‘Nigerian enterprises need superior protection against cyber-attacks’
The Chief Information Security Officer of MainOne, Chidinma Iwe, and Director of Sales, Africa, Radware, Tomer Erez, spoke with ADEYEMI ADEPETUN on global cybersecurity threats, increasing cybercrime attacks in Nigeria and the need for mitigation against these attacks.
Can you explain how DDoS menace is gaining momentum in Nigeria?
We identified the growing threat of DDoS attacks to Enterprises and knew we had to come up with a solution that protects our customers. We also received requests from some of our customers which further motivated us to speed up the solution implementation of this service.
Managed DDoS Protection is a solution MainOne is offering through a formidable partnership with Radware, a global leader of application delivery and cyber security solutions. MainOne chose the partnership with Radware after a thorough evaluation of several cyber security solutions providers across the world and found Radware the most suitable to provide the required protection for our Enterprise customers.
MainOne/Radware DDoS Protection is a cutting edge solution that can enable our customers to quickly ensure there is protection from distribution denial of services attacks. There has been a growing trend of cyber-attacks all over the world, and Nigeria is not an exception. There have been attacks this year in financial institutions and this is what informed our decision to provide a formidable DDoS solution to businesses and institutions and put DDoS attacks firmly behind us. MainOne’s DDOS solution is an easy-to-adopt solution since there is no FOREX hassle as the service is paid for in Naira.
What are the likely implications of not tackling these challenges in the country?
Not tackling this headlong means leaving organizations exposed to different forms of multi-vector cyber-attacks by hackers. Hackers are gaining more skills and competence and constantly launching attacks, seeking for ransom; this ransom culture is not just a Nigerian challenge, but a global one, which means we should expect to see more attacks from sophisticated hackers in Nigeria. Not addressing this challenge for organizations means potential loss of revenue, reputation and these are key challenges that reputable companies need to guard against.
How will you describe the cyber security landscape in Nigeria in the last few years?
The threat landscape is changing everywhere in the world and it is also changing here in Nigeria. DDoS attacks were not as prevalent in 2010 as they are now. One of the first reported DDoS attacks we noticed here in Nigeria was in Q4, 2014 and since then, there has been a sharp rise in distributed denial of service attacks. So the landscape is changing; we are beginning to see volumetric attacks; not just single vector attacks, but multiple attack vectors being launched on enterprise networks.
The threat landscape is always changing and MainOne has the backbone of Radware as a solid security organization to ensure that as these threats evolve, we are in right standing with the relevant solutions. As the signatures of these attacks are changing, our devices are also updating the signatures within the appliances to ensure our customers are secure at all times.
We are seeing more Nigerian hackers coming up and target has been the financial sector. How can this be tackled effectively?
You can look at it from different angles. You can look at it from the angle of tracking down the young smart guys who are hackers. Some other nations around the world are looking at hiring those smart guys. So, in terms of technology, skill and competence, these things are acquired as people engage and apply themselves. There are ethical hackers and there are criminal hackers.
Hackers are on both sides of the cyber security industry; the protection industry and there is also the attack industry, where people are developing viruses to launch these attacks at organizations. So it is not necessarily an evil competence, as long as we pay close attention to them and ensure they do not go bad. Organisations like MainOne are partnering with social innovation centers like CCHub to ensure that some of these ICT skills are not wasting away. Through ventures like these, young people are creating developmental applications that find their way into the industry for commercial purpose.
Some statistics reveal that cyber attacks have cost Nigerian banks about N165 billion in 10 years. What is your take on this?
Statistics in Nigeria is very difficult to get your arms around. Even our population which is said to be 180 million, people still argue whether we are really up to 180 million. That is the climate we currently have, which doesn’t really provide an environment for accurate statistics. When you truly look at the number of attacks and you compare to when such attacks happen overseas, you then ask what is the impact of such attacks? If you know, then you can begin to deduce that it does make sense and there is reasonability around the numbers.
I think certain institutions are positioned to provide statistics that are mostly accurate. The Nigerian Interbank Settlement Systems Plc (NIBSS) for example provides a lot of these statistics, by virtue of their positioning. A Bank CIO may not have accurate statistics because he only has his silo view of one bank. The best statistics you will have around fraud, online transactions come from NIBSS and they publish frequent report on this statistics. So I think certain organisations are primarily positioned to provide more accurate statistics.
What role do you see certifications (ISO, among others) play in mitigating cybercrime?
When you look at ISO certifications or even the PCIDSS certifications, they have stringent requirements in terms of what you need to have within your network to get certified. For instance, ISO has about one hundred and fourteen clauses and controls that you need to have within your organisation before you can be certified.
The PCIDSS as well over two hundred controls you must implement before you get certification. So if an organisation is PCIDSS or ISO certified, it shows that the security posture is good. So having the certification is good for any organisation because you may not be able to do business with certain high-end partners if you do not have them.
They are basic requirements for you to engage your partners and we are getting to an era where before any company will engage another company, it will be required you have such certifications because they want to ensure that as long as you are doing business with them, there is no compromise on security along the value chain. So it is a necessary certification to have to prove your security posture.
Apart from this solution, which you are championing, are there others?
Radware is a company envisioned to provide fast response to customers. So on top of the security offerings that we have, we have other line of products like our load balancer allowing you to improve your customer response time using what we called Vasio optimisation, allowing an insight to the IT department on the response times. So we are playing in the space of availability and fast response time with those two hats, one is the security and the other is the availability of the data centres.