Chidinma Iwe, the Chief Information Security Officer of MainOne and Tomer Erez, Director of Sales, Africa, Radware, spoke with the media on global cybersecurity threats, increasing cybercrime attacks in Nigeria and the need for mitigation against this attacks during the company’s launch of its Managed Security DDoS Protection solution. Excerpts.
What is the managed DDOS protection launch and partnership about?
This launch is a demonstration of MainOne’s capacity and growth over the years and our ability to respond to our customer’s needs. We identified the growing threat of DDoS attacks to Enterprises and knew we had to come up with a solution that protects our customers. We also received requests from some of our customers which further motivated us to speed up the solution implementation of this service. Managed DDoS Protection is a solution MainOne is offering through a formidable partnership with Radware, a global leader of application delivery and cyber security solutions. MainOne chose the partnership with Radware after a thorough evaluation of several cyber security solutions providers across the world and found Radware the most suitable to provide the required protection for our Enterprise customers. MainOne/Radware DDoS Protection is a cutting edge solution that can enable our customers to quickly ensure there is protection from distribution denial of services attacks. There has been a growing trend of cyber-attacks all over the world, and Nigeria is not an exception. There have been attacks this year in financial institutions and this is what informed our decision to provide a formidable DDoS solution to businesses and institutions and put DDoS attacks firmly behind us. MainOne’s DDOS solution is an easy-to-adopt solution since there is no foreign exchange hassle as the service is paid for in Naira.
What are the likely implications of not tackling this challenge, especially for Nigeria?
Not tackling this headlong means leaving organisations exposed to different forms of multi-vector cyber-attacks by hackers. Hackers are gaining more skills and competence and constantly launching attacks, seeking for ransom; this ransom culture is not just a Nigerian challenge, but a global one, which means we should expect to see more attacks from sophisticated hackers in Nigeria. Not addressing this challenge for organisations means potential loss of revenue, reputation and these are key challenges that reputable companies need to guard against.
How would you describe the cyber security landscape in Nigeria in the last five years, considering that there is a N127 billion estimated loss to cyber attacks?
The threat landscape is changing everywhere in the world and it is also changing here in Nigeria. DDoS attacks were not as prevalent in 2010 as they are now. One of the first reported DDoS attacks we noticed here in Nigeria was in Q4, 2014 and since then, there has been a sharp rise in distributed denial of service attacks. So the landscape is changing; we are beginning to see volumetric attacks; not just single vector attacks, but multiple attack vectors being launched on enterprise networks.
The threat landscape is always changing and MainOne has the backbone of Radware as a solid security organisation to ensure that as these threats evolve, we are in right standing with the relevant solutions. As the signatures of these attacks are changing, our devices are also updating the signatures within the appliances to ensure our customers are secure at all times.
How do you think the increasing targeted attacks on financial institutions by Nigerian hackers can be tracked?
While we look at it from the angle of tracking down the young smart guys who are hackers in Nigeria, some other nations around the world are looking at hiring those smart guys. So, in terms of technology, skill and competence, these things are acquired as people engage and apply themselves. There are ethical hackers and there are criminal hackers.
Hackers are on both sides of the cyber security industry; the protection industry and there is also the attack industry, where people are developing viruses to launch these attacks at organisations. So it is not necessarily an evil competence, as long as we pay close attention to them and ensure they do not go bad. Organisations like MainOne are partnering with social innovation centers like CCHub to ensure that some of these ICT skills are not wasting away. Through ventures like these, young people are creating developmental applications that find their way into the industry for commercial purpose.
Some statistics reveal that cyber attacks have cost Nigerian banks about N165 billion in the last 10 years, although some bank executives say this is an exaggerated figure, what’s your take on this?
Statistics in Nigeria is very difficult to get your arms around. Even our population which is said to be 180 million, people still argue whether we are really up to 180 million. That is the clime we currently have, which doesn’t really provide an environment for accurate statistics. When you truly look at the number of attacks and you compare to when such attacks happen overseas, you then ask what is the impact of such attacks? If you know, then you can begin to deduce that it does make sense and there is reasonability around the numbers. I think certain institutions are positioned to provide statistics that are mostly accurate. The Nigerian Interbank Settlement Systems Plc (NIBSS) for example provides a lot of these statistics, by virtue of their positioning. A Bank CIO may not have accurate statistics because he only has his silo view of one bank. The best statistics you will have around fraud, online transactions come from NIBSS and they publish frequent report on this statistics. So I think certain organisations are primarily positioned to provide more accurate statistics.
What role do you see certifications such ISO play in mitigating cybercrime?
When you look at ISO certifications or even the PCIDSS certifications, they have stringent requirements in terms of what you need to have within your network to get certified. For instance, ISO has about one hundred and fourteen clauses and controls that you need to have within your organisation before you can be certified. The PCIDSS as well over two hundred controls you must implement before you get certification. So if an organisation is PCIDSS or ISO certified, it shows that the security posture is good. So having the certification is good for any organisation because you may not be able to do business with certain high-end partners if you do not have them. They are basic requirements for you to engage your partners and we are getting to an era where before any company will engage another company, it will be required you have such certifications because they want to ensure that as long as you are doing business with them, there is no compromise on security along the value chain. So it is a necessary certification to have to prove your security posture.
Apart from this solution which we have talked about, what other solution is Radware bringing to Nigeria?
Radware is a company envisioned to provide fast response to customers. So on top of the security offerings that we have, we have other line of products like our load balancer allowing you to improve your customer response time using what we called Vasio optimisation, allowing an insight to the IT department on the response times. So we are playing in the space of availability and fast response time with those two hats, one is the security and the other is the availability of the data centres.
Does MainOne partner with any other solutions provider asides Radware?
MainOne has several partnerships and this is along the lines of the various services we provide. In today’s session, we talked about our connectivity services, we talked about services around metro fibre and metro internet services that we provide in certain cities in Nigeria like Lagos, Abuja and Port Harcourt. We also talked about the expansion of most of our networks, we talked about MDXi which is MainOne’s data centre at Lekki that has the capacity for six hundred racks for collocation services and cloud services and today we are talking about managed security services. So along these product lines, MainOne has several OEM partners that enable us provide those solutions. This is why we have partnerships with global companies like Cisco, Microsoft, SAP and now Radware, among others. Just to add from Radware’s point of view, we are happy with this partnership, being the first local Data security centre in Nigeria, the first in Africa and obviously over time we will add more services to this partnership.