Information Technology (IT) experts have called on software developers to combat cybercrime with relevant Cyber Security suited to our local environment and needs.
This outcry was as a result of the implementation of none impactful cyber security solutions to organisations which have resulted in the increased loss of money and data by organisations.
According to the president, Demadiur Systems, publishers of Nigeria Cyber Security report, Engr. Ike Nnamani noted that part of its company’s 2018 report which identified none impactful implementation of cybersecurity training and the solution for the rising cases of cyber-attacks as contained in the report that is yet to be unveiled to the public.
“From what we saw in our last year’s report, the volume of cybercrime is still in the increase in spite of awareness. More so, we witnessed cybersecurity solutions vendors selling solutions that are not impactful to fortifying organisations’ cyber defences, which results in the problems remaining,” he said.
The managing director, Serianu, William Makatiani described the situation as the acquisition of overly mature or advanced tools with limited internal skills to operate these technologies/solutions.
“Majority of organisations in Africa are at a low Cybersecurity maturity stage meaning that there are a number of gaps (people, process and technology) that exist within these organisations that might hinder them from fully consuming more mature products.
For instance, adoption of Artificial Intelligence tools without a proper baseline of existing data sources and structures will hinder an organisation from getting proper intelligence from a tool.
“Adoption of next-generation SIEMs and Threat hunting tools without proper network architecture and baselining in place will result in more false positives than true positive alerts.
Adoption of the latest ERP system without having a well-trained staff to manage it can result in more fraudulent activities. And adoption of Agency banking without proper Know Your Customer controls and transaction limits can result in more losses to a bank,” he said.
Addressing this challenge, Makatiani urges organisations to abandon the Copy-paste mentality and proactively analyze their unique challenges and design or acquire solutions that fix their unique needs.
“It starts with understanding our security gaps and how much visibility we have as an organisation.
This will involve; practical and Focused Risk Profiling and breach scenario analysis: Understanding what risks the organisation is exposed to form a people, process and technology perspective.
“More so, maturity assessment that involves looking closely at the controls implemented, architecture and data sources within the organisation and determining the gaps that exist.
“Visibility and exposure quantification is where an organisation clearly quantifies the extent to which it has secured its assets. And training and enhancing internal capabilities – focus on training internal resources to be able to address cyber security issues.
“It’s only after this analysis that an organisation can make informed choices on the type of security investments they need,” he added.