No respite against cyber attacks as personnel gaps remain in Nigeria
There appears to be no respite in sight against cyber attacks in Nigeria, as the country continues to grapple with a shortage of personnel with the skills to tackle the menace.
According to the latest Africa Cyber Security report, 2018 trends spiraled into 2019 and would rise in the following years because attackers will continue to engineer unique malware.
The report noted that Nigeria does not only have a shortage of highly technically skilled people, but also lack an even design to secure systems, and the sophisticated tools needed to anticipate, detect, respond, and contain cyber threats.
To the report, the outsourcing of cyber security experts will continue since the skill gap remains large.
The report, which was unveiled by Demadiur Systems Limited, at the Nigeria Cyber security Summit in Lagos, informed that there are only 3500 certified professionals to service increasing Small and Medium Enterprises (SMEs), large organisations, and government parastatals facing cyber threats.
It noted that this skill gap is conspicuous with 60 per cent shortage in cyber auditing and risk management, closely followed by security operations and engineering at 41.6 per cent.
The study found that financial services companies, government institutions, telecommunication firms, and financial technology companies operating in Nigeria, among others, lost about $800 million to cybercrime in 2018.
With direct cost of $350 million and $450million indirect cost, most affected firms, according to the report are banking and microfinance, fintech and integrators, retail and e-commerce, telecom and the public sector, while mobile channel recorded the highest fraud volume in2018.
The report indicated that the country lost$649 million to cyber-attacks in 2017, representing a 23 per cent increase in cost.
The report stated that indirect costs incurred by affected companies on penetration testing, audit, forensic investigations, risk assessment, compliance review, and post-implementation, awareness and training of personnel amounted to $450 million in 2018.
The study found that direct costs, which amounted to $350 million, was lost through ransom ware attacks, fines paid to regulators, law suits, claims, cyber-insurance as well as forensic investigations.
The Chief Executive Officer (CEO), Demadiur, Ikechukwu Nnamani, while presenting the report said one key finding was the shortage of qualified cyber security experts to handle the cyber threats facing the country.
According to him, Nigeria ranks lowest in terms of certified cyber security experts per citizen, and there are many unreported cases of cyber-attacks in the country.
“In 2016, there was one cyber security expert for every 124,587 Nigerians, while this marginally improved to one expert for every 106,048 Nigerians in 2017; in 2018, it abysmally stood at one expert for every 103,093 citizens,” he said.
From a human resources view, Nnamani said the country is ill-equipped to deal with the threat from cybercriminals. “We are pushing the government to implement the digital economy for the country. The moment we do that, we will see a lot of public sector services now migrating to digital platforms. And that is where you run the risk of cybercrime. Hence, we need to develop local skill sets and solutions or risk attacks,” he stressed.
CEO, Data and Scientific Incorporation, Dr. Tope Akinbiyi, said the same tools that people use to manage the system are what they use to attack it. “Artificial Intelligence (AI) and machine learning is beginning to augment cyber attack. So, we need to encourage institutions to focus on that area to train and encourage young people, especially women.
“There is an enormous advancement through digitization, but have given rise to massive security gaps. The cyber security profession is really where women should be. This is because it takes little physical effort and work can be done remotely. There’s an opportunity for the female gender to bridge the gap. We will need a bit of mental change for more people to come into this field. It is not as technical as people think.
“The traditional educational system to start training people is not available. We have trained people in the past and they migrated to countries where they feel they will be better paid. This shouldn’t deter companies from training their staff but be done on an agreement basis,” he added.