CYBERSECURITY AWARENESS:
AN ESSENTIAL FOR TODAY'S SOCIETY

  Talabi, Adedoyin (MBA, CDPSE, CISA, PMP, MSC, FIIM, FITD, FNCS)
Senior Consultant, T and Y IMS Limited

Introduction

The exponential growth in the popularity and use of the Internet due to advantages in speed of delivery, ease of sharing, faster communication, minimal cost, location transparency, and convenience has increased the propensity of individuals and organizations to keep information assets online.

Many individuals store their documents, contacts, and related information online. Groups, organizations, and governments also use online applications to capture, store and process stakeholder transactions, interactions, and information in databases. Also, the global use of electronic commerce combined with online financial payment systems, mobile apps, and electronic learning platforms has made many people live their social and economic life on the internet.

The ease of use, convenience, and convergence of these online platforms has attracted many to a daily use of the internet as the preferred information highway. The adoption of online platforms, contact-less systems, remote working has also been accelerated by the COVID-19 pandemic with drastic changes to culture, interaction, and work processes. Society just found itself in the fourth industrial revolution powered by computer networks, robots, artificial intelligence, BlockChain technologies, the Internet of Things (IOT), etc. All of these have engendered a digital lifestyle in a knowledge economy driven by internet-based networks and technologies. 

According to the internet world stats (Miniwatts Marketing Group,2021)[1], a website that shows statistics of global internet usage, as at end of Q1 of 2021, out of an estimated world population of 7.8 billion people, about 5.2 billion are internet users, translating to about 66% penetration rate. Even in Nigeria, it is estimated that about 150 million people are internet users and about 32 million Facebook users, with an estimated population of 200 million people. These figures suggest a high and growing dependence on Information Technology systems and Infrastructure. Therefore, these different systems and infrastructure have become critical assets and any disruption in these services can have serious effects on economic and social lives. This brings up the issue of cyberattacks, cybercrime, cybersecurity, data privacy and protection in a connected society and how to stay safe online.

Definition of Cybersecurity and Cyberattack

According to the IT Governance Institute, UK (2021)^[2], Cybersecurity refers to the use of different applications, technologies, procedures, and controls to protect information assets like software, hardware, and devices, network and telecommunications infrastructure from cyber-attacks.

A cyber-attack occurs when an unauthorized user, machine or application tries to gain entry into another machine or system to disrupt normal operations, control, disable, copy or delete information without permission. A cyber-attack can be launched by individual criminals, groups, and syndicates or even government-sponsored hackers. The reason adduced for attacks includes financial gain or plain activism towards a course or believe. Cybercriminals perpetrate their malicious intentions by accessing weaknesses or vulnerabilities in computer systems.

Common cyber-attacks include ransomware, where the victims’ system is encrypted and ransom requested before the system can be decrypted and released for use. Also common are phishing attacks, where victims are tricked to download malicious code that can copy sensitive information like passwords and ATM pass codes. Identity theft, also called credential-based attacks. in which access codes and passwords are stolen and used to gain entry into organizations system to perform unauthorized actions including fraud and disrupting normal operations are also common (TechTarget, 2021)[3]. Using non-technical means like getting close to someone to know their passcode, also called social engineering, is also another prevalent type of cyber-attack.

Causes of Cyberattacks

According to research by IBM[4], 95 percent of all security incidents involve human error. This can happen through skill-based errors or decision-based errors like carelessly double-clicking on an infected attachment or unsafe URL, lack of software patching, using default usernames and passwords or easy-to-guess passwords or even through lost laptops and mobile devices. The UK National Centre for Cyber Security’s (2019) report[5]  showed that as much as 45% of users reuse their email password on other online accounts and that 123456 remains the most popular password in the world. It also seems that while many are aware of the consequences of weak or leaked passwords, they do not intentionally obey all cybersecurity rules and regulations in place.

There is therefore, a need for a reminder that with the popular use of online platforms and access to various connected networks, everyone is a potential target of cyber criminals. When hackers gain access to login information, they can impersonate the owner, use his/her computer or mobile device and gain access to related networks. When identity is stolen and a fraud committed, it can affect the accounts of family, friends, colleagues and even organizations. Technological controls only address a fraction of cybersecurity risks and conscious change in behaviour and attitudes have become very important. Also, it is important to remember that while large organizations can commit huge resources to cybersecurity, ordinary people, small and medium enterprises cannot, and so, they are soft targets for cyber-criminals.

Consequences of Cyber attacks

The consequences of successful cyber-attacks include embarrassment, loss of clients and reputation, loss of revenue, operational disruptions, theft of personal and sensitive data, leakage of personal health information, theft of intellectual property, compromised data and IT infrastructure.

With the scenario presented above, passwords and access controls into individual or organizational systems have become critical in protecting and managing digital assets.

Recommendations

Recommended cyber-hygiene practices for individuals would include user awareness and consciousness about cybersecurity, never opening suspicious or unknown attachments, use of strong passwords, password change management and password managers, always checking privacy and security settings on devices for appropriateness, installing and updating antivirus software regularly. Click with care when on the internet. Never use public or free Wi-Fi to browse websites that might expose confidential data and be careful when replying to mass emails.

Organizations should undergo regular Cybersecurity assessments to identify risks and develop risk mitigation strategies to minimize impact. Organizations should develop IT Security and Risk Management Framework. Control Objectives for Information and Related Technologies (COBIT) framework developed by ISACA can be used. COBIT helps organisations develop, implement, monitor, and manage IT governance practices. This would include standards, policies and procedures for password management (use of SMS-based One Time Password (OTP), multi-factor and biometric authentication), network security and applications management, Data management and user account management. Other policies would include Remote Working and Bring Your Own Device Policies, ensuring Data Privacy and Protection Compliance (e.g. with NDPR), Developing a formal Business Continuity, Contingency Response Plan, Background Checks and Succession Planning.