The Chief Executive Officer (CEO) of any organisation is responsible for his company’s security on the Internet, Dr Erdal Ozkaya, Microsoft cybersecurity expert, has told a tech security forum in Lagos.
Following the rising spate of attacks by cyber criminal across the globe, the Microsoft exec says CEOs should accord priority to cyber security or risk losing the fortune of the company in one fell swoop, as has been the case in several incidents.
This was one of the key highlight of Ozkaya’s presentation, “Building the Most Secure Enterprise” at the Cybersecurity Summit 2016, a forum jointly organized by the Information Security Society of Africa, Nigeria (ISSAN) and Microsoft held in Lagos.
A good example of this, the EFCC Cybercrime head says, is the case of a Nigerian simply identified as “Mike” who co-ordinated several high-profile attacks from different parts of the world and raked in several millions of dollars.
“Most of you are CEOs, but you don’t want to speak with me or any security adviser because you are busy. You delegate this to your team. But can you imagine tomorrow the news says your company is hacked, who is going to be on the newspaper? Please don’t get me wrong, I am not trying to scare you, I am trying to save you from a great loss.” Ozkaya told participants at the event that attracted top CEOs , Chief Information Officers (CIOs), ethical hackers, among other cyber security experts.
Using Nigeria as a case study, the Microsoft exec took the audience through various local and international media reports showing the several billion the country loses annually to cyber criminals.
“Global tracking of cyber-attacks indicate that Nigeria is among countries with high cases of cyber attacks. The situation is a serious challenge to our resolve to take advantage of the enormous opportunities that Internet brings, while balancing and managing its associated risks”, Ozkaya tells attendees at the ISSAN Summit.
“Yes I know you are busy. I know you have to take care of shareholders, employees, process and many other things. But you have to get a security adviser, speak to someone. For me as a security adviser, it is not about selling products because products by themselves are not good if you don’t think about actions. You have to know how these hackers work. I know you are too busy but you have an important mission. Your mission is to grow the company. Your mission is to protect the company,” Ozkaya says.
According to him, cyber attacks has evolved into mischief, fraud, theft, damage and disruption, which are mostly sponsored by nations, terror groups or hacktivists.
Ozkaya says that Microsoft is not just a software and hardware company, but also a security business that has devised means of mitigating cyber attacks that include the introduction of Windows 10 operating system and its cloud computing platform and service, Azure.
“Now, there is Windows 10 and it has a full mitigation with which you don’t have to use passwords anymore. With Windows Hello, you can use your fingerprint or use your iris scanner to unlock your computer. Windows 10 will also prevent you from mistakenly sharing your confidential documents,” he says.
Also speaking at the event Abdul Chukkul, Head Cybercrime at Economic and Financial Crime Commission (EFCC), the nation’s anti-graft agency, says that the evolving trend of mobility, social media, cloud computing has changed the way hackers and cybercrimals now operate.
Giving cyber crime trend based on intelligence reports from the EFCC, the agency’s cybercrime head says that business email compromise, phishing, mobile Internet banking are prevalent means that hackers now deploy to defraud their targets.
According to Chukkul, some of these attacks do not even originate from Nigeria, which gives rise to the need to collaborate with other with law enforcement agencies locally and internationally.
A good example of this, the EFCC Cybercrime head says, is the case of a Nigerian simply identified as “Mike” who co-ordinated several high-profile attacks from different parts of the world and raked in several millions of dollars. His activities were reported to the EFCC by INTERPOL IGCI in Singapore, and after collaborative efforts by security agencies from other affected countries, the Nigerian anti-graft agency was able to apprehend “Mike” in Port Harcourt in June this year. He was subsequently charged to court, according to Chukkul.
He also listed instruments for international cooperation on cybercrime and they include Information Security Certificate Standard, MLAT which means Mutual Legal Assistance Treaty, Memorandum of Understanding, Treaties – bilateral, regional or international, professional bodies and forums.
Mr. David Isiavwe, President of ISSAN, who spoke with Technology Times on the sideline of the event says the summit was organised to commemorate the Cybersecurity Awareness Month in Nigeria.
“We saw here that there was a good representation as different sectors of the economy were here, the banking sector, the financial services, the regulators and law enforcements. Everybody was here with the consultants to look at how to enhance the level of awareness so that organizations can be safe, the banking system can be secured, so that people can do their transactions in a safe and secure way”, Isiavwe says.
The ISSAN President adds that his group’s effort in creating the much-needed awareness on cybersecurity will continue, while also revealing that they will soon convene a national cybersecurity awareness summit.
“Like we said during the event, the discussion doesn’t end here right now. It continues both in the offices, at different meetings and online as well, social media platforms, the discussion continues. We need to keep prioritising the people, process, the technology and the organizations to ensure that the platforms are safe”, according to the ISSAN President.
“There will be different forms of awareness activities. In the next few months we should take it to a level higher than this so as to organise a national cyber security awareness summit for Nigeria. That is what we plan to do and it is going to happen. Again, we will work with the regulators, we will work with the key stakeholders in this economy to ensure that it happens”, Isiavwe tells Technology Times.