Partner at CyberDome, Mr. Eyal Titinger, speaks about the implications of the high rate of global security breaches and the need for organisations to constantly review their online security policies and comply with the Nigerian Cyber Act and regulations, to address such breaches. Excerpts:
What are the dangers of cybersecurity in Nigeria and why is it that most organisations, especially financial institutions are into non-disclosure of security breaches?
According to Section 21 of the Cyber law, it is very important for organisations to inform the public of any breach of security. We do know that breaches happen, which can be due to many factors which could be from inside or outside of the organisation, and the law is clear on this. These breaches should, as a matter of transparency, be known to the public. It is never good to have secrets, they are hard to keep. In terms of the broader picture of Nigeria as a nation, every person has a right to know that he has been breached, and there should be laws in place to support that. I also think that organisations that adopt this policy of disclosure - would build tremendous trust with their customers.
There is a paradigm shift in cybersecurity from capital expenditure to operating expenditure. As cybersecurity expert, what is your take on this?
The capital expenditure (capex) and operating expenditure(opex) transition reflect a global trend, as we see the intensive transition to the cloud. In our case, this is even more significant, even if we assume that the organisation has enough money to build such a cyber-system, regular maintenance, renewable licences, and building capacity. All these can kill the cyber operation, and don't forget, this is not even the core business of this organisation, CyberDome has a multi-million dollar investment in cyber technology, we have a very innovative centre located in Abuja, and our team has the expertise.
What is CyberDome all about and what do you offer?
CyberDome is a Cybersecurity and research firm located in Abuja with branches in Israel and the United States. We provide bespoke cyber services such as analysis, critical infrastructure and defence mechanisms. Every cyber solution we have is tailored to the organisation's specific threat landscape, as well as their industry and market to enable them to anticipate breaches before they occur. The platform that we set up for each client provides them with the ability to respond quickly, decisively and effectively. CyberDome maintains an up to date threat intelligence database from all over the world and real-time discovery of cyber-attacks. We are constantly adding new technology and Artificial Intelligence (AI) innovations to our portfolio to keep ahead of the curve. The CyberDome is a next-generation Managed Security Service Provider (MSSP). We are currently the only facility in the country today offering twofold; it is a round the clock security monitoring and advanced data breach prevention services with full-service solutions portfolio to meet all security risks. We deploy also, the complete installation of Cyber Security Operations Centers (SOC) at the client's site or to enable CyberDome to provide on-site services on behalf of the client. In the area of capacity building, CyberDome's Academy courses are certified. We provide capacity building and all trainings are customized based on the organisation's needs.
Cybersecurity is a peculiar and sensitive area of information technology. What will make organisations outsource part of their cyber operations to organisation like CyberDome?
We do not have the credentials of the customer; we only analyze the logs. This is one thing that differentiates us from the rest. Unlike others, we only analyse logs, we do not ask for login credentials. This has made a lot of people have confidence in us.
How can customers decide between a managed security services and an on-premise solution?
The customer should ask himself if he is ready to pay the high initial capital investment and operational costs of an individual on-site cyber solution. Is he ready to increase his workforce to handle the demand of on-premise cyber department? Does his team dedicate the appropriate amount of time to reviewing logs and customizing alerts without impacting daily operations? Does he have the right workforce to deal with him? If they answered no to any of these questions, then their organisations may want to consider managed security services. By working with CyberDome, customers will have 24/7 security support, with a tailored cyber solution aligned with their business goals and objectives, at an affordable price, with no need for upfront investment. And with the shortage of cyber professionals, staffing the operations are completely our responsibility.
Are you in line with Nigerian Cyber Act and Regulations?
Apart from being a top-notch Cybersecurity firm that is focused on providing innovative cyber security solutions in Nigeria, we are a combination of Israeli and Nigerian. We are a fully Nigerian firm located in Abuja that ensures that we adhere strictly to the laws and regulations of the country. We offer cybersecurity as a service in this country. According to Nigeria Information Technology Development Agency (NITDA) we are mandated to have all the data domiciled in Nigeria, we are in tune with this mandate. As a Nigerian firm, we ensure that we localise our solutions to suit the Nigerian firms. Our entire database is in Nigeria and this is in line with the Nigerian cyber act law and NITDA. We have invested so much in Nigeria that we want Nigerians to experience, the expertise, technology and service.
Most people push updates as a standard procedure, but from your solution you have a bouquet of cybersecurity solutions. Can you explain more?
Our security solution is based on the most innovative technologies available in the market today, with highly experienced and highly skilled people and if you come to us, we will provide you with the protection that you need in a short time. You connect to our platform and it will fulfil its mandate. As a customer all you need is tell us what you want, you don't even need to pay anything until you see how our solution works. I know that in Nigeria, there is a lot of cyber talk, but perhaps a little less doing in terms of its complexities. We cover the entire life cycle of security operations: prevention, detection, response and investigation.
As cybersecurity expert and stakeholder, what is your view about the Nigeria Cybersecurity Act. Is it in tandem with what is applicable in other climes?
Well, Nigeria is in good shape as it pertains to the regulations, but we are a little bit lacking in the implementation and in the ability to catch the criminals. This implementation requires technology and expertise, as per Nigerian data protection regulations and cyber act laws. But overall, Nigerian security laws are great. I must say we must start looking at full implementation and building capacity in this space. We are here to support the implementation of these regulations. Regulations are key, but we must execute implementation and expertise.
In the area of expertise, do you think that organisations are doing more in the area of cybersecurity. What advice do you have for them?
Well, my advice is simple, I will advise that they concentrate on their core business and leave their cybersecurity protection for people like us to handle it for them. In today's world, organisations are tilting towards outsourcing and we have organisations that can handle this cyber security for these firms. Let the competent hands take care of this on or off premises. So concentrate on your core business. You do not need to put so much resources or funding in cybersecurity today. The best thing organisations should do is to outsource and let the professionals handle it.
Trust is an issue in the area of outsourcing, especially with financial institutions. How safe are these data in the hands of cybersecurity firms like yours?
Well, it depends on the cybersecurity solution provider they are engaging, but ours is a different approach. With our AI approach, we don't need to have access to customers' data, credentials or logs. This is what makes us unique from others, all we need is to collect the logs and analyse the logs. We have been in conversation with NITDA, Galaxy Backbone, among others and we have worked with the government and the issue of trust shouldn't arise because we have a reputation here.
How do you offer support services and what kind of robust support services do you offer in the case of breaches?
Our company is divided into various levels of intelligence: Incidence response to penetration testing and ethical hacking. We ensure that we have a dedicated support system for Nigerian firms in the case of any breach. We take the matter of support very seriously here in CyberDome. Our incidence response is located in the country, we have that in place and our customers can testify to this.
Cyber Security is a branch of Information Technology (IT) that needs expertise and high capacity and Nigeria is a country that is trying to build skills set in this area. As a stakeholder in the industry, how is CyberDome contributing to changing this narrative?
Capacity building is a critical area in the provision of cyber security solution anywhere in the world. As an organisation, we are doing our best to bridge these gaps in our own little way. Our Cyber Academy provides professional instruction for cyber security experts to further develop their skills as cyber forensic information technology scientists and information security professionals. CyberDome instructors are among the leading professional trainers and information security specialists that are not only trainers, but are also practicing professionals, performing regular incident response and processing digital forensic cases. All of our professional courses are taught at several levels, and we can customise training courses based on the needs of the organisation. We believe Nigerians will have access to our facilities and benefit from them.