A Decade of Cybersecurity In Nigeria

There have been a growth in the cyber-security landscape in Nigeria over the last decade. From Nigeria Cybersecurity institutions to the NDPR

The way we talked about Cybersecurity in this decade was like never before. One cannot write about a decade of Cybersecurity in Nigeria without revisiting some of the major events in the years before this decade, which set the ball rolling for this decade. Did we improve?

Let’s go through the ride together😊

In preparation for the Decade (Before 2009)

Talking about the years before 2009 in Nigeria, we can revisit some major events that made it more important for the country to buckle up her belt in the area of cyber-security in the decade that is about to come which is 2009-2019.

In the years before 2009, there was a time our telecommunication density as a nation was nothing to write home about. We did not have mobile phones in our hands, and the government made some decisions on how to improve this situation, a journey that was kick-started in 2001. A step that improved communication and businesses became interconnected within the country.

Just this same time, NITDA was birthed with the sole responsibility of developing a program that caters to the running of Information Communication Technology (ICT) related activities in the country. A bill was passed into law (NITDA Act 2007) to officially enact this power and responsibility six years after its birth. This was a move to creating an enabling environment for the implementation of ICT across the board (private and public sectors) and digitization of many manual processes of doing things in government.

Galaxy Backbone commenced operation in 2006 as the information technology and shared services provider of the Federal Government of Nigeria. Galaxy Backbone plays a key role in the development and deployment of technology initiatives and services in government, working with the master plan for e-Government in Nigeria which is to be achieved by the year 2020.

Around this period, NIMC was established to create, operate and manage Nigeria’s national identity card database, integrate the existing identity database in government institutions, register individuals and legal residents, assign a unique National Identification Number(NIN) and introduce general multi-purpose cards. This was a sign that the country has started collecting data in digital forms.

Cybercafe business became a lucrative business as many Computer Center now provides Internet access to young teeming Nigerians in remote towns and cities. This opportunity to access the world from a small screen gave the youth that will dominate the coming decade the opportunity to learn.

But at the time no one is certain of what they were learning. Some of them started blogging, some started exploring ICT skills such as networking, programming, and web development. The leverage on social media platforms connected many to a greater sense of exposure.

Census took place and the country could ascertain it’s population – A teeming population of 140 million, which was a big sign for opportunities to be exploited for businesses.

Banks will play a major role in the decade that was about to come in 2009 especially in the area of cybersecurity and information security in general. But many events happened in the years before, which really helped to prepare them for the challenges ahead. The first of these challenges was the banking reform conducted by the CBN in 2004. The weak banks could not continue while some got saved after going through a merger. This process gave us strong banks that were ready to compete with their international counterparts.

Putting to test the saying that, you won’t know who is strong yet until there is a crisis. It was in 2008, the global financial crisis rocked the world and our presumed strong banks were meant to scale through this crisis. Up to five banks got acquired in a day by the CBN, their leadership were changed and handed to AMCON. This crisis gave us stronger banks that  scaled business with technology and ICT, just a year to the beginning of the new decade.

Just before we rolled into the new decade, Nigeria has already been known for the Advanced Fee Fraud (419) on the global stage as some teeming youth earlier discover the exploit and took great advantage of it giving the country a bad reputation.

In this Decade (2009-2019)

It was a brand-new day in January 2009, the new decade had begun. Our past decisions will start taking hit on us as a nation. There was this rush by individuals and businesses to take advantage of opportunities the new decade will present.

Many of the events in the years before this decade taught individuals how they can use ICT  to their advantage and exposed many businesses to the idea of leveraging ICT as well

As of early 2009, we can count the number of Tertiary institutions on our fingers that have implemented a portal system through which their students can access all possible information without having to travel the distance down to schools. The game is on and the competition becomes so keen.

Digital banking began to spring up as we have our payment system digitize. You can now pay your school fees online; through bank vouchers, you get from bank and load on your school portal. (ATM card is not available).

Everyone wants to go this way without considering the consequences, all they are after is the functionalities and the profit it will bring. The era of making it work first, we can think of security later.

We had a tertiary institution in the country as early as 2009 –  Department of Cybersecurity, Federal University of Technology Minna. The first training ground in the country and the whole of West Africa in cybersecurity at the time. And some other schools followed suit after some years like the Federal University of Technology Akure, Centre for Cyberspace Studies, Nasarawa State University, Keffi and others. They all kick-started the decade of building cybersecurity professionals by providing education and training.

JAMB unified their exams, and students now have to go through UTME. Online registration commences and they are proposing an exam that will be conducted over CBT in the future.

Government agencies and ministries now have an online presence through their website and Twitter. And the private sector is taking the lead, small business and big businesses are replicating this idea very fast.

We have an increased number of mobile phones in the hands of Nigerians. Mobile phones with improving functionalities, people can now access the web through their mobile phones and use other applications.The usage of social media is now the trend  (Facebook & Twitter). People getting connected to old friends from schools and improving opportunities in getting to know new people across borders.

How can social media influence an election? Nigeria experienced it firsthand in the 2011 General Election . There was this full coverage of the electoral processes across the country and a rise in citizens’ interest in who becomes their leader. This is an era of a woke nation.

In 2012, the push for e-commerce became imminent in Nigeria.. Almost at the same time, we have Jumia and Konga take up the herculean task of given Nigerians the platform. A gateway to buy and sell across the country without the seller having to meet the buyer. Credit cards are now available to make this transaction possible.

Banks are doing more to get their cards into people’s hands to reduce the number of people in  their banking hall and also make people use the Automated Teller Machines(ATM). People are enabling internet banking with those banks that made them available first. USSD was another means of ensuring 24/7 banking time. People can now use codes(transfer code) to move money in the blink of the eye to family, friends and business partners.

Now the speed is like never before. Everything is changing fast, people are adapting to a new way of doing business, and getting happy with their gain.

Millions of data started flying in and out of our cyberspace daily. This is the true sign of the information era in Nigeria. New people are joining the trend daily, the number is increasing. New Millionaires are made daily as new tech leaders arise. The teeming youth of the years before 2009 are enjoying their investments in the old times. The digital influence and follower-ship are becoming real, and ICT is challenging every area of life in the country.

Those crimes that could be committed in the physical space are now finding their way into cyberspace and people are learning how to explore the vulnerabilities that come with this new way of life. The government has to do something, and they can’t do it alone. They have to bring in the private sectors and other stakeholders.

Cybercrime such as Website Defacing, Cyber Bullying on social media, Fake News and misinformation are becoming more rampant – Build-up on the 2015 general Elections. Banks are also been attacked and they are losing a huge amount of money every year, national critical infrastructure is been tampered with. Script kiddies are also eager to try out the new stuff they have learned on the Internet.

FUTMINNA Website Defaced
FUTMINNA Website Defaced . Source: Nairaland
Osibanjo Bank Account Hacked
Osibanjo Bank Account Hacked Source: National Mirror
INEC Website Hacked and Defaced
INEC Website Hacked and Defaced. Source: Leadership

The Office of the National Security Adviser (ONSA) was assigned the responsibility of coming up with a framework that will bring together all stakeholders to fight this menace. The National Cybersecurity Strategy(NCS) and its implementation plan were drafted.

Part of the goals of NCS was the Cybercrime Act, a bill that was introduced and got passed into law in May 2015. As regulation is needed to address the menace of cybercrimes and give to the country saner cyberspace and also to serve as deterrence from people that are planning to commit cybercrimes.

The Nigeria CERT was also established in line with the objectives of NCS, to manage the risks of cyber threats in Nigeria’s cyberspace and effectively coordinate incident response and mitigation strategies to proactively prevent cyber-attacks against Nigeria.

The journey to awareness began. Cyber Security Experts of Association Nigeria (CSEAN) was established as an advocacy group on all matters and challenges faced by Information Security in Nigeria, to be an enabler focused on improving the standards and practices of Information Security in the country.

Nigeria Cybersecurity Conference (NaijaSecCon), Nigeria’s first of its kind 100% annual technical Cybersecurity Conference started in 2017 that uniquely merges information about the latest and relevant threats from a Nigerian context with live technical demonstrations and hands-on workshops.

From this point, conferences (yearly) spring up across the country bringing professionals across sectors and stakeholders to discuss the way forward and share ideas.

Organizations have begun to take the baby steps into making things right by putting basic measures and controls, starting from investing in employee’s education and training on cybersecurity.

Ransomware outbreak is one of the major events that pushed most organizations to their toes in Nigeria in this decade. Those affected have learned their lessons and they are better prepared ever than before.

What about the many private firms that took the bold step of offering managed security services to the organizations that may require  to help them focus on their core business and paying less than acquiring the SECOPS process itself. And considering the area of GRC (Governance, Risk and Compliance), the big four (PWC, KPMG, Deloitte and Ernest & Young) have helped in getting many organizations to complying with many of the industry regulations (CBN directives to banks on security and compliance) considering the cybersecurity risk out there.

With this improvement, we have a greater number of Governmental and non-Governmental organizations willing to contribute to the story, the cybersecurity ecosystem is being formed in the country and CyberTalkNaija took the bold step in bringing us a platform to provide access to this ecosystem in one click.

To boost awareness, early 2019 ushered in Cybersecfill, which prides itself on being the first independent cybersecurity blog in Nigeria with great coverage on cybersecurity, ranging from awareness/safety tips, technical topics such as network security and critical infrastructure, web security and infosec governance.

One cannot shy away from the spate at which Nigerian’s data is being breached by service providers, a situation that made NITDA issue the NDPR (Nigeria Data Protection Regulation 2019), the most robust data protection framework in Nigeria.

For those that love to listen to podcasts, The Secure Hub is the place to visit in 2019, a Cyber Security Podcast dedicated to bringing you Cyber Crime News in Nigeria and globally; tips on Cyber Security Awareness, Digital & Online Privacy, Social Engineering, and generally how to stay safe online.

The rise in the number of digital fraud cases also brings to limelight in 2019 NoGoFallMaga-  A national movement of young people, working to combat preventable digital fraud with consumer-centred sensitization and education. Digital fraud in this context includes email deception, phone-based scams, online fraud – particularly where cyber criminals impersonate trusted organizations.

The Nigeria Team also participated in the Regional Cyber Challenge coordinated by CS2. The Challenge was organized in conjunction with the AISA Perth Conference 2019 themed: Change the Rules, Up the Game. The event which saw the gathering of cybersecurity professionals from many countries with the objective of this challenge to assess the ability of a security team to detect, respond and recover from cyber-attacks called for teams with multidisciplinary competences.

Considering all these feats achieved by Nigeria within this decade. The ITU’s GCI reports for the year 2017 and 2018, Nigeria has ranked 4th and 5th respectively from the Africa Region, and 46th and 57th respectively on a Global scale. I hope we can do better as a nation and as we move into the new decade. We need to be more practical about our actions towards addressing our cybersecurity posture as a Nation.

Welcome to a New Decade (2020-2029).

Web Application Firewall
Web application firewall

Web Application Firewall

Web application Firewall( WAF) is used to filter, block and monitor traffic

Managing Logs in your Organization
Log management and Log monitoring

Managing Logs in your Organization

Log management is very important in log monitoring

You May Also Like