‘Nigerian government needs to draw up realistic cyber security policies’
The latest cyber security global threat index released by Check Point software technologies limited shows a slight improvement in Nigeria’s cyber security ranking. In this interview, Rommy Okonkwo, Country Manager Check Point Software Limited speaks to Jumoke Akiyode Lawanson about the importance of cyber security in organisations and government institutions. He also proffers possible solutions to further secure Nigeria’s cyber space from threats and compromise. Excepts.
Checkpoint recently released its latest cyber security threat index, what is this all about and where does Nigeria stand in this index?
The threat index ranks Nigeria at 13th position, which shows improvement from August to September 2017, dropping four places from its former 16th position on the global ranking. If you look at the index, you will realise that the top three most wanted malware in Nigeria today are rooted; which is the large scale malvetting used to deliver various malicious websites such as payloads which is synonymous to accounting firms. They are scams, hardware, exploit kits and ransomware. The second one is ramnit and the third is lucky. Checkpoint is dealing with these by creating solutions to secure your systems from all these malwares and I believe that this is likely contributory to Nigeria’s improvement in the global threat index ranking.
Checkpoint is a cyber security company that protects over 100,000 organisations across the world, what sector do most of your clients come form and which organisations are mostly affected by security breaches online?
Checkpoint is actually not limited to the number of customers that it currently provides security services to, but as for today, virtually all the banks are being covered by checkpoint solutions. Five years ago, we sold to the financial services sector in Nigeria secure solutions for data protection and we have presence in the financial services sector. However, we also provide services to telecommunications service providers, manufacturing services, oil and gas industry, insurance companies and a few Fintech companies and largely to the public sector government, which is actually our key focus today.
Financial institutions in Nigeria are cyber security conscious and have taken various steps to secure data; however, can you say the same for government organisations in the country? How safe are citizen’s data collected by government agencies?
Any government that is not aware that the world has gone beyond the physical and is now digital and does not have a plan in place as to how it will protect its key infrastructure including its defense, ports, electricity and other key revenue generating streams is not preparing for the future. I am not sure that Nigeria is exactly where it should be as a country but I know that there are plans in place, the awareness for security keeps growing and that is the first step. We keep hearing of government agencies bracing up to cyber security challenges and they try to put things in place to make sure that the environment is protected because this is the only way the government agencies, ministries and parastatals can function effectively. You will agree with me that when an organisation is down, the cost of bringing it back up is very high and the down time negatively impacts the business which also impacts the revenue.
Would you suggest that security processes be put in place first before the enforcing the need for biometric data such as those collected for BVN, SIM card registration, PVC, National driver’s license etc which are yet to be harmonized and may not be secure?
We need to first draw up what the security policies should be for individuals and then for government and agencies. Government needs to first decide what our security policies should be across all board; these processes for security should be readily available before we can start thinking of how to implement them. For instance, you work in an organisation, you may not be able to appreciate what security your organisation has put in place if you don’t understand what the organisation’s security policies are. You should be able to know that certain documents should not be within the reach of certain people; likewise, the government should draw out its security policies of all its sectors and institutions before going ahead to implement data collection. The second thing is infrastructure. You cannot talk of a functional security without talking about the infrastructure which it sits on top of. Have the Nigerian government put the necessary infrastructure in place today? Regardless of this, we can say that the different ministries are putting in a lot of effort to make sure that they are productive by putting in the right security but as far as I am concerned, I think there is still a lot of work to be done with regard to cyber security across all the government agencies.
Do you think that the federal government would be more active in securing Nigeria’s cyber space when our critical national infrastructure such as electricity is fully digitized?
You and I know that the world is a global village and that is basically why we can sit in Nigeria today and do an online placement in the United States of America, unlike before when you had to fly there to be physically present. A few years ago, when predictions where made about how connected the world would become, many of us though it was a joke but look at where we stand today. Everybody talks about internet of things (IoT) and this is where the world is going today. Everything is virtually going to be done through the internet because what drives this online craze is the internet. So with all that I am saying now, the Nigerian government would only shooting itself on the foot if it chooses to ignore what is going on in the world. We need focus. If it is the focus of the government to be efficient in her decision making and productive in her dealings across all boards, then the government must make sure that her key infrastructures are connected in real time and fully digitized because this is what the west has done many years ago. We cannot successfully trade internationally if we are not connected in real time and therefore, productivity and efficiency is being affected.
What significant changes are checkpoint cyber security solutions making in Nigeria’s financial services sector since it was introduced five years ago?
What we have done over the years is to create awareness and let the industry be aware of what is happening. Some of the things that we are talking about today are things that have been in existence for a couple of years back in the West. Five years ago, the awareness for cyber security was very low, but what we did by coming in was to prepare the ground for what we have seen from global trends. Although the banks will never give figures as to how much they have lost as a result of a cyber attack so as not to scare their customers. So some of them, even when their systems have been breached or compromised, they will not come out publicly declare what they have lost. However, I know that banks get compromised and hacked repeatedly, almost on a daily basis. What they do is to be reactive; some of them don’t act until they are affected, but that should not be the mindset of someone who wants to be efficient and productive in his dealings. What we preach today is pro-activity- be there before anybody and put your house in order before the cyber criminals get to your place. The key impact of our solutions is that we have drastically reduced the rampant malware across most of these institutions. Our solution basically makes sure that the malware in most cases are completely eliminated. On a scale of one to 10, I would say our solutions stand at eight.
What are the challenges faced in pushing cyber security solutions to enterprises and government agencies in Nigeria and Africa as a whole?
One of our biggest problems is awareness. Security awareness and consciousness in Africa is not where we want it to be. What I have also seen over the years as a challenge is trust. Security is not like a server or a physical object, so when you mention it to the management, they cannot actually see what you’re charging them for. So some people find it difficult to buy the idea of investing in security.
Another major challenge in Nigeria is the non-enforcement of the cybercrime act. There have been no successful conviction of cyber criminals and some have even argued that the punishment which is often a fine is not grave enough. The question some businesses have asked is; ‘we have run this business for so long and nothing happened, how come you are telling us now that we have to spend this much to put our company in order’? But we have also had instances where people come to us and say that they need help with securing their digital space. Have you ever thought of how much you would lose if your company is hit by Ransomware attack? The whole world was shaken with the last Wannacry attack and the effect was felt worldwide. We are going to see more of that because the cyber criminals will keep innovating and it is only the people that are not ready that will fall victim. The government needs to take authority of security challenges.
Do you think high cost is a major reason for low adoption of cyber security solutions in Nigeria?
People who know the value of cyber security would go for it to save them the stress in the long run. The excuse of high cost can be explained as being penny wise and pound foolish because buying something that costs $100 and would last for 10 years is better than buying something for $5 when you know it would only last for six months. What drives organisations to invest in security is the value and the mindset of the people that of the people. Because the day you are breached, the integrity of your organisation is also at stake, apart from the amount of money, time and critical data lost.
Has it been easy for checkpoint to play in Nigeria’s IT industry since it was established 5 years ago; especially since most organisations are already comfortable with purchasing older cyber security solutions?
Checkpoint Nigeria understands the local market. You cannot know the American market more than Americans themselves, in the same way; you cannot know the Nigerian market more than Nigerians themselves. We know that there are bottlenecks in this industry, but if you are running a particular business it always helps to get someone indigenous, experienced and someone who has the ability to network. Honestly speaking, it has not been easy playing in this market but the essential thing is to continue to device strategic means to make sure that the business runs smoothly because the challenges will always be there.
Big Read |