BusinessDay

Education, regulations needed to fight cyber crime in Nigeria – Allen

Ben Allen is the CEO at Allen Forensics Inc, a US-based Cyber Risk Advisory Firm. He leads security consulting, training in cyber security, online privacy and financial crimes investigation. In this interview with IFEOMA OKEKE-KORIEOCHA, he speaks on how increase in cybersecurity investment, training and education of employees and laws and regulations would help to combat cybercrime in Nigeria. Excerpts:

Nigeria loses about $500m yearly to cybercrime, according to the Nigerian Communications Commission. This accounts for 0.08 percent of the country’s Gross Domestic Product. If steps are not taken to address this, what impact would this have in the economy and workplace?

As a security expert and thought leader with over a decade of experience in security design and resolution, I can tell you that the issue of cybercrime in Nigeria is a serious one and steps must be taken to address it.

Losing $500 million annually to cybercrime, equivalent to 0.08 percent of the country’s GDP, is a massive blow to any economy. But if steps are not taken to address this, it could devastate the economy and the workplace.

Imagine a world where businesses and individuals are losing money left and right due to cybercrime, economic growth and development are stunted, and international trade is declining.

This is not just a figment of imagination. It’s a real possibility if the issue of cybercrime is not addressed.

Furthermore, imagine a world where there is a loss of trust in the country’s digital infrastructure and a need for more confidence in the ability of businesses and organizations to protect sensitive information.

This would result in a loss of investment and a decrease in international trade. A reduction in investment and international trade would mean that companies may close down, increasing unemployment. In the workplace, cybercrime can negatively impact productivity and morale.

Employees may be hesitant to engage in online activities and this can lead to the loss of sensitive information, which could harm the company’s reputation.

All of this paints a dire picture, but there is still time to take action. By increasing investment in cybersecurity, providing training and education to employees on identifying and preventing cybercrime, and creating laws and regulations to combat cybercrime, we can work towards a more secure digital future for Nigeria.

It’s time to take action. Let’s protect our economy and workplace from the negative impact of cybercrime. Together, we can make a difference.

Last year, Russian-speaking hackers reportedly hacked the websites of major airports in the US, leaving them temporarily inaccessible. Websites at 14 airports were hit by the cyber-attack, with many of them now restored.

Nigerian airports may be included if this can happen to advance US airports. How do you think Nigerian airports can guide against this as the Federal Airports Authority of Nigeria (FAAN), has started deploying the acquired new technology across the international airports across the country?

As a security expert with experience in the field, I believe that Nigerian airports can take several steps to protect themselves from cyber-attacks such as the one that recently affected major airports in the US.

First, it’s important for Nigerian airports to have a robust cybersecurity plan in place. This plan should include regular security assessments and penetration testing to identify vulnerabilities and weaknesses in the airport’s systems. It should also include incident response and disaster recovery procedures to minimize the impact of a successful attack.

Second, the Federal Airports Authority of Nigeria (FAAN) should ensure that all airport systems and networks are regularly updated and patched to protect against known vulnerabilities. This includes software, firmware, and operating systems.

Third, the FAAN should ensure that all employees, contractors, and other third-party vendors have the necessary cybersecurity training and education to identify and prevent cyber-attacks. This can include training on best practices for secure password management, email security, and social engineering tactics.

Fourth, FAAN should consider implementing advanced security technologies such as firewalls, intrusion detection and prevention systems, and multi-factor authentication to protect airport systems.

As the CEO of a US based Cyber Risk Advisory Firm, would you say Nigeria is making steps in the right direction to address cyber security when compared to what developed countries are doing already?

I would say that Nigeria is making progress in addressing cybersecurity, but there is still room for improvement when compared to developed countries.

It is important to note that developing countries like Nigeria face different cybersecurity challenges than developed countries, and adopting strategies and technologies that suit their needs is essential.

From what I know, the Nigerian government and private sector organizations have started to invest in cybersecurity. I see a growing awareness of the importance of protecting critical infrastructure and sensitive data.

For example, the Federal Airports Authority of Nigeria (FAAN) has recently acquired new technology and started deploying it across international airports, which is a positive step forward.

However, the implementation of cybersecurity measures in Nigeria is still in the early stages, and there needs to be proper cyber laws and regulations that can help mitigate the risk of cyber attacks.

Also, there needs to be more skilled cybersecurity professionals and more funding for cybersecurity initiatives. These are all areas that need to be addressed if Nigeria wants to catch up with developed countries regarding cybersecurity.

It’s important to note that as the cyber threat landscape is continuously evolving, countries like Nigeria must keep up with the latest technologies and best practices to be able to defend against cyber-attacks. While some positive steps are being taken in Nigeria, more must be done to fully address the cybersecurity issue.

On employment, do you think cyber security experts have good job opportunities in Nigeria or are they amongst many leaving the country (Japa) for better opportunities outside Nigeria?

I believe that job opportunities for cyber security experts in Nigeria are growing, but there are still challenges that need to be addressed.

There is a growing demand for cyber security professionals in Nigeria as more organisations recognise the importance of protecting sensitive information and critical infrastructure from cyber-attacks. This has led to an increase in job opportunities for cyber security experts in Nigeria.

However, there are still challenges that need to be addressed. The shortage of skilled cybersecurity professionals is one of Nigeria’s main challenges. This is due to a need for cybersecurity education and training programs in the country.

Additionally, the lack of proper cyber laws and regulations, and limited funding for cybersecurity initiatives, can also make it difficult for cyber security experts to find good job opportunities in Nigeria.

As a result, many cyber security experts may choose to leave the country in search of better opportunities outside Nigeria. Bad leadership in the country also contributes to the growing number of Japa leaving Nigeria to seek greener pastures in the UK, USA, and Canada.

Japa is also among those leaving because, in the US for example, there is a huge cyber security skills gap. Every cyber attack widens the skills gap and this is how: After a cyber breach, a company must report it to the proper authorities, but I am not aware of such a requirement in Nigeria. I understand such disclosures may bring reputational damage, but organizations can use admission of a breach to strengthen credibility by making known the corrective measures in place.

Hence the demand for more professionals in the field. We need to create such laws in Nigeria, too. Nigeria can be a superpower in the cyberworld. We have the talent. It’s incredible to see what teenagers do with the internet.

With the right investment in cybersecurity education and training programs, as well as the implementation of proper cyber laws and regulations, the job opportunities for cyber security experts in Nigeria can improve.

Job opportunities for cyber security experts in Nigeria are growing, but there are still challenges that need to be addressed in order to retain and attract more cybersecurity professionals to the country.

By addressing these challenges, Nigeria can create a more robust cybersecurity workforce that can help protect the country from cyber threats.

What would you describe as the greatest threat to cyber security in Nigeria?

Well, the greatest threat to cyber security in Nigeria is a combination of several factors: Advanced Persistent Threats (APTs). APTs are highly sophisticated and targeted attacks that can evade traditional security measures.

These types of attacks are often used by state-sponsored actors or organized crime groups to gain access to sensitive information and critical infrastructure.

Phishing and social engineering attacks are becoming increasingly common in Nigeria. These attacks involve tricking individuals into providing sensitive information or access to systems by posing as a trusted entity.

Insider threats are a growing concern in Nigeria. These threats can come from employees, contractors, or third-party vendors with access to sensitive information or systems. Insider threats can be motivated by financial gain, revenge, or other factors.

As there is a lack of cybersecurity education and training in Nigeria, many individuals and organizations are not aware of the risks they face, and they may not have the necessary knowledge and skills to protect themselves from cyber threats.

The lack of proper cyber laws and regulations in Nigeria can make it difficult for organizations to understand their cybersecurity obligations and for authorities to take action against cybercriminals.

The greatest threat to cyber security in Nigeria is a multifaceted issue, and it requires a comprehensive approach to address it.

Addressing these challenges can help to mitigate the risk of cyber-attacks and protect Nigeria’s critical infrastructure and sensitive information from cyber threats.

What is your experience as a Nigerian running a Cyber Risk Advisory Firm in the US?

I can say that my experience as a Nigerian running a Cyber Risk Advisory Firm in the US has been a unique one.

As a Nigerian in this field, you are perceived with prejudice due to the reputation Nigeria has when it comes to cyber and internet crime. It’s like the Biblical question: ‘Can anything cyber-good come out of Nigeria’?

So, they find it hard to trust you. You must earn trust by performance, certifications, and experience. You must build your reputation. For example, I am the first Nigerian born Licensed Private investigator in the state of Texas. That’s not a small feat. A lot of pruning went into that process. So, when my clients see that I hold that license, they give me their trust. Most of the cases I respond to are financial crime incidents – Business Email compromise. Financial forensics and Cyber forensics are inter-related in order to establish the root cause and identify the perpetrator. Being a licensed private investor empowers me to legally conduct cyber forensics investigations.

Additionally, I let them know I come with some native intelligence, and I am able to think like the perpetrator. This line is usually welcomed with laughter, but it works and makes them comfortable. I must say that in the US, lots of Nigerians are doing great things in the cyber security space.

Could you tell us some success stories?

I have had the opportunity to work on several successful projects throughout my career.

One of the most notable success stories I can share is when I worked with a large Financial bank to improve their cybersecurity posture. The bank had been experiencing a significant number of cyber-attacks, and they were looking for a solution to protect their sensitive information and critical systems.

We started by conducting a comprehensive security assessment of the bank’s systems and networks. This assessment revealed several vulnerabilities and weaknesses that needed to be addressed. We then implemented advanced security technologies such as firewalls, intrusion detection and prevention systems, and multi-factor authentication. We also provided training and education to the bank’s employees on how to identify and prevent cyber-attacks.

As a result of our efforts, the bank was able to significantly reduce the number of cyber-attacks they experienced. They also experienced an increase in customer confidence, which led to an increase in investment and international trade.

Another success story I can share is when I worked with a large law firm in Dallas to improve their cybersecurity posture. The agency had been experiencing several high-profile data breaches, and they were looking for a solution to protect their sensitive information and critical systems.

We started by conducting a comprehensive security assessment of the agency’s systems and networks. We then implemented advanced security technologies such as firewalls, intrusion detection and prevention systems, and multi-factor authentication. We also provided training and education to the agency’s employees on how to identify and prevent cyber-attacks.

As a result of our efforts, the agency was able to significantly reduce the number of data breaches they experienced. They also experienced an increase in customer confidence, which led to an increase in investment and international trade.

These are just a few examples of the successful projects that I have had the opportunity to work on as a security expert and thought leader. My experience has shown me that by conducting a comprehensive security assessment, implementing advanced security technologies, providing training and education, and building relationships and collaborations with key players in the cyber security industry, organizations can improve their cybersecurity posture and protect themselves from cyber threats.

As a licensed private investigator in the state of Texas and certified fraud examiner. How does your combined technical expertise with knowledge in emerging fields help you design custom security programs and solutions?

My combined technical expertise with knowledge in emerging fields helps me design custom security programs and solutions in several ways:

My experience as a private investigator gives me insight into criminal behavior and how criminals operate. This knowledge helps me to anticipate and identify potential threats and vulnerabilities in a client’s systems and networks.

As a certified fraud examiner, I have the knowledge and skills to investigate financial crimes, such as embezzlement, money laundering and other forms of financial fraud. This knowledge helps me to identify financial crimes that may be committed by insiders and to implement controls to prevent such activities.

My experience as a private investigator and a certified fraud examiner helps me to identify and mitigate insider threats. This can include identifying employees, contractors, or third-party vendors who may pose a risk to an organization’s security, and implementing controls to prevent unauthorized access to sensitive information and systems.

My technical expertise in cybersecurity and knowledge in emerging fields such as insider threat and personal/digital privacy concierge allows me to design custom security programs and solutions that are tailored to the specific needs of my clients. I can combine cutting-edge technology with my knowledge of criminal behaviour and financial crimes to create solutions that are both effective and efficient.

By combining my knowledge of private investigations and fraud examination with my technical expertise in cybersecurity and emerging fields, I am able to provide a holistic approach to security that addresses both external and internal threats.

Read also: ANALYSIS: Nigeria caught in wave of global cyberattacks

My combined technical expertise with knowledge in emerging fields, such as private investigations and fraud examination, allows me to design custom security programs and solutions that are tailored to the specific needs of my clients.

I am able to anticipate and identify potential threats and vulnerabilities, identify insider threats, provide a holistic approach that addresses both external and internal threats, and combine cutting-edge technology with my knowledge of criminal behavior and financial crimes to create solutions that are both effective and efficient.

This unique combination of skills and expertise allows me to provide a more comprehensive and effective approach to addressing cyber security issues and protecting my clients’ sensitive information and critical systems.

What motivated your interest in financial forensic and cyber security?

I can say that my interest in financial forensics and cyber security was motivated by a desire to protect organizations and individuals from financial crimes and cyber threats.

I have always had a passion for understanding the different ways criminals operate and the methods they use to commit financial crimes. This passion led me to pursue a career in financial forensics, where I could use my knowledge and skills to help organizations and individuals identify and prevent financial crimes.

As technology advanced and the use of the internet and digital systems became more prevalent, I recognized the growing threat of cyber-attacks. I saw an opportunity to apply my knowledge and skills in financial forensics to the field of cyber security. I began to focus my efforts on understanding the specific cyber threats that organizations and individuals face.

My interest in financial forensics and cyber security also stems from a desire to help organizations and individuals protect their sensitive information and critical systems.

I believe that by providing customized security solutions that address the specific needs of my clients, I can help them to protect themselves from financial crimes and cyber threats.