In light of the increase in cyber attacks on websites and information technology (IT) infrastructure of governmental organisations, banks and other public financial institutions, industry stakeholders advocate for organisations to focus attention on strategic investment in cybersecurity infrastructure to stem the tide and stay competitive.
Experts in their various summations at a special Information Value Chain forum organised by Digital Jewels in Lagos with the theme: Cybersecurity, Data Privacy and the Role of Standards, say the growing global trend in cyber threats has made it pivotal for organisations to create awareness about cybersecurity, adding that in cybersecurity, people are the organisation’s weakest link.
They point out that with the increasing incidents of cyber attacks it has become necessary that organisations maintain the highest level of security in infrastructure, people and processes to ensure their information assets are safe at any point in time.
Richard Merrygold, principal consultant, Intelligent Storm Solutions Limited, UK, states in his presentation that in the last four to five years there has been a continuous increase in the number of organisations considering cyber security insurance as a backend measure to protect themselves from the underlying costs arising from any breach, particularly with regard to the enforcement of the Global Data Protection Regulations in the European Union.
Merrygold says the GDPR requires organisations to be honest, transparent and fair when processing information relating to individuals. They must be clear upfront with whatever information they want to collect and why they want to use it, as they can no longer hide behind the ambiguous privacy notices to violate individuals’ personal data.
Speaking at the event, Adedoyin Odunfa, MD/CEO, Digital Jewels, who doubles as the moderator, explains that the forum was organised in commemoration of the Cyber Security Month and the World Standards day to draw attention to actions that organisations and government agencies can take to structure a safer environment for data security for their workforce and to effectively boost their bottom-line with their online presence.
Odunfa says there is the need to take seriously the preservation of important data for organisations, whether it be in private or public sectors, stressing that with the right action plans and investment strategies put in place, organisations and managers of government agencies will be better informed on the intelligent ways to deploy cybersecurity resources to achieve their set goals.
Reflecting on the state of Cybersecurity in Nigeria at the event, David Isiavwe, president, Information Security Society of Africa-Nigeria, says there is crisis in some sectors given the level of sophistication and frequency of the attacks on individuals and businesses.
He draws the attention of stakeholders to the fact that while there is an increasing incidence of attacks in all of its manifestations, however, there is no commensurate level of cybersecurity skills available to address them.
The panel, which included Aliyu Aziz, director-general of NIMC, and Jalo Waziri, CEO of CSCS, agrees that because of the high stake financial implications arising from vulnerabilities and penalties for non compliance with regulatory security standards, it is imperative for organisations that host or process data of persons, particularly of those with dual citizenship and across border entities to do everything possible to comply with the extant regulations of the jurisdictions wherein they operate.
This in effect makes GDPR certification a globally accepted best practice and the data security protection measure a must. In fact, it should be mandatory for all organisations, they say.
According to the thought leaders, “This will ensure organisations have enough processes and governance to ensure that risks are being identified and appropriately mitigated.”
They noted that it will be difficult for organisations to totally eliminate the incidents of cyber-attacks and therefore called for the option of investment in cyber insurance.
“We have human resources, we should be able to convert them to valuable talents and assets,” Odunfa adds.
The GDPR is a new regulation that came into effect in May 2018 in the European Union which requires organizations that deals in the region to be more transparent in the sourcing, use and control of access to personal data of individuals in their portfolio to ensure such information is not compromised on any grounds.