GROpinion
Unprecedented Digital Attack Looming: Nigerian Government Beware!
In this article, the co-founder of Yomi Olalere, Co-Founder, Abaster Consulting Inc, made a direct call to the Nigerian government (including the State government) to have an urgent and comprehensive review of her cybersecurity infrastructure.
Such review, he believes, must prioritize specific areas of our critical infrastructures to prevent the growing internal threats, and impending external attacks. The author continues:
Attacks of varied proportions are nothing new in the world of digital connectivity, but the impact of same could spell a doom for the national economy and our collective existence.
This attack is projected to gain entrance into our infrastructure through the very trusted government officials and agencies. Everything we have achieved as a Nation from pre-independence, and even prior to the birth of our dear country are at the greatest risk ever!
I hereby call on the government to review her culture of cybersecurity negligence, digital trivial, and total disregard for anything, and everything ‘secure-technology.’
By technology, I did not imply having a Facebook, Imo, Twitter or Snap chat accounts, but all the three-tiers of computer system starting from the operating system, database and other supportive ERP applications.
Of those critical sectors at risk, banking, telecom, public service, hydro/electricity, airline would indubitably share the bigger loss.
It is time to protect our democracy against fake news, and discourage attackers from stealing core national secrets, or confidential information. We must stop talking about cybersecurity, but actively and common-sensibly pursue an offense-in-depth digital-security strategy, policy formulation, solution deployment, support and monitoring.
As I have mentioned in my previous article, technology is not just a tool or mechanism to enhance our private lives, but a close ‘ally’ capable of improving our productivity by making us (the users) more effective, efficient and contributive.
However, the advancement in technology has also attracted the back-door interests from those who preyed on the gaps of a loose technology, software applications and programming errors.
Only if our institutions are truthful and adhere to the cybersecurity legislations would they report on several successful attacks that have been launched against Nigeria government IT infrastructure.
Have you seen the rate at which cyber-crimes including Yahoo Yahoo, and Yahoo+ have gained prominence in Nigeria?
The Cyber-crime rate coming out of Nigeria is unprecedented, and so are the digital attacks happening elsewhere. Yes, it happens everywhere, but the question is what are we doing as a Nation to prevent the ongoing and imminent cyber-attacks? Do we have offense-in-depth system, or a defense-in-depth approach to safeguard the national assets, and citizens’ information?
With the rampant of digital attacks, the immediate action of a responsive government should include, among others, a complete review of all agencies’ website, domains, applications (including ERP), servers, critical infrastructure, E-mail system, interfaces, all integration points, disaster recovery plans, all back-ups, portals, and any electronic data interchange to ensure none is prone to attack, or better still, to identify vulnerabilities which could possibly be exploited by threat agents.
Perhaps, such long list of tasks might be too much, but let’s start with addressing the culture of using personal emails, text messaging, and WhatsApp for exchanging critical, sensitive, and important government economic activities, and national security issues.
The proliferation of digital inventions, and the flurry of cyber-attacks should drive the business case for a renewed approach to how the Nigerian government conducts its business online.
Let me quickly remind us that if you are a Nigerian government official and still uses public email domain such as, Yahoo.com, Gmail.com, Hotmail.com, Outlook.com, Msn.com, to conduct the national business, you are a threat agent and have no business (whatsoever) handling any information related to the Federal Republic of Nigeria. Period!
Those email accounts have been hacked many times, and possibilities are most of the sensitive and critical information in your inbox have been read, copied, rendered public knowledge, and, or in worst case, sold to other governments.
Less we forget, Hillary Clinton lost the last election to Trump partly because she hosted government businesses on personal email server. Why would any public official found public email domain the most secure option for conducting the national business?
The risks associated with transacting government business on personal or public email domain is far proportional than the perceived ease of communication you may ever think of.
If you are ever in doubt, I ask you to check if your email has been hacked at https://haveibeenpwned.com/.
Think about it! If an hacker knows certain information that could embarrass Nigerian Government exists in John’s personal email, they would probably have no difficulty writing few codes, or initiating a dictionary attack using permutations and combinations of characters to break the password and get all they needed from John’s account.
However, this may not be the case if John’s email is hosted on a private domain secured by the Federal government or the National Security office.
The dangers of using public email account to conduct national business includes, among other things, a risk to life, stealing of critical information, spreading of false information branded in fake news, loss of funds that could pose a serious liability issue, as well as, a threat to national security.
To this end, I propose the following bold strategy to protect our image, democracy, achievements, and economy.
- Migrate all agencies’ email to a single/central domain called, Nigeria.ng. For our friend, John the email would read, [email protected] without specifying John’s agency or department. Canada has done this, and it can be replicated in Nigeria.
- Secondly, develop, or improve the National security policies to include reward for compliance and penalty for non-compliance.
- Thirdly, embark on total overhaul of our risk management strategy with focus on cybersecurity, information and IT security in manners consistent and proportional to the value of our assets.
- Fourth, implement a continuous national security awareness training, and ensure security cultural awareness is considered an integral part of the employees’ performance evaluation.
- Finally, you can reach out to me for further actions or advise on preventing the imminent threat on our national cybersecurity infrastructure.
About the author
Yomi Olalere, CISM, CISA, CRISC, SAP, is the Co-Founder, Abaster Consulting Inc .
He can be reached via: [email protected]
(This article was first published by TechEconomy.ng, take note)
GROpinion
Insecurity In Zamfara – Hold Lawal Accountable, Not Matawalle
Writes Nasiru Aliyu, Media Advisor to the Hon. Minister
The recent protest organized by the All Progressives Congress (APC) Akida Forum raises significant questions about political motivations and accountability.
Led by Musa Mahmoud the APC AKIDA group staged a demonstration at the Abuja headquarters of the Department of State Services (DSS), demanding an investigation into the Minister of State for Defence, Dr. Bello Mohammed Matawalle, amid allegations linking him to banditry in the state.
The protest, predominantly featuring hired women and youths from Abuja, was framed as a response to escalating security concerns in Zamfara.
However, the underlying motives appear to be rooted in political rivalry rather than genuine concern for public safety.
The leader of the APC Akida Forum Tijjani Ramallan claims that Governor Dauda Lawal has accused Matawalle of collusion with bandits, suggesting that such ties have perpetuated the insecurity plaguing the region.
A critical point overlooked by Mahmoud and his supporters is that Matawalle is no longer the executive governor of Zamfara.
The current governor, Dauda Lawal, now holds the title of the state’s chief security officer, and therefore, he bears the primary responsibility for addressing the security crisis.
Instead of engaging in a blame game, Lawal should focus on implementing effective strategies to combat the rampant insecurity and provide the dividends of democracy to the people of Zamfara state.
The animosity towards Matawalle seems to stem from his previous role as the Director General of Bola Ahmed Tinubu’s campaign in the Northwest, where he played a pivotal role in securing significant electoral support for the current president.
This success has reportedly fueled envy among some political figures like Tijjani Ramallan, including Musa Mahmoud and others who may feel threatened by Matawalle’s rising profile.
It is noteworthy that allegations against Matawalle have been investigated by the National Security Adviser’s office, which found no evidence to support claims of his involvement in banditry.
This investigation contributed to President Bola Ahmed Tinubu’s decision to retain Matawalle in his ministerial position, where he has reportedly managed security matters in the Northwest with professionalism.
Adding to the complexity of this situation, a Kano High Court recently issued a restraining order against Governor Lawal and others, prohibiting them from continuing their smear campaign against Matawalle. This legal development underscores the court’s recognition of the potential harm caused by unfounded allegations and the need for accountability in political discourse and the state government has found an ally in APC AKIDA led by Tijjani Ramallan.
Despite the court’s intervention, Governor Lawal continues to leverage media platforms to tarnish Matawalle’s reputation, linking him to banditry and corruption without substantiating evidence.
Such tactics appear to be desperate attempts to undermine Matawalle’s credibility, likely motivated by Lawal’s desire to solidify his political standing.
The ongoing campaign against Matawalle by Lawal and his associates raises serious concerns about the integrity of political discourse in Zamfara.
It is imperative for the public to remain vigilant against misleading narratives and to recognize the broader implications of such political maneuvers.
The Kano High Court’s ruling serves as a reminder of the importance of due process and the need for responsible governance.
In conclusion, the focus of accountability in Zamfara should shift towards Governor Dauda Lawal, who now holds the reins of security in the state.
Instead of casting blame on former officials, Lawal must take ownership of the security situation and work towards tangible solutions that prioritize the safety and well-being of the people of Zamfara.
Furthermore, since Matawalle operational visit to sokoto led to the elimination of Bandit leader Halilu Sububu who is alleged to have died with the treasure of the sponsors of banditry in zamfara state, the pain propelled them to further embark on campaign of calumny.
The recent activities of some individuals with one Davids Iyida attempting to sabotage the MoMo Payment Service Bank project intended to benefit, especially Enugu Ezike people, have raised significant concern and outrage within the community.
Such actions aimed at undermining a project with immense potential to uplift and empower the people of Enugu Ezike can only be described as malicious.
The MoMo PSB project is designed to bring financial services closer to the people of Enugu Ezike, facilitating easier access to banking and financial transactions.
This project is expected to create jobs, stimulate local businesses, and provide a much-needed boost to the local economy. In a region where such opportunities are rare, the MoMo PSB project represents a beacon of hope for many residents.
It is particularly baffling and disheartening to witness a member of the community collaborate with outsiders to hinder the progress of their own people.
The reasons behind such alliances remain unclear, but the impact of these actions is evident and deeply troubling. Working to obstruct the project is not only delaying progress but also actively working against the welfare and advancement of Enugu Ezike.
The efforts to destroy Kingsley Ifeanyi Adonu’s good intention, despite all the positive contributions he has made, are nothing short of wickedness.
Adonu, a visionary entrepreneur and the leading MTN Partner in the South East, has dedicated significant resources and efforts to bring the MoMo Payment Service Bank project to fruition.
His vision for the community includes economic growth, financial inclusion, and overall development. Attacking his vision is an attack on the progress and future of Enugu Ezike.
The question that lingers in the minds of many is: Why sabotaging our own benefits? In a time when unity and collective effort are paramount for the community’s advancement, such actions of sabotage are counterproductive and harmful. The community needs all hands on deck to drive development and improve the quality of life for its residents. Internal conflicts and malicious actions only serve to set back these efforts.
Despite the challenges and the malicious attempts to derail the project, it is important to reaffirm that S Mobile Group vision for establishing a MoMo Payment Service Bank in Enugu Ezike will prevail.
The community stands behind this vision, recognizing the immense benefits it promises to bring. Efforts to hinder progress will ultimately fail in the face of collective determination and support.
The actions of these ungrateful individuals, aimed at sabotaging the MoMo PSB project, are grave disservice to the community of Enugu Ezike.
In a time when progress and development are desperately needed, such malicious activities are deeply regrettable.
However, the vision and determination of Kingsley Ifeanyi Adonu and the community’s support ensure that the project will succeed, bringing much-needed growth and prosperity to Enugu Ezike.
Let it be known that no amount of sabotage can dim the light of progress and unity.
Nwodo, a public commentator writes from Enugu State
Writer: CHESTER WISNIEWSKI, Director Global Field CTO, Sophos
With 2024 fast approaching, what are the results for 2023 and what are the developments in the threat landscape for this new year?
The year 2023 was marked by persistence in the tactics of cybercriminals, with the predominance of ransomware, the exploitation of vulnerabilities, theft of credentials and even attacks targeting the supply chain. The common point in all his attacks is their formidable effectiveness.
It is therefore essential to ask what trends will persist in 2024 and what strategies businesses should adopt to deal with these future cyber threats.
Between persistent trends and evolving cybercrime tactics
In 2024, the threat landscape is not expected to change radically, particularly with regard to attack typologies and criminal tactics and procedures.
Criminal groups still primarily focus their attention on financial gains and ransomware remains their weapon of choice. These cybercriminals tend to take the easy way out by opportunistically attacking unpatched security vulnerabilities.
The recent Citrix Bleed attack demonstrated the agility of cybercriminals when it comes to quickly and effectively exploiting these new vulnerabilities.
However, once patches are applied to these vulnerabilities, cyberattackers tend to revert to more common strategies of stealing credentials or, failing that, cookies or session cookies, which, while slightly slower, constitute always a proven means that allows them to penetrate within a system.
In 2024, however, we should expect increased sophistication in defense evasion tactics, particularly due to the generalization of certain technologies such as multi-factor authentication. These attacks will combine malicious proxy servers, social engineering techniques and repeated authentication request attacks or “fatigue attacks”.
AI and regulations will continue to shape cybersecurity
In 2024, the development of AI will have a positive impact on the efficiency of IT teams and security teams by enabling them to strengthen defenses and work more efficiently, including through the processing of vast volumes of data in the aim of detecting anomalies. It should make it possible to respond more quickly in the event of an incident.
Indeed, analysis of attacks in 2023 showed a shortening of the time between network penetration and the triggering of a final attack – using malware or ransomware. The need for rapid detection and response tools to prevent costly incidents is therefore essential.
Finally, regulatory developments could have a major influence on measures taken against ransomware. The need to take more substantial measures could push some states to penalize the payment of ransoms, which would represent a brake on malicious actors and change the perspective of companies in the event of an attack.
Other stricter legislation, such as the implementation of the European NIS2 Directive, is also expected to force companies to take additional measures, particularly regarding their abilities to collect data sets.
To protect themselves against increasingly rapid, effective and costly attacks, companies will need to strengthen their defenses by equipping themselves with tools that allow them to detect and respond to incidents more quickly.
The worsening cybersecurity talent shortage does not appear to be as serious as some studies claim. On the contrary, companies have implemented more lax hiring criteria and more open-mindedness in the recruitment process.
From this perspective, to guarantee their survival in a constantly evolving threat landscape, companies have every interest in establishing partnerships with cybersecurity experts whose main mission is to make the hyperconnected world safer, to advise and assist them. in setting up effective defenses.
Peoples’ Parliament Applauds Otti, Afurobi for Exemplary Leadership
GOCOP mourns with member, Tunde Abatan over wife’s demise
NITDA DG Inaugurates National Technical Working Group on Cloud Infrastructure
LASG Acquires New Outboard Engines For Optimum Boat Performance
Elon Musk builds Hotel in Mars, Sets to launch soon at $5million per night – Photos
