Connect with us

Opinion/White Papers

Inside the Mind of a Cyber Criminal

Published

on

Inside the Mind of a Cyber Criminal, SiliconNigeria

By Anna Collard, SVP Content Strategy and Evangelist at KnowBe4 Africa

Cyber criminals come in many different flavours, but the majority of them are in it for one thing: financial pay-off. They want the money that comes with offering their tools or services, selling stolen data, extortion like ransomware or plain fraud. And they all have one thing in common – your organisation is on their radar.

Which is why, says Anna Collard, SVP Content Strategy and Evangelist at KnowBe4 Africa (www.KnowBe4.com) it is critical to understand how cyber criminals operate, the tools they use and the approaches they take to embed robust security within the organisation.

“With ransomware going rampant and victim organisations paying up to millions of U.S. dollars to the extortionists, this problem is just going to get worse. The U.S. government recently announced that ransomware is a national cybersecurity challenge and that there will be serious implications for anyone attacking the United States or their critical infrastructure.

This may lead more criminals to shift their attention towards the emerging economies like Africa, where we do not have the government’s support or capacities to stop and prosecute cyber criminals, making it a safer place to operate,” says Collard.  

Social engineering or people hacking is a popular way to distribute ransomware – predominately by tricking people into falling for their phishing scams.

“Another technique to be aware of is password spraying,” she explains. “This is when the bad actor selects a common password, like the organisation’s name, followed by the year, and tries it against every user in the organisation. They scrape names of employees from LinkedIn and then using this information, try the possible password against the list of names. Then it keeps on cycling until it hits a winning entry. This is a solid case for ensuring that every single employee uses proper passwords or a password manager and multi-factor authentication where possible.  

“This level of attack really underscores how important it is to undertake consistent employee training and security skills development,” says Collard. “No matter how secure your perimeter, no matter how much money is spent on high-end security systems, one poor password can open the doors to the threat actors.”

Multi-factor authentication and robust training are not just invaluable for employees in the office, they are even more critical today as people work from home and multiple locations – particularly as employees migrate to coffee shops for power and Wi-Fi during load-shedding. Public Wi-Fi is wide open and home networks with poor passwords or out of date software are open doors.

“It is also really important to make sure that employees use a VPN, although that is also not a guaranteed protection” says Collard as a recent report by the Orange Cyber Defense (https://bit.ly/2UmjTqQ) team explained.  “With home routers being vulnerable due to people not configuring them correctly or updating them, it might be worthwhile sending pre-configured routers and firewalls to employees’ homes, especially for those who access highly confidential information.”

Another challenge for the organisation is keeping up with vulnerabilities and patch management, which is a complicated task in bigger environments.

“Leading hackers and experts like Kevin Mitnick are drawing lines under the importance of putting people’s understanding of these threats at the forefront,” says Collard. “Make sure that passwords are secure, that they are not stored in diaries or on open platforms like Slack or Google Hangouts, that they understand how to identify social engineering attacks and keep security hygiene at the forefront of all communication. People need to know what is out there, and that they have the skills to play an important role in protecting themselves and the organisation.”

Today, the threat actors are organised and well paid. They benefit immensely from their pursuit of vulnerabilities, simple mistakes and human error. Organisations have to sit on the sharp end of the security stick with robust monitoring and detection systems, clear policies, consistent training and security boundaries.

Continue Reading
Advertisement Advertisement
Click to comment

Leave a Reply

Opinion/White Papers

Train the Hybrid Mind

Published

on

Train the Hybrid Mind, SiliconNigeria

By Anna Collard

More than 50% of IT teams believe that employees have bad security habits. Habits they’ve developed since moving their offices into the home and that put their information, systems and employers at risk.

The statistic comes from the Tessian Back to Work Security Behaviors Report (https://bit.ly/2VfndVe) that also found an age discrepancy when it came to who practiced the best security from home.

Around 51% of 16–24-year-olds and 46% of 25–34-year-olds reported that they used security workarounds, while two in five people said that the security behaviours they adopted at home were very different from those they used in the office. This draws a thick red marker around the need to ensure that people and security training remain a priority while offices continue with hybrid ways of working.

“People adopt different behaviours at home as a rule,” she adds. “It is home, after all. There has to be a solid mental shift now that the home has become the office, and this shift involves making sure that the same security check boxes that were ticked at the office are also ticked at home. This is even more important because cyber criminals are taking advantage of system and employee vulnerabilities right now, and really going in on the offensive.”

Now is the right time to implement policies and approaches that take hybrid workplaces and requirements into account. The survey mentioned above also found that 67% of IT decision makers believe that phishing emails will increase as people move back to the office. And there is a discrepancy between how IT sees security when office work returns and how employees see it. Only 57% of employees think that they will follow security protocols once back in the office compared with 70% of IT professionals.

“Cybercriminals have cottoned on to the fact that people will move back into the office with a slightly less than robust approach to security,” says Collard. “They will forget to report mistakes, potentially open up new avenues of risk to the business or get caught by the tide of phishing emails that have become rampant over the past few months.”

People are people. The pandemic has been punishing. Implementing further punishments for making simple cyber security mistakes will only make things worse. What’s needed is a focus on training and positive reinforcement that reminds people of why security is important, and how to keep their side clean. Training that puts them in front of simulated ransomware or phishing emails and that teaches them security best practice, and rewards those who do well. This should be done consistently and in a way that engages with people in the limited time they have.

“By giving your people the tools they need to combat security threats and recognise risks, you are empowering them and adding that extra layer of security to your business,” concludes Collard. “Methodical and repeated simulations combined with training allows for IT teams to trust in their people, and for employees to remain aware of the threat actors that wait for them to make the simplest of mistakes. This is the best way to help your business remain ahead of security best practice and for your people to thwart social engineering attacks.”

Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 AFRICA (www.KnowBe4.com),

Continue Reading

Opinion/White Papers

5 Tried and Tested Ways to Keep Employees Engaged

Published

on

5 Tried and Tested Ways to Keep Employees Engaged, SiliconNigeria

By Andrew Bourne

Employee engagement, when done right, nurtures long-term relationships and contributes to an organisation’s sustainability. Engaged employees commit themselves to their employer’s goals, find satisfaction and meaning in the work they do, and have the potential to enhance business profitability. Here are five simple yet effective ways to keep your workforce engaged:

  • Uphold two-way communication

Two-way communication keeps employees informed about work-related developments and gives them a platform to offer their suggestions and feedback. A lack of communication can lead to information silos and in some cases, may also lead to employees perceiving it as mushroom management. To break silos and establish two-way communication, a flat organisational structure is a good place to start. Next, consider using different communication channels that allow free flow of information for all parties at various levels, i.e., between peers, managers, and the organisation. Apart from face-to-face and emails, introduce internal chat mediums, social intranet, and frequent business outlook updates. For instance, organizations can make use of virtual town hall meetings to enable their employees to communicate with their top leaders.

  • Facilitate employee development

For employees to work dedicatedly towards company goals, the first show of commitment has to always be the employer’s. An employer has to be ready to make long-term investments in human capital development and provide opportunities for employees to expand their skill sets or be redeployed to new roles that fit their interests. Moreover, for individuals to learn and perfect their work, it takes time. So there needs to be a culture of acceptance that encourages employees to learn from their mistakes without fear of being criticised. Similarly, experienced employees can be brought on board to mentor new employees. They can help interns understand what it takes to excel in their new roles and overcome work challenges.

  • Empower employees with trust

A culture built on trust empowers workers to become the best version of their work selves. Trust provides the mental space that every employee needs to hone their capabilities and deliver to their full potential. On the other hand, micromanagement introduces work fatigue and even the most spirited employees can lose interest when constantly monitored and badgered for updates. Today, we continue to hear about how more and more companies are deploying digital surveillance and key logging software to make sure that their remote workers put in the necessary hours while working from home. These are just different forms of micromanagement and practices like these will not be sustainable in the long run. They can affect workplace dynamics and destroy trust relationships, the effects of which will reflect eventually in the attrition rate. 

  • Put the human back into human resources

Trying times like the present call for employee engagement approaches that prioritise individual well-being above all else. During such unprecedented circumstances, it’s critical to allow employees the space to adapt to the new normal and regain balance between their professional and personal lives. Flexible work arrangements that allow employees to develop their own work schedules will come in useful. Also, acknowledge and act on concerns that hold back employees from doing their work. For instance, poor ergonomics while working from home can increase stress and affect productivity. A one-time allowance towards enabling employees to set-up a dedicated home office can help solve this.

To better help employees who are battling anxiety and mental health issues, consider bringing a psychologist on-board to enable them to navigate their overwhelming emotions under guidance. Wellness webinars can be organized to help employees maintain a healthier lifestyle amidst the lockdown and stay-at-home orders.

  • Align organisational values with workplace practices

Employees respect and gradually become loyal to an employer who stands for what they believe in and integrates the same within workplace practices. An organisation’s key decisions must always be guided by its core values. At Zoho, we believe the cloud will power entire businesses and true to that vision, all our business operations including employee collaboration run only on Zoho applications to date. Another value close to our heart is the philosophy of transnational localism and as part of it, we have established more than 30 satellite offices in rural locations across various nations to help our employees stay close to their roots.

Strong employee engagement programs are core to sustainable human capital management. They determine an organisation’s capability to attract the right talent, build loyalty, and promote development. Moreover, amid testing times like the ongoing pandemic, continued employee engagement practices become all the more important for an organisation to assure employees of its investment towards the well-being of its workforce. 

Andrew Bourne is the Regional Manager for Africa, Zoho Corp

Continue Reading

Opinion/White Papers

X-raying NITDA Strategic Roadmap And Action Plan 2021-2024

Published

on

X-raying NITDA Strategic Roadmap And Action Plan 2021-2024, SiliconNigeria

By Mubarak Umar

The outcome of any ideation, roadmap and strategy is turning the vision into a reality. This requires facilitation and engagement of action plan to ensure everyone understands their contribution to high impact goals and what they can do to achieve it together – working even asynchronously. The development of a four-year Strategic Roadmap and Action Plan has therefore become an integral process of operation in National Information Technology Development Agency (NITDA).

The aim of NITDA’s Strategic Roadmap and Action Plan 2021-2024 (SRAP) is to give direction to the initiatives of the Agency and realign its operations towards new vision; “to proactively facilitate the development of Nigeria into a sustainable digital economy”. The plan involves an evaluation of the previous plan, a visioning process to refocus the Agency along the lines of the government policies, current state of the IT industry, future trends, and current aspirations of the citizenry and the general intendment of government.

It may be recalled that President Muhammadu Buhari, GCFR, mandated the Federal Ministry of Communications and Digital Economy and all its parastatals to facilitate the use of digital technology to expand and diversify Nigeria’s economy. At the Ministry, this is a task that must be achieved by refocusing efforts on facilitating the adoption of digital technologies.

To execute the Presidential mandate, Honourable Minister of Communications and Digital Economy, Dr Isa Ali Ibrahim (Pantami) directed all parastatals in the Ministry to develop strategies, programs and initiatives to ensure the attainment of the expected gains of expanding the digital space in Nigeria. Part of the expectations is for the Parastatals to develop individual strategies in line with relevant institutional mandates and goals of the National Digital Economy Policy and Strategy (NDEPS) to achieve a Digital Nigeria

NITDA, in following the directive of the Honourable Minister has strategically aligned its plan for the next four years with the visionary thinking behind the NDEPS. The new vision of NITDA is to articulate continuous improvement introduced by the then Director General, now Minister of Communications and Digital Economy. Therefore, for NITDA to remain relevant as IT regulator in the country, and the role it has been playing in the IT industry, it must align with the current trends and cultures of digitalization. The vision is a strategic response to the re-designation of the Ministry and the expansion of its mandate to include the transformation of the country into a digital economy.

The Agency adjusts and realigns its internal structures in a manner that would support the new vision and help to drive its attainment. That is why NITDA is undergoing a restructuring process that has seen the redefinition of departmental functions and the refocusing of the operational mandate of some departments. The restructuring is to specifically tailor operations towards key aspects of SRAP while at the same time improving the efficiency and effectiveness of internal operations and governance. 

The restructuring process has also seen the creation of a new department of digital economy in compliance with the directive of the Honourable Minister of Communications and Digital Economy, and in accordance with the Agency’s new vision. 

The NITDA Strategic Roadmap and Action Plan (SRAP) for 2021-2024 has been inspired by the vision of the National Digital Economy Policy and Strategy (NDEPS). The NDEPS, which was developed to reposition the Nigerian economy in order to take advantage of the many opportunities that digital technologies provide, is based on 8-pillars for the acceleration of the National Digital Economy. These pillars align with the Economic Recovery and Growth Plan and its successor Nigeria Economic Sustainability Plan of the Federal Government as well as the priorities assigned to the Federal Ministry of Communications and Digital Economy. 

In developing SRAP 2021 – 2024, some policies of Government and public documents were consulted. These policies and documents include the NDEPS, Nigeria Economic Sustainability Plan (NESP), Tech4COVID Committee Report, National Broadband Plan, Cybersecurity Policy, National eGovernment Master Plan, NITDA Act, amongst others. These documents were collated to get right direction of the government on pertinent issues of the digital economy and nation building. 

SRAP is being drive by three-pronged objectives, which are: to articulate a new strategy for NITDA in consonance with the current aspirations of Government, the realities of today and the demands of the future; to contribute its quota towards the implementation of NDEPS especially within the framework of its mandate and; to implement programs that would facilitate the digital transformation of Nigeria. 

In developing the new strategy for NITDA, certain considerations were made. In terms of alignment, consideration was given to the NDEPS and its vision of transforming Nigeria into a leading digital economy. Other considerations include the grey areas that must be addressed in transforming Nigeria’s Digital Economy; the need to have SMART objectives and the importance of having an implementation structure that will ensure the successful implementation of the strategy. 

The overall strategy was based on the seven strategic pillars and their respective objectives. Other components of the strategy include implementable and granular initiatives that were created with relevant key performance indicators (KPIs). This will ensure that the progress of the achievements of the goals of these pillars is properly measured, evaluated and monitored. It will also help in identifying and addressing issues that may be associated with the implementation of the roadmap.

The seven strategic pillars identified by the Agency as the fulcrum for the Roadmap are: 1) Developmental Regulation; 2) Digital Literacy and Skills; 3) Digital Transformation; 4) Digital Innovation & Entrepreneurship; 5) Cybersecurity; 6) Emerging Technologies and; 7) Promotion of Indigenous Content.

Consequently, the above pillars have been listed in line with the arrangement of the NDEPS pillars; each of the pillars has been broken down into strategic initiatives that speak to its goal. The resultant initiatives were further fragmented into activities and an implementation plan was in turn developed for these initiatives. Also, a results monitoring framework was developed for identified key performance indicators of each of the initiatives.

Developmental Regulations

To create an enabling environment, through frameworks, standards, guidelines, and regulatory instruments that unlocks opportunities in the digital economy across all sectors.

Digital Literacy and Skills

To intervene in the development of digital technology by supporting, promoting and facilitating digital skills and literacy programs through the development and adoption of digital literacy standards for Nigeria.

Digital Transformation

To assess, evaluate and advise on the use of digital technology anchored on the transformation of government processes and services by leveraging on digital technologies.

Digital Innovation and Entrepreneurship

Create an ecosystem for Innovation Driven Enterprises (IDE) and Micro, Small and Medium Enterprises (MSMEs) to thrive.

Cybersecurity

To strengthen the cyberspace and reduce vulnerabilities exploitable by threat actors.

Emerging Technologies

Facilitate the adoption and adaptation of emerging technologies in Nigeria, and determine critical areas in Information Technology that requires research, intervention and development.

Promotion of Indigenous Content

To create opportunities and enabling framework for the development and adoption of homegrown innovation for a digital economy.

Similarly, SRAP introduces dynamism to project implementation through the workstream approach of project delivery. This approach reinforces internal collaboration with a view to fostering external cooperation. NITDA believes that with new approach, the implementation of the various initiatives will be properly coordinated, communicated and concluded thereby ensuring that the goal of achieving a sustainable digital economy as well as contributing to the creation of jobs for our teeming youths is achieved.

Continue Reading

Popular News

%d bloggers like this: