Legal framework hobbles cybersecurity efforts

Cyber security stakeholders have expressed concerns over lack of clear legal framework in the country in the fight against cyber- attacks, Nigeria CommunicationsWeek has been told.

They identified obsolete cybercrime law been implemented in the country, absence of cyber security trained judiciary and law enforcement personnel as well as data protection law that need to be reviewed and strengthen for an effective fight against cyber-attacks.

According to Remi Afon, president, Cyber security Experts association of Nigeria (CSEAN), “Cybercrime is dynamic and changes from time to time. When the cybercrime law was passed a few years ago, there was no mention of cyptocurrency. A lot of cyber criminals were not in the dark web. So there is a need for cybercrime laws to keep changing to keep pace with the activities in cyberspace.

“Nigeria is vulnerable. A lot of our information is online these days. Even the government has started connecting their system online. The only way we can tackle this problem is to have a strong legislation, which will make organizations to be compelled to make sure their assets are secured, and whenever there is a breach, there also is a notification. Many cyber crime activities are taking place in Nigeria on a daily basis, but because they are not reported, nobody notices them.”

He further expressed worry over absence of Data Protection law in the country which requires urgent attention.

“It is quite unfortunate that the government is so slow about the data protection law. They are not doing anything about it at the moment. There is a need to have a data protection law as a matter of urgency. Otherwise, it is not going to be a crime for anybody to compromise other people’s data.

“We have cybercrime laws, but there is a need to make sure organizations are held accountable if data in their possession are compromised. It is the responsibility of government to have the law in place. Our own responsibility is to sensitize the citizens,” he added.

Oluseyi Akindeinde, chief technical officer, Digital Encode, a company that assists Banks and other organizations to achieve cyber security standards, said that one can assess cybercrime law based on the conviction recorded since it became law.

“How many people have been prosecuted or jailed due to cyber hacks in Nigeria. I guess this will give us the extent to which we can begin to assess the implementation of the law,” he said.

He stated that organizations in Nigeria have braced up for cybersecurity challenges in the face of recent spate of ransomware attacks that have heightened the level of protection instituted by most organizations especially in the financial services sector

He noted that most government transactions don’t really happen online which is responsible for the level of apathy from government towards cyber security. “Having said that, I’m aware the office of the NSA is also aware of this imminent wave of attacks.”

Akindeinde expressed the need for a national cyber security framework against industry specifics frameworks.

Ahmed Adesanya, IT Security and Connectivity consultant, blame poor implementation of the cybercrime law on absence of a regulator or institution for the purpose of implementing it.

“I have a concern of not assigning its implementation to a regulator. This has been a road block to its implementation.”