The convergence of the real and virtual world has seen both robbing-off on one another in several respects. Man might have embarked on the technology journey with the objective of enriching life but as with most other inventions/innovations, unwanted elements have taken the game at virtual world so strongly that cybercrime ranks next only to terrorism on the global list of security concerns/risks.
This week, Mr Dayo Abegunde, Director, Virtual Technology and New Markets at Halogen Security Limited, shares insights on how cyber security has in a short while assumed the place of increased concern and how his company is proffering solutions to deter cybercriminals and safeguard virtual assets.
Evolution and how Nigeria is adapting
As at the end of 2016 cybersecurity had evolved as a top global risk, ranking second only to terrorism.
Curiously, though the scale of activities involving sensitive transactions over the Internet has increased dramatically over the last 20 years, not much has been done on strategy to match this pace in the security industry. There has rather been a slow uptake of the security architectures that could address vulnerabilities, while improvements in technology and communications tend to have made it easier for cybercriminals to carry out their nefarious activities.
It should be noted that there is no single solution to the issues of cybersecurity. Consumers in cyberspace, ranging from government, public institutions, industries or society, continue to embrace technology and become more mobile. This has increased security challenges, particularly with the good intentioned majority less tolerant of failure. While this has led to increased awareness of threats, it has been observed that more often than not, the adoption of security measures comes only after losses or embarrassments through data breaches and system failures.
Leaders need to ensure that security architectures are developed to serve vested interests, be it government (national or global), public, business or private. This can be done by a careful choice of employees saddled with the responsibility of cybersecurity. Government and businesses should make conscious choice to ensure that the people hired for this role are certified professionals and tradespeople. This is a basic step to ensuring that technology products and services bought or subscribed to are fit for purpose and have inbuilt or added security support. In addition, government can set standards and lead by example.
Requirements of security technology will continue to be more complex and unwieldy and not particularly well aligned with consumer needs. For example, having to remember multiple IDs and complex passwords is a major inconvenience and a cause of many security issues. It must be borne in mind that posting personal information to public sites remains a major contributing factor to identity theft. This is because firewalls protect information left inside the corporate electronic perimeter, but do little to protect the vast amount of business-sensitive information once they are put outside the perimeter. This yields to the simple notion in security parlance of supreme ability to safeguard gated or partitioned territories and little ability to safeguard valuables outside the gates.
It must be noted that intrusion detection systems, detect yesterday’s problems, but not tomorrow’s problems. Security models, architectures and technologies must of necessity reflect and address these concerns.
Halogen’s initiatives to address cybersecurity
Halogen Security Limited is in partnership with Symantec, a global solution provider of cybersecurity solutions and the biggest operator of a security operations centre that monitors and manages global cyber threats and trends. This partnership gives the Nigerian market access to information, insights and solutions to combat cybersecurity threats, though they be on a global scale.
Halogen has also laid the foundation for security data repository with the aggregation of two security data sources. There is also in place a cloud based training and awareness solutions to help educate users on the cyber threats.
As part of proactive strategy to improve and sustain cybersecurity in Nigeria, the company is exploring partnering with yet another company that has developed self-learning cyber defence technology. This partnership would deliver to the Nigeria market, the capability of detecting cyber threats and anomalous behaviour that bypass security tools without prior knowledge of specific threats, use of rules or signatures.
The solution would be a creation of unique behavioural models for every user and device across various areas of human endeavour, with the capability of analysing the relationships between them spontaneously and ongoing basis for purpose of preventing cyberattacks.
The solution has the unique ability of being easily installed into the heart of the network and there it can discharge its function of passively monitoring raw network data, including cloud interactions on real time basis without interrupting business operations. It also provides instant visibility into all digital activity notifying of in-progress attacks or emerging threats.
Summary value to end-users
Halogen has topnotch skills and competence to architect cybersecurity solutions. With a sound understanding of the Nigerian business and the operational environment, the company is able to develop specific security solutions and models that are both effective and sustainable.
Over the years, the company has developed generic security models based on physical security controls to protect information and systems housed in either single or defined locations, as well as an electronic perimeter to protect systems, complete in themselves. But owing to speedy evolution, the advent of virtual companies that exist predominantly on the Internet, with staff members working in a variety of locations, and with information on mobile devices and in the cloud (and where is that?), traditional models can protect only a fraction of the business information. This is why virtual security has become and will remain a necessity. All hands must be on deck to reverse the trend where most of the security expenditure remain focused on some form of compliance and not protection of critical business information.
Why all hands must come on deck
It is evident that in the last five years, there have been a number of fundamental shifts in technology and its use that require equally fundamental shifts in attitudes towards security. Today technology has become critical because a large part of government administration and business services are running in the cyberspace.
The virtual world is becoming more “real” by the day. And it has become commonplace for business transactions – everything from simple shopping to complex multibillion-dollar deals to take place over the Internet. But, while the Internet has developed rapidly as a channel for business, security on the Internet has lagged. And this is despite the Internet having a well-earned reputation as a hostile environment.
Perhaps, the growth of organised cybercrime is evidence that little is being done to mitigate the risk. It gives the image of a jungle in the physical world. The world has to move swiftly on improvement of cybersecurity, because today’s cybersecurity standards were developed in a world in which computers were majorly subjected to fraud and other criminal activities by individuals inside and, only in minority of the cases, outside the organisation.
However, this has changed in the last five years with the rapid increase in organised cybercrime through the emergence of robot networks (botnets), which enable criminal activities to be conducted on an unprecedented scale globally and at a level that has seen nations almost at the risk of being cut off from the Internet.
This has thrown a yawning gap between cyber, electronic and physical security in organisational structures today. While in many organisations cybersecurity is domiciled in the information technology department, at others it is at the operations department, whereas responsibility for physical and electronic security rest with the security department.
Decision makers in government and business circles must acknowledge the need to integrate these systems and assign a single point of ownership for the entire security ecosystem. This can be achieved with a strategy that leverages technology to combine cyber, electronic and physical security competences for industry/sector specific uses.
Cybersecurity trends ….
· Malware and Ransomware attacks
· Social engineering and phishing attacks
· Denial of service attacks
Join BusinessDay whatsapp Channel, to stay up to date
Open In Whatsapp
