Cyber security threats from a global perspective, is on the increase. How big are these threats in Nigeria?
Nigeria is a member of the global society and the country cannot be separated from the opportunities and threats of globalisation. Following the pervasiveness in the use of information technology globally, many organisations in Nigeria are leveraging the internet to transact and interact with customers, employees, suppliers and partners. The internet has become imperative to address our collective capacity to respond to the inevitability of cyber threats, especially advanced persistent threats.
Primarily, the purpose of the majority of such advance threats is to extract information from systems—this could be critical research, enterprise intellectual property or government information, among other things. Today, there is an evolution in the motivation for cyber-attacks.
According to recent research, cyber security is a top global concern, as 82 per cent of enterprises are expected to experience cyber incident in 2015.
So how can organisations, including government owned businesses avert the current threat? Financial industry players like banks have strengthened their cyber resilience through implementation of adequate technology, adoption of process-oriented good practices and standards, and engagement of right skills and competencies. However, our government needs to consider a special vehicle to establish the framework to address cyber security issues strategically, tactically and operationally. This is because cyber security is a security issue, in fact a national security concern.
We need to understand that we cannot succeed by accident. The cyberspace is now recognised as the fifth domain of warfare in addition to land, air, sea and space. Unfortunately, in Nigeria, our cyberspace domain is still a neglected and unprotected territory. Yet, we have come to depend so much on mobile telecommunications, electronic banking and e-commerce for our socio-economic survival.
In specific terms, there is a need for the government to declare an emergency in the cyber security education domain of the country in order to promote cyber security expertise and create a formidable army that will be able to ensure effective national cyber defense. The National University Commission needs to update curricula development and accredit information security courses in our tertiary institutions.
Standards Organisation of Nigeria needs to domesticate the information security related international standards. The National Information Technology Development Agency of Nigeria (NITDA), needs to wake up to her responsibilities as the governing body for IT-related security issues in the country. This is an unfamiliar territory to government bureaucracy and the bureaucrats need to have the humility to collaborate with the professional bodies like ISACA with over 2000 Nigerian members in the interest of security of the country and wellbeing of her citizens.
Where does ISACA fit in all of these? What are the objectives and landmarks of ISACA in Nigeria? ISACA provides practical guidance, benchmarks and other effective tools for all enterprises that use information systems. Through its comprehensive guidance and services, ISACA defines the roles of information systems governance, security, audit and assurance professionals worldwide. The COBIT framework and the CSX, CISA, CISM, CGEIT and CRISC certifications are ISACA certification brands that are globally respected and used by professionals for the benefit of their enterprises. Nigerian banks depend on our members to man their audit, risk, e-business, operations and strategy department. The Central Bank of Nigeria (CBN) guidelines to commercial banks, require them to use ISACA’s framework to align information technology with business strategy.
How can individual sir organisations register with ISACA? To become a member, they are required to register as a professional or student member. Membership gives people access to vast educational opportunities and international networks. Members are supported to earn professional credentials upon passing relevant exam and demonstrating verifiable work experience. ISACA operates three chapters in Nigeria- Abuja, Lagos and Ibadan. There are over 2000 members resident in Nigeria at the last count.
How can ISACA enable proven best practices to reduce the attack surface, and mitigate risks? For over 40 years, ISACA has promoted trust in, and value from information systems. ISACA has published frameworks and standards related to information assurance, information security, risk management, and corporate governance of IT. We have been a global thought-leader on these issues.
In 2015, ISACA commenced a skill-based credentialing programme, Cybersecurity nexus CSX to develop and validate cyber security competencies. This programme is in recognition that the most advanced of cyber attacks, are done by people and the defense side needs to have adequate competencies to reduce or eliminate opportunities for successful attacks. ISACA provides access to the knowledge and competencies for cyber security in over 180 countries of the world.
ISACA Abuja chapter will be 10 years this year. What are your plans to commemorate this, and what are the preparations for the up-coming annual conference? As part of our contribution to promoting the right use of information technology in the country, ISACA Abuja chapter, has been hosting annual international conferences. The seventh edition coincides with our 10th anniversary. This year’s conference theme is “Cybersecurity: Aligning Nigeria with the rest of the World”. The Chief Information Security Officer of the City of Atlanta, USA has accepted our invitation to be the keynote speaker. We are also drawing speakers from other parts of the world and from within the country.
As a social responsible professional body, we shall be donating IT-related books to tertiary institutions and libraries in Abuja. We have also planned a free seminar for students of tertiary institutions interested in cyber security profession. The platform is meant to provide mentorship to future cyber security professionals. To commemorate our 10th anniversary, we will be signing a Memorandum of Understanding (MoU) with organisations that believe in our cause to make our cyberspace safe across the country and region.
Would you say Nigeria security professionals are adequately equipped with the requisite training and knowledge to build a strong core infrastructure, governance and risk management to combat digital security threats? According to CISCO, there are over one million vacant jobs for information security roles worldwide. Another research estimates that more than 35 per cent of enterprises are unable to fill open cyber security positions. I believe security professionals in Nigeria have not been able to gain the recognition they deserve and so they