Curbing cyber crime exposure via affective enterprise risk assessment
With the proliferation of Internet across the country, cyber crime has become the new underworld threat of this generation, and it is growing daily at an alarming rate. Though, the Internet creates unlimited opportunity for commercial, social, and educational activities but not without its own peculiar risk.
Today, technological advancement that should be seen as a positive development is being used as tool through various platforms like Facebook, Twitter, G.Mail, yahoo, Twitter among other social media to defraud the unsuspecting public. Most motives behind the crimes include making quick money, sexual harassment, playing pranks, and causing mayhem. This problem is faced by both the private and public sectors.
Instructively, this menace has raised the need for organisations, even government parastatals, to deploy a security solution that helps to identify factors contributing to, and determining its overall cyber risk; assess its cybersecurity preparedness; evaluate whether the preparedness is aligned with its risks, and a host of others.
Rising wave of concerns
This menace is getting attention, not only in Nigeria, but globally. For instance, the Nigerian Communications Commission (NCC) has noted that cybersecurity has become an essential component of human activity.
This was the position of the Executive Vice Chairman of the Commission, Prof. Umar Danbatta, at a cyber security forum in Lagos, where he noted that cyber attacks’ high level of complexity requires action at different levels and by different actors, including governments, private sector, civil society, intergovernmental organisations, and others.
According to him, the current scale and growth of ICT applications transcend all spheres of social and economic boundaries worldwide. “Whether it is broadcasting (digital TV) or social networking, e-Commerce (mobile banking and financial services), e-Governance (government services management, e-education, e-health, e-taxation, e-commerce), governments, institutions, and the society in general are increasingly embracing these technologies, and at the same time becoming exposed to vulnerabilities of cyber-attacks,” he said.
Potential risks, exposures and losses
In Nigeria, over ₦127billion is lost yearly by mostly business organisations and ministries, departments and agencies (MDAs) of government, translating to 0.08 per cent loss in the country’s yearly Gross Domestic Product (GDP), according to the country’s Minister of Communications, Adebayo Shittu.
Also, 62 per cent of firms are being attacked weekly, according to a 2017 International Data Corporation (IDC) InfoBrief sponsored by Splunk. In the report, it was noted that with malware becoming more advanced with encrypted ransomware, the security breach impacts on organisations may include loss of reputation, loss of customers, potential financial liabilities, regulatory notification requirements, and sometimes litigation instigated by victim customers.
President, Cyber Secure Conference organised by the Cyber Security Experts Association of Nigeria (CSEAN), Remi Afon, quoted another statistics, which puts the cost of cyber-crime globally at $700billion per year.He said the loss is projected to rise to about $2trillion by 2019, due to the rapid digitisation of consumer lives and company records. Breaches like these have steadily been on the rise as according to reports, the number of incidents has increased by more 38 per cent yearly since 2015.
Thus, Afon argued that there was a need for Nigeria to implement the National Cyber Security Strategy and Policy, and ensure effective implementation of the Cybercrime Act 2015 as well as making organisations embrace newest solution.One of such security solutions ready to tackle cyberattacks on organisations in Nigeria is Tardigrade, a Nollysoft’s Enterprise Risk Assessment (ERA) solution.
Enterprise Risk Assessment (ERA) solution offers assistance
In the industry today, Tardigrade, an Enterprise Risk Assessment (ERA) solution, introduced into Nigeria by Nollysoft, towers among other risk assessment solutions, and presents robust impact assessments and strategic security solutions to organisations by helping them put in place processes that ensure they understand their gaps and state of preparedness to respond to cyber breaches.
Senior Management and Board of organisations are often faced with the following key concerns such as how protected is their organisation from internal and external threats; whether the organisation a direct target for attacks, among others.The Tardigrade assessment solution helps organisations to understand their cybersecurity and internal control risks so that they can implement appropriate mitigation controls to achieve a desired state of preparedness.
“Tardigrade Cybersecurity Assessment helps organisations identify their risks and determine their cybersecurity preparedness. The assessment solution provides businesses with repeatable and measurable processes to inform senior management of their organisations’ cybersecurity preparedness over time,” said Chief Executive Officer of Nollysoft Limited, Sola Koleowo.
The ERA solution, Koleowo said, is based on best practice frameworks set by Federal Financial Institution Examination Council (FFIEC), Information Technology Examination Handbook (ITEH), National Institute of Standards and Technology (NIST), Cybersecurity Framework (CF) and International Standard Organisation (ISO 27001) and regulatory guidance.
According to him, the Tardigrade Internal Control solution enables organisations to understand deficiencies in their system of internal control to allow creation of an effective mitigating control to help achieve business objectives. It is based on industry standard and best practices framework – Committee of Sponsoring Organisations of the Treadway Commission (COSO).
On the security requirement traceability matrix, Koleowo said: “Tardigrade Security Requirement Traceability Matrix solution allows organisations to effectively select security controls from standards and regulations for implementation either as a part of a Secure Software Development Lifecycle (SSDLC) or regulatory mandate.” He explained that the solution currently supports two industry standards: NIST 800-53 R4 and ISO 27001-2013, and two regulations: Sarbanes-Oxley (SOX), and Monetary Association of Singapore (MAS).
The total cost of ownership (TCO) of Tardigrade solution is low, as no capital expenditure (CAPEX) is needed to acquire the solution. It is a Cloud-based solution and being offered as a service.According to him, leveraging innovative enterprise risk assessment solution such as Tardigrade by organisations from private to public sectors of the economy will not only guarantee effective protection for user organisations, but also help curb losses to the national economy.
No comments yet