Concerns as cyber security vendors implement irrelevant solutions
Engr. Ike Nnamani, president, Demadiur Systems, publishers of Nigeria Cyber Security report hinted Nigeria CommunicationsWeek part of its company’s 2018 report which identified none impactful implementation of cyber security training and solution for the rising cases of cyber-attacks as contained in the report that is yet to be unveiled to the public.
“From what we saw in our last year’s report, volume of cyber crime is still in the increase in spite of awareness. More so, we witnessed cyber security solutions vendors selling solutions that are not impactful to fortifying organisations’ cyber defences, which results in the problems remaining,” he said.
William Makatiani, managing director, Serianu, described the situation as acquisition of overly mature or advanced tools with limited internal skills to operate these technologies/solutions.
“Majority of organisations in Africa are at a low Cyber security maturity stage meaning that there are a number of gaps (people, process and technology) that exist within these organisations that might hinder them from fully consuming more mature products. For instance, adoption of Artificial Intelligence tools without a proper baseline of existing data sources and structures will hinder an organisation from getting proper intelligence from a tool.
“Adoption of next-generation SIEMs and Threat hunting tools without proper network architecture and baselining in place will result in more false positives than true positive alerts. Adoption of latest ERP system without having a well-trained staff to manage it can result in more fraudulent activities. And adoption of Agency banking without proper Know Your Customer controls and transaction limits can result in more losses to a bank,” he said.
Addressing this challenge, Makatiani urges organisations to abandon the Copy-paste mentality and proactively analyze their unique challenges and design or acquire solutions that fix their unique needs.
“It starts with understanding our security gaps and how much visibility we have as an organisation.
This will involve; practical and Focused Risk Profiling and breach scenario analysis: Understanding what risks the organisation is exposed to from a people, process and technology perspective.
“More so, maturity assessment that involves looking closely at the controls implemented, architecture and data sources within the organisation and determining the gaps that exist.
“Visibility and exposure quantification is where an organisation clearly quantifies the extent to which it has secured its assets. And training and enhancing internal capabilities – focus on training internal resources to be able to address cyber security issues.
“It’s only after this analysis that an organisation can make informed choices on the type of security investments they need,” he added.
No comments yet