor communication’

    Creative Intelligence (CI) Group Chief Executive Officer, Femi Odewunmi, has said suspended Cybersecurity Levy is a reminder of the price governments pay for neglecting proper communication strategies, .

    Speaking on the botched exercise following outrage, he said: “This incident exposes haphazard crisis communication in the public sector. Moving forward, prioritising clear, transparent, and timely communication is crucial to gain public support and avoid missteps,” he said.

    He advised public institutions to note that effective communication was not optional nor just an expense, but an investment in ensuring successful policy implementation.

    Odewunmi, however, noted the Cybersecurity Levy was intended to bolster national defences against cyber threats.

    He said negative sentiment and self-inflicted wound faced by Central Bank, Office of National Security, and the Presidency was avoidable through proper communication.

    Read Also: Akpabio reshuffles Senate’s standing committees

    “Media reports point to missteps that fuelled public discontent. First, the levy’s introduction lacked transparency. The public was in the dark regarding the levy’s allocation and justification for a 0.5 per cent levy on electronic transactions. This fostered suspicion and distrust. Also, the timing, amid hardship, was insensitive. Citizens struggling with inflation saw the levy as more burden.”

    Speaking on the missed opportunity, he said a proactive and transparent communication strategy could have mitigated the damage.

    “Imagine a scenario where government, before implementation, educated the public highlighting escalating cyber threats facing the financial sector and critical infrastructure…’

  • Expert seeks collaboration on cybersecurity

    Expert seeks collaboration on cybersecurity

    A security expert, Adebola Folorunsho, has advocated collective efforts among government, corporations and security experts  to reduce cybersecurity threats in Nigeria and globally.

    She said current digital era’s influence on businesses across the globe necessitates strengthening security of sensitive data related to corporations and institutions to prevent potential cyber attacks.

    Speaking in Ibadan, the expert said nailing down nationwide security and ensuring application security across corporate and public sectors are prerequisites to prevent cybercriminals from accessing confidential data.

    According to her, strategic alliances between government bodies, businesses, and cybersecurity experts would amplify application security and augment resilience to cyber threats. 

    She said: “Such collaborations could materialise as coordination, expertise sharing, and pooled resources.”

    Folorunsho stated that harnessing these collaborative resources could increase application security and resilience.

    “The government’s role will not only brings regulatory supervision to ensure the best security standards are upheld, but also contributes to the knowledge and development of cybersecurity regulations and application security frameworks,” she said.

    She noted that unification of these three entities was a key factor in utilizing collective intelligence to fortify defences against looming cyber threats. 

    “Government agencies would initiate regulations, businesses would enforce them, while cybersecurity experts fill the knowledge gap.

    “The alliance of these groups would result in a robust, secure application system, presenting significant advantages in tackling cyber attacks,”  Folorunsho said.

    She said this collaborative approach was the only viable path to secure and resilient applications and to safeguard systems and data from growing menace of cyber attacks.

    Folorunsho said the switch towards technology-driven operations by organisations and government agencies for optimal efficiency come with substantial risks from the cyber domain.

    She said strategies that implement a diverse range of applications to manage distinct processes must be adopted to curb cyber attacks and safeguard information.

    She maintained that the challenges confronting many organisations and decision-makers arise from lack of understanding and awareness about implementing robust application security measures against cyber threats.

    She however recommended incorporating security checks and measures at the inception and at each phase in the software development lifecycle. 

    The experts said that the tactic could resolve several issues such as vulnerabilities, time and cost inefficiencies, and fortify defences against cybercriminals accessing our data.

    Folorunsho advised organisations to regularly backup their data, update their security measures, conduct security assessments, gather intelligence, and continuously train their security teams to enhance their application security.

  • Central Bank withdraws Cybersecurity Levy circular

    Central Bank withdraws Cybersecurity Levy circular

    The Central Bank of Nigeria (CBN) has withdrawn its earlier circular directing commercial banks, mobile money operators, and other financial institutions to implement the National Cybersecurity Levy.

    The circular, issued  May 6, 2024, with reference PSMD/DIR/PUB/LAB/017/004, mandated the institutions to collect a 0.5 percent levy on all electronic transactions.

    The move was primarily informed by President Bola Ahmed Tinubu’s directive and widespread concerns raised by Nigerians.

    Critics argued that the levy would be an additional burden on the populace already grappling with rising inflation. Additionally, worries were expressed about the clarity and transparency of the implementation process outlined in the initial circular.

    Read Also: Ten things to know about FAAN’s new e-tags for airport access

    The withdrawal of the circular is contained in a statement by   Chibuzo A. Efobi, CBN’s director, Payments System Management Department, and   Haruna B. Mustafa, director, Financial Policy and Regulation Department.

    The new circular, titled “RE: CYBERCRIMES (PROHIBITION, PREVENTION, ETC) (AMENDMENT) ACT 2024-IMPLEMENTATION GUIDANCE ON THE COLLECTION AND REMITTANCE OF THE NATIONAL CYBERSECURITY LEVY,” simply states that the previous circular is withdrawn  

    The new circular suggests, however, indicated that the CBN may be re-evaluating a new approach to funding cybersecurity initiatives.

  • North’s stakeholders okay cybersecurity act

    North’s stakeholders okay cybersecurity act

    …say banks, not citizens should bear burden

    Northern Stakeholders on Thursday, May 16, rose from a one-day roundtable discussion on the Cybersecurity Act, asking the federal government to commence implementation of the Act, considering its many benefits to national security.

    The stakeholders were however quick to state that, banks and other financial institutions should bear the burden of the proposed 0.5% levy, rather than passing it on to the citizens who they argued were already facing multiple taxes and levies imposed by banks.

    The northern stakeholders, most of whom were drawn from Civil Society, NGOs and Academia, were led by the director of Arewa House, Shuaibu Shehu Aliyu, Secretary General of Arewa Consultative Forum (ACF), Alhaji Murtala Aliyu and Director General of Sir Ahmadu Bello Memorial Foundation, Gambo Umar, other

    Reading their communique to journalists at the end of the meeting, Aliyu noted that, the discussion which was organised to review and make inputs on the Cyber Security Act, examined the degree of vulnerability to Cybercrimes, the methodology, and mechanisms to be applied, as well as the organizations to pay the levy.

    According to him, “The participants acknowledged that the Cybersecurity Act is a well-articulated and necessary initiative to address the increasing cybercrimes in Nigeria. The Act is seen as a positive step towards safeguarding the country’s digital infrastructure and protecting its citizens from cyber threats.

    “The participants recognized the real and significant danger posed by cybercrimes to the country. They emphasized the need for effective measures to prevent and combat cybercrimes, as they can undermine national security, economic stability, and the privacy of individuals.

    “There was a general concern among the participants regarding the usage of funds collected through the proposed 0.5% levy. They stressed the importance of accountability and prudent utilization of the funds to ensure that they are allocated to the appropriate areas, such as strengthening cybersecurity capabilities, enhancing law enforcement efforts, and supporting initiatives aimed at educating the public about cyber threats.

    Read Also: Yul Edochie lauds Tinubu for suspending cybersecurity levy

    “The participants recognized that citizens already face multiple taxes and levies imposed by banks and other financial institutions. They emphasized the need for these institutions to bear the burden of the proposed 0.5% levy, rather than passing it on to the citizens. This approach would alleviate the financial strain on individuals and ensure that the responsibility is shared by institutions that directly benefit from enhanced cybersecurity measures.

    “The participants acknowledged the prevailing physical insecurity challenges, such as kidnappings, terrorism, and banditry in the Northern region. They emphasized the need to allocate a portion of the funds generated through the proposed levy to address these issues.

    “By investing in initiatives to enhance physical security, the government can create an environment that supports the effective implementation of the Cybersecurity Act, as both cyber and physical security are interconnected.

    “The participants recognized the need for collaboration among various stakeholders, including government agencies, academia, NGOs, and Civil Society Organizations, to effectively implement the provisions of the Cybersecurity Act. They emphasized the importance of fostering partnerships to share knowledge, resources, and best practices in combating cybercrimes.

    “The participants emphasised the importance of ensuring that the implementation of the Cybersecurity Act does not infringe upon the civil liberties and privacy rights of individuals. They urged for the development of safeguards and mechanisms to protect the rights of individuals while effectively combating cybercrimes.

    “The participants stressed the importance of collaboration between the government, law enforcement agencies, and the private sector to effectively combat cybercrimes. They recommended the establishment of strong partnerships and information-sharing mechanisms to facilitate timely response and investigation of cyber incidents. This collaboration would enhance the overall cybersecurity ecosystem and contribute to a safer digital environment for individuals, businesses, and the nation as a whole.

    “The participants expressed their gratitude to the organizers of the round table discussion and pledged their commitment to supporting the implementation of the Cybersecurity Act. They urged the government to consider the points raised during the discussion and ensure that the Act is implemented in a manner that alleviates the burden on citizens, promotes awareness and education, and addresses both cyber and physical security challenges in the Northern region and the Country,” the communique read.