By Emeka Aginam
The President of Information Technology Systems & Security Professionals, ITSSP, an interest group of the Nigerian Computer Society, Prof. Adesina Sodiya has said that business owners must invest in basic security management and control systems so as to keep pace with the constantly evolving threat landscape
Adesina who spoke to Technology Journalists at the weekend to unfold details of stakeholders’ meeting on information security slated to hold in Lagos next week noted that apart from the increasingly sophisticated nature of attacks,many businesses still do not believe they might be targeted by cyber-attacks.
According to him, information security in not only about firewalls, anti virus software and passwords, but a continuous process that requires modern approaches and persistent management.
Collaborative strategy and efficient practices, he said are required in protecting valuable assets of organization to achieve major security goals of confidentiality, integrity and availability, CIA.
Noting that the stakeholder’s forum is expected to address both present and future information security challenges, he noted that it is important for businesses to understand the nature of threats against their businesses and the impact of a breach on production,finances, intellectual property and reputation. Organizations, he warned, must continuously monitor their networksand have the ability to detect and mitigate intrusions as quickly as possible.
Revealing that the group has been involved in the development of capacities needed protect national digital assets and cyberspace, he said that the strategic meeting would provide a platform for reviewing existing information security strategies and initiating collaborative efforts for addressing current challenges.
To sensitize stakeholders in Information Security towards the creation of a synergy for an overall achievement of an adequate protection for all ICT infrastructures in Nigeria, to develop a template towards improvement on available knowledge and research on information security and prepare adequate grounds for the upcoming Annual Information Security Congress (ANISC) taking place in October 2017, according to him are among the objectives of the forum.
Individuals and organizations concerned with information security are expected to attend the meeting.
According to him, every businesses must develop information security policies, procedures and plans, adding that theses needed to be updated regularly and enforced to help keep pace with the constantly evolving threat landscape.
“ Human beings are often the weakest link. Consequently, an extremely high proportion of attacks involve social engineering approach. Many Nigerians, and even people all over the world, are still increasingly fallen victims of socially engineered attacks.
“ In 2016, there are records that financial institutions in Nigeria faced Distributed Denial of Service Attacks (DdoS).
This confirms that online activities are not completely secured. Security awareness and training are therefore indispensable. Attackers may be using customized attacks, but operating methodstypically remain the same”, he explained.
Looking ahead at the future, he said that security will probably be established by balancing controls and risks to produce scalable and flexible strategies.
More persistent internal monitoring and sharing of security intelligence , according to him are necessary for a more effective security approach.
For a security strategy to be workable for the present and the long terms, he said that it is important to look ahead, adding that organizations tend to focus on reacting to security threats rather than being proactive.