‘Cyberharam’: Can Nigeria prepare for the next generation of terrorists?

As of today, it is unbelievable that only one tertiary institution in Nigeria currently administers cyber security as a course of study. A large proportion of Nigerian PhD holders in Computer Science related courses are not Cyber Security experts. The expertise is lacking and hence a defence strategy cannot work with the status-quo.

It is only a vision of cyber-war and cyber-peace that will make the United States embark on a Cambridge Vs. Cambridge cyber challenge; a new competition geared at improving cyber security initiatives between MIT in Cambridge, Massachusetts and Cambridge University in England. Also a cyber-security fellowship was initiated to aid knowledge transfer between the United States (US) and the United Kingdom (UK). The US Government is pitching $14Billion in cyber security spending for fiscal year 2016 across all its agencies. This budget keeps increasing year after year. Investment strides like this can only be done because of a high probability of an impending global catastrophe that can come as a result of cyber-terrorism. Nigeria has to take charge and make significant investments in cyber security capability so as to adequately defend the nation against cyber-attacks.

In this war, the possibility for success is still a moving target as both heroes and villains are learning and seeking out new ways to defend and attack respectively. Today’s defence or better said; this second’s defence is the next second’s weakness. How can we play in such a field where the weapons and the yardstick of success change on a per second basis? How do we fight a war that will not be limited to a section of the country but has the potential to undermine even the high and mighty in every nook and cranny?

My experience with performing ethical hacking and cyber security related assignments across 16 countries has put me in a better position to appreciate the words of the former FBI director, Robert Mueller, who said, “There are only two types of companies: Those that have been hacked, and those that will be.” I desire that all organisations in Nigeria wake up to this new reality. I was speaking at a cyber-security conference in Washington DC recently and did not hesitate to tell the bankers that they appear to focus more on credit risk, market risk, and liquidity risk without appropriately considering cyber risk. Whilst the traditional risk management portfolio is great, cyber-risk has the immense power to wipe out an organisation’s shareholder value faster than the combination of these other risks. The role of governments cannot be overemphasized in tackling cyber threats, it should no longer be a backburner idea which should be handled only by the Ministry of Science and Technology or the office of the National Security Adviser. It is a frontline issue that could result in cascading economic catastrophes.

In tackling the challenges posed by cyber threats, one top consideration is to identify our critical infrastructure and assess the risks to these systems so as to identify threats and vulnerabilities. Examples of our critical infrastructure include those supporting our financial and telecommunication systems, systems hosting classified national security information amongst others. On conclusion of the assessment, a long term roadmap that will guide investments in securing our infrastructure should be prepared.

As a nation, we need to invest massively in cyber-capacity development with emphasis on law enforcement agencies, policy framework developers, the judiciary and both the state and federal legislative arms of government.
ll routes to cyber capacity must be taken.

Aladenusi is a Partner at Deloitte Nigeria and the President of ISACA Lagos Nigeria, the largest association of IT audit, IT risk, IT governance and Cyber Security professionals in Nigeria.