‘ Why cybercrime menace may not abate soon’
Toluwanimi Banji- Idowu is a cybersecurity engineer, SDG 4 and 9 supporter and Associate Systems Engineer with Trend Micro, a tech company. In this interview with ADEYEMI ADEPETUN, he spoke on what is fuelling the rise in cybercrimes and the potential dan
There has been an upsurge in cyber attacks since the beginning of the year. What are the factors fuelling this menace?
F
IRST of all, I think we all need to know that people are the weakest link in cyber security, in the sense that you need to create cyber security awareness, training and programme for individuals because before someone could gain access to your network or your mobile phone or any device, basically, it could be as simple as clicking on the link of an email. So, I think businesses and organisations shouldn’t joke with awareness. People need to know that if you compromise certain things, some things are bound to happen. As simple as it sounds, people should be conscious about whatever links they click in an email, calls they respond to and information divulged.
Those minor things can actually help to avoid things getting out of proportion in terms of cyber attacks. I think policy around cyber crimes should be vital and taken seriously. Businesses and organisations should also comply with ISO standards, not just to have the certifications. They need to ensure that after they meet the standards, they keep to those standards.
In addition, attacks that happen in companies start with people. So, it’s high time that we recognised that we are responsible for cybersecurity. We are responsible for our own security. Most times, it is not the responsibility of the company nor is it the responsibility of the cybersecurity vendor, but our responsibility. Cybersecurity starts from you by taking simple and small steps to be secure.
The world is losing greatly to cyber criminals. Can we put a figure to how much Nigeria is losing yearly?
I think as at 2015, news had it that Nigeria was losing about N127 billion yearly. I think the figure was actually from the Federal Government. I want to believe the figure must have increased by now.
To be frank, the challenge here is that companies and businesses don’t come out to say that they have been breached or they suffered a ransomware attack, so, it might be difficult to know how much the figure is now. This is where awareness comes into place and security too. We need to push for more security in terms of solutions that we have deployed in different organisations. Can we say the Cybercrime Act 2015
has been punitive enough?
I doubt if it has been punitive. Between 2015 and now, so many things have changed in the online space. I don’t think the Act has been reviewed since 2015. And a lot has come into play between now and then, which ordinarily should have necessitated a review of the Act to accommodate new things.
Take for instance, as a result of COVID19, so many people went remote and lots of things went into the online space. So, I think the Cybercrime Act 2015 should be reviewed urgently because of new events around us. So many things are evolving regularly. Because of the way things are fast evolving, we need to have a framework in place whereby these policies are reviewed regularly and new things are added as trade actors build up. Also I think I haven’t really seen in the news where punitive measures have been taken as regards the Act.
I think the government also needs to put in more effort into actually abiding by the punishments that they set aside for people that are caught to serve as deterrent to would- be offenders.
Also, I feel plea bargain should not be so lenient, criminals plead guilty and then receive a lesser punishment or fine. We need to look into that seriously as a country. Punishment should be put in place that would discourage other people from doing such and not make it seem like I could take the risk and when I am caught, I can opt for a plea bargain. The punishment should not be lenient and it should be in a way that it would highly discourage other people from participating in cyber crimes.
What is the CPITS by Trend Micro programme about and its benefits?
The programme is basically a certification programme in IT security that equips young graduates or graduates of computer- related courses or people that have a background in computerrelated courses or in cybersecurity. Basically, with this programme, you are equipped with everything you need to know to be a cybersecurity or an IT security professional. You are trained on network security, data security, cloud security, and everything else you need to know. So, the programme is for nine weeks and right now it is open to people in Nigeria, Kenya, South Africa, Ethiopia and Mauritius.
People are trained technically, and once you’re done, you become Trend Micro Certified and that allows you to go into the market space with not just the fundamentals of cyber security and computer networking, but also trademark certified.
You know there is a very huge cyber security gap in terms of talents. So, the programme basically trains individuals on how they can be cyber security conscious, educators and technical professionals. The need for cyber security professionals is very huge in the market; there are serious demands for them. With this certification, such a person can fill the space and impact Nigeria positively.
At a virtual cybercrime forum in September organised by the U. S. Press Council, there was a claim that Nigeria and others face state- sponsored cyber attacks. What is your take on this?
I think that state- sponsored attacks happen to different countries and across different regions of the world. It is not something that we in Africa are protected against, especially countries that have weak cybersecurity profiles. State- sponsored attacks are launched, most times to gain access to secret political powers and control as it were. It has happened many times and to different countries, in different regions. I don’t think our focus should be if it’s going to happen or not. I think our focus should be what are we putting in place to help us mitigate this if it happens to reduce the impact.
So, how are we protecting ourselves as a government or as a country? How are we protecting ourselves? How is the government protecting itself? What have they put in place to reduce the impact? So for me, the focus