Cyber security experts in the country have urged organisations to focus on increased awareness as well as creating a world class capacity development and training for their key personnel in charge of protecting their critical information.
This is against the backdrop of several reports pointing at increase in cyber- attacks this year.According to William Makatiani, managing director, Serianu, "cybersecurity is a relatively new field in Africa. And for the longest time, top multinational banks were the target for cyber-attacks and the biggest concerns for SMEs was physical security of their crown jewels. This means, SMEs did not see the business value of investing in cybersecurity controls since the risks for them were low. However, with the recent digitization, SMEs have opened up most of their channels and operations to the internet.
"This swift shift in operation models without investment in controls, lack of awareness and the mere fact that SMEs make up almost 80% of institutions in Africa has contributed to the high percentage of organisations operating below the poverty line."He described security poverty line as the point below which an organisation cannot effectively protect itself against losses to cyber attackers.
"These organizations spend a maximum of USD 1,500 annually on cybersecurity technologies and services. Among characteristics of organisations operating below the cyber security poverty line include; lack of the minimum requirement for fending off an opportunistic adversary.
"Conduct substantial training and awareness activities both for corporates and general citizens. This will empower users with skills to identify cybercrime and take necessary steps to stop or contain the threat." He added.Peter Obadare, chief operating officer, Digital Encode, said that major challenge organizations face in the fight against cybercriminal and cyber warfare is lack of trained manpower.
"I have been in cybersecurity ecosystem for many years now and have identified lack of trained manpower in most organizations. Cybersecurity is not a certificate that speaks for you, but a continuous training to be ahead of the smart criminals, most organisations find it difficult to continually update their IT security staff to be able to face cyber threats," he said.
Ahmed Adesanya, IT Security and Connectivity consultant, added that National Information Technology Development Agency (NITDA) should come out with a framework that organizations must follow in order to secure their sensitive data which will also provide a coordinated approach to fighting cybercrime, especially, now that organizations have taken their businesses to the cloud.