In this article, the co-founder of Yomi Olalere, Co-Founder, Abaster Consulting Inc, made a direct call to the Nigerian government (including the State government) to have an urgent and comprehensive review of her cybersecurity infrastructure.
Such review, he believes, must prioritize specific areas of our critical infrastructures to prevent the growing internal threats, and impending external attacks. The author continues:
Attacks of varied proportions are nothing new in the world of digital connectivity, but the impact of same could spell a doom for the national economy and our collective existence.
This attack is projected to gain entrance into our infrastructure through the very trusted government officials and agencies. Everything we have achieved as a Nation from pre-independence, and even prior to the birth of our dear country are at the greatest risk ever!
I hereby call on the government to review her culture of cybersecurity negligence, digital trivial, and total disregard for anything, and everything ‘secure-technology.’
By technology, I did not imply having a Facebook, Imo, Twitter or Snap chat accounts, but all the three-tiers of computer system starting from the operating system, database and other supportive ERP applications.
Of those critical sectors at risk, banking, telecom, public service, hydro/electricity, airline would indubitably share the bigger loss.
It is time to protect our democracy against fake news, and discourage attackers from stealing core national secrets, or confidential information. We must stop talking about cybersecurity, but actively and common-sensibly pursue an offense-in-depth digital-security strategy, policy formulation, solution deployment, support and monitoring.
As I have mentioned in my previous article, technology is not just a tool or mechanism to enhance our private lives, but a close ‘ally’ capable of improving our productivity by making us (the users) more effective, efficient and contributive.
However, the advancement in technology has also attracted the back-door interests from those who preyed on the gaps of a loose technology, software applications and programming errors.
Only if our institutions are truthful and adhere to the cybersecurity legislations would they report on several successful attacks that have been launched against Nigeria government IT infrastructure.
Have you seen the rate at which cyber-crimes including Yahoo Yahoo, and Yahoo+ have gained prominence in Nigeria?
The Cyber-crime rate coming out of Nigeria is unprecedented, and so are the digital attacks happening elsewhere. Yes, it happens everywhere, but the question is what are we doing as a Nation to prevent the ongoing and imminent cyber-attacks? Do we have offense-in-depth system, or a defense-in-depth approach to safeguard the national assets, and citizens’ information?
With the rampant of digital attacks, the immediate action of a responsive government should include, among others, a complete review of all agencies’ website, domains, applications (including ERP), servers, critical infrastructure, E-mail system, interfaces, all integration points, disaster recovery plans, all back-ups, portals, and any electronic data interchange to ensure none is prone to attack, or better still, to identify vulnerabilities which could possibly be exploited by threat agents.
Perhaps, such long list of tasks might be too much, but let’s start with addressing the culture of using personal emails, text messaging, and WhatsApp for exchanging critical, sensitive, and important government economic activities, and national security issues.
The proliferation of digital inventions, and the flurry of cyber-attacks should drive the business case for a renewed approach to how the Nigerian government conducts its business online.
Let me quickly remind us that if you are a Nigerian government official and still uses public email domain such as, Yahoo.com, Gmail.com, Hotmail.com, Outlook.com, Msn.com, to conduct the national business, you are a threat agent and have no business (whatsoever) handling any information related to the Federal Republic of Nigeria. Period!
Those email accounts have been hacked many times, and possibilities are most of the sensitive and critical information in your inbox have been read, copied, rendered public knowledge, and, or in worst case, sold to other governments.
Less we forget, Hillary Clinton lost the last election to Trump partly because she hosted government businesses on personal email server. Why would any public official found public email domain the most secure option for conducting the national business?
The risks associated with transacting government business on personal or public email domain is far proportional than the perceived ease of communication you may ever think of.
If you are ever in doubt, I ask you to check if your email has been hacked at https://haveibeenpwned.com/.
Think about it! If an hacker knows certain information that could embarrass Nigerian Government exists in John’s personal email, they would probably have no difficulty writing few codes, or initiating a dictionary attack using permutations and combinations of characters to break the password and get all they needed from John’s account.
However, this may not be the case if John’s email is hosted on a private domain secured by the Federal government or the National Security office.
The dangers of using public email account to conduct national business includes, among other things, a risk to life, stealing of critical information, spreading of false information branded in fake news, loss of funds that could pose a serious liability issue, as well as, a threat to national security.
To this end, I propose the following bold strategy to protect our image, democracy, achievements, and economy.
- Migrate all agencies’ email to a single/central domain called, Nigeria.ng. For our friend, John the email would read, John@Nigeria.ng without specifying John’s agency or department. Canada has done this, and it can be replicated in Nigeria.
- Secondly, develop, or improve the National security policies to include reward for compliance and penalty for non-compliance.
- Thirdly, embark on total overhaul of our risk management strategy with focus on cybersecurity, information and IT security in manners consistent and proportional to the value of our assets.
- Fourth, implement a continuous national security awareness training, and ensure security cultural awareness is considered an integral part of the employees’ performance evaluation.
- Finally, you can reach out to me for further actions or advise on preventing the imminent threat on our national cybersecurity infrastructure.
About the author
Yomi Olalere, CISM, CISA, CRISC, SAP, is the Co-Founder, Abaster Consulting Inc .
He can be reached via: yolalere@abasterconsulting.com
(This article was first published by TechEconomy.ng, take note)