Cybersecurity experts decry low attribution, deterrent of attacks

Cybersecurity experts have attributed high level of cyber -attacks in Nigeria and other Africa countries to low attribution and deterrent, warning that unless regulatory authorities step up policies aimed at increasing attribution cyber- attack will remain endemic for long.

William Makatiani, managing director, Serianu, told Nigeria CommunicationsWeek that cyber attacks in Nigeria and Africa will continue to be on the increase as long as cyber and electronic frauds are not attributed.

“Security is complicated because there is local aspect around securing systems; most of our fraudsters live here. There is no way somebody will come from the US and secure it, that is the hard work. We need somebody to understand how these people are doing it. Only locals can do it.

“When it comes to preparation we are not ready because we don’t have enough skills. More so, we are not ready to fight cyber crime, because we are not collaborating. If you are Bank A and I’m Bank B, if you get compromised you keep quiet if it insurance you go get compensated you will not tell Bank B and Bank B will get hit, it really empowering the hackers now they know they can get away with all these attacks.

“When it comes to attribution we are poor just 2 per cent , there is no single attack that has be successful attributed. If it comes to attribution of attacks happening in different countries in Africa it is not easy to attribute it to somebody, attribution is a challenge.

“Deterrent requires law enforce and it is where we are really struggling. Law enforcement agents are not working together you find judiciary, national intelligence or Army working in variance that is the biggest cyber security problem,” he said.

Ike Nnamani, president, Demadiur Systems, another contributor to the report, added components of security poverty line to include, policies on Bring Your Own Device (BYOD) of staff, monitoring of devices staff brought to the network as well as policy on insider staff that are disgruntled checking to tackle if such staff wants to perpetrate fraud.

He said that the implication of this scenario allows the cyber criminals to get away with the crime if it is not reported to law enforcement agencies.

“When it is not reported it will be difficult to put the right policies in-place to prevent future occurrences. When it is unsolved, it shows that the right regulatory and legal policies are not yet in-place to ensure that law enforcement agents can prosecute offenders and get them punished,” he added.

On $649M annual cost of cyber- attacks in Nigeria, Nnamani identified areas that constitutes the figure to include, insider threat $194M representing 30%, attacks on computer system (unauthorized access and malware) $130M representing 20%, social engineering/ identity theft $97M accounting for 15% among others.