Last year seemed like the year of ‘rising cyberattacks’ because of the record number of ransomware attacks, phishing scams, state-sponsored attacks, new attack vectors, botnets and many more that occurred.
One wonders what lies ahead this year. Are we likely to see an increase or decrease in attacks? This is one question that has been on my mind considering the fact that Nigeria seems not to understand that it is susceptible to these types of attacks with far-reaching and devastating consequences.
That said, I was quite relieved when I received an advisory from the management of National Information Technology Development Agency titled ‘Guidance on Combating Cyber Security Threats’ which drew the attention of all Ministries, Departments, and Agencies, other government establishments, and the general public to the potential cyberattacks likely to be experienced this year.
The advisory reads in part: “The agency is working with all critical stakeholders to come up with effective ways of adequately protecting the Nigerian cyberspace. We therefore call on all Nigerians to support the agency by doing their best at protecting themselves as well as the information and systems under their care.”
This is a great move for the nation and it is a sign that we are putting cyber security on the front burner. NITDA, under the leadership of the Director-General, Isa Ibrahim, is not just awakening the cyber security consciousness of these organisations but also providing necessary precautionary measures to deal with them.
The agency’s Computer Emergency Readiness and Response Team in conjunction with other industry stakeholders are also ensuring safe and secure cyberspace.
According to the statement: “they have intercepted some signals of potential cyber-attacks targeting banking, health, and other systems, power and transportation systems, as well as other critical national infrastructure.”
I will share below some of the precautionary measures contained in that report so that Nigerians are aware:
- Efforts should be intensified at ensuring that any data is encrypted, particularly sensitive or personal data;
- Ensure that networks are fully secure through the use of wired network thereby protecting them from possible hackers’ attempt at using Wi-Fi security lapses to remotely break into computer systems;
- Ensure that operating systems and other software applications are regularly updated with the latest patches;
- Ensure that anti-malware protection is installed on all IT systems as this will help in protecting your organisation’s network from potential attacks through virus-laden software and email attachments. Also, all security software should be adjusted to scan compressed or archived files;
- Ensure that appropriate guidelines are in place for connecting personal devices into the organisation’s network;
- Ensure that there is an organisation-wide enlightenment campaign, awareness and measures put in place to deal with cyber security threats as well as the procedures they must always follow when using their workstations.
I particularly like the sixth one because I have observed that user education and awareness is necessary to protect our critical national infrastructure from cyber attacks and the reason is simple, ‘humans remain the weakest link.’
These attacks will be almost impossible for humans to stop because they are more refined and sophisticated compared to other forms of attacks. It is the rise of machines against machines. Already, hackers are beginning to take advantage of Artificial Intelligence to launch sophisticated attacks.
Now, imagine what will happen in the future. I raise this point so that Nigerians will understand that there is need to invest heavily in cyber security and it certainly goes beyond what NITDA alone can handle.
AI is a super exciting technology trend that has helped streamline industry operations, automate repetitive tasks and even helped cybersecurity experts to predict potential attacks.
As a result of big data explosion, cyber security has leveraged AI to build automated systems to analyse network traffic, interceptions, as well as protecting data. That same technology, which cybersecurity experts use to detect malware, can also be poisoned or attacked.
You can imagine a scenario where an AI algorithm that depends heavily on input (data) being manipulated or poisoned. If this happens, that means the output would be incorrect and that could be damaging.
Nigeria will not be exempted from this sort of sophisticated cyberattacks because we have banks, hospitals, schools, public and private sectors that are warehousing essential data.
In as much as we continue to embrace AI, it also behoves us to start initiating a unique cybersecurity model capable of combating AI-powered attacks. I tell you, it’s going to be tough, but we have to prepare for it.
All stakeholders have a great task ahead, and all hands should be on deck because we can stand the risks of losing data that are very sensitive to Nigeria. Have you thought about 2019 poll? What if an AI-powered attack is launched during that period? How would we response to such a national attack?
This is why I recommend that more funding should be channelled to cybersecurity. NITDA deserves to be supported as this is a task that they cannot carry out alone.
I commend the DG of the agency for the proactive step of releasing the statement but I wonder what the National CERT team is doing? Just as I was concluding this piece, I checked up to see the last advisory released by the team and it was on the 27th of October, 2017. This is totally unacceptable in an era of AI-powered attacks. The ngCERT needs to wake up from a rather deep slumber; there is danger ahead.