Digital Encode, a leading consulting and integration firm has said that in its 20 years of existence, it has been able to certify so many organisations with different kinds of certifications, ranging from high school certifications to carrying out payment card industry (PCI) data security standards (DSS) for companies within and outside Nigeria.
Digital Encode, which prides itself as the number one information technology assurance company in Africa, specializes in the design, management and security of business-critical networks, telecommunications environments and other information technology infrastructures.
Speaking during a Fireside chat with Joan Aimengheuwa, a senior Content writer with TechEconomy, at the Africa Tech Alliance (AfriTECH 3.0) Forum held at The Providence Hotel, Ikeja GRA, Olaifa Opeyemi, a Cybersecurity Consultant at Digital Encode Limited said the company known for solving multifaceted, complex enterprise network security and audit problems, will keep on working tirelessly to remain ready for the ever-evolving digital skills.
Responding to a question on cybersecurity trends in Africa, Opeyemi said there has really been an increase in cyber trends owing to sustained advancement in the digital space, emerging technologies, and the increasing emergence of new smart devices.
“There was a time of web applications. Now, it’s time for mobile applications. The more technology you introduce, the more trends you introduce out there. And then the more there are some bad people; they are trying to see how they can exploit that technology you put out there. So, there has been an increase in cybersecurity trends, ranging from ransomware to malware to other forms of attacks, business logic attacks, and all those kinds of trends that they could use or exploit.
“Even in social engineering, there is phishing, which has become very rampant. Aside from trends, there has also been an increase in this old cryptocurrency attack, which they often refer to as the crypto champion. Even though cryptocurrency has been in existence for quite a while, it became much known a few years back. So, these bad guys out there are already going to devise something called the crypto champion.
“Crypto champion is a tool that they use to first try to get access to your device. Then once they have access to your device, they install this particular solution and have you actually mine your cryptocurrency. And then you get the money from your cryptocurrency without your knowledge,” Opeyemi said.
On the positive developments in cybersecurity, she said that there has been an increase in data protection efforts in Nigeria, since the enforcement into law of the data protection bill by President Bola Tinubu, adding that in 2020 and 2021, South Africa and Egypt incorporated the PRP Highway, which is the protection of personal information. “Over the years, different countries in Africa have really been trying to enforce this data protection,” she further added.
Opeyemi stressed that security is not just about the company, but also about the staff in an organisation as well, noting that “if you have the technology, and you have your people aligned, whether it comes to security, you also need process policies to govern them. Policies in terms of making a change in the environment, making sure you make the change request.
“Before you create a password, make sure you follow the password policy. Before you do this, make sure you do that. So really, there are a lot of tracks there; – Ransomware, malware, social engineering, and even distributed denial of service. When it gets like this, there’s enough traffic, and they put down a service in the organisation.”
“Cybersecurity is really just about being there, the confidentiality of information, the integrity of information, and the availability of that information. Confidentiality of information is just that you have to ensure that you’re protecting whatever information you have for unauthorized access, which is what we want to ensure with cybersecurity.
“On Integrity, you’re protecting that information from unauthorized deportation. You don’t want someone who’s not supposed to have access to that file to have access. And on availability, if you’re a sponsor, you’re trying to make sure that your services are available to you. You don’t want things to ever be disrupted or hit anywhere,” Opeyemi further stated.
On how companies can protect their data, the cybersecurity consultant warned that in a case like DDoS, companies should insist on an application or network because of the heavy traffic associated with this kind of cybercrime, advising that there would be the need for traffic imagery.
“First, you need to have what I call traffic imagery. There are so many solutions out there that you can actually use in your organization, and it will help you to filter this traffic. So as traffic is coming to the system, whether it’s a system or an application, it helps to filter that suspicious traffic. And all these devices are actually, to some extent, smart.
“They see the traffic from a certain source, and then when they see such traffic, they don’t get suspicious. But then when they are seeing traffic from a source that they are not very used to, they will most likely rate it as suspicious, which is why sometimes when you now do your review, you find out that it’s not reading anything,” she said.
Opeyemi implored the government to intensify efforts at creating awareness on the need for cybersecurity consciousness and not just limiting itself to regulatory oversight and standardization, noting that creating cybersecurity awareness from the primary school level would go a long way to building a cybercrime-free nation.