• ‘Current cyber laws can’t help the financial system’
• Ministers admit govt agencies exposed
• Experts want FG to scale up cybersecurity architecture
• Call for personnel training, more awareness
About two weeks after Anonymous, a network of global hacktivists launched an aggressive campaign in Nigeria, commercial banks have begun panic update of their server.
The banks, The Guardian has gathered, have started a panic system overhaul to protect sensitive data, including customers’ information.
Amidst the server upgrade frenzy, experts have warned that, except inclusive measures are adopted, the possibility of Nigeria suffering a worse cyber attack is imminent.
Minister of State for Science and Technology, Mohammed Abdullahi, confirmed the recent threat, saying there were coordinated attacks on sensitive government databases.
Abdullahi’s counterpart at the Ministry of Communications and Digital Economy, Dr. Isa Pantami, had also acknowledged that some websites of some government agencies were compromised.
He said: ‘‘On my instruction, the NITDA and NCC worked almost round the clock last week to rectify the situation and ensure no vital data was compromised. I am happy the websites are back and running now.”
Pantami disclosed that the ministry and its agencies, in collaboration with the Office of the National Security Adviser (ONSA), were fortifying the nation’s IT security wall.
The Guardian had reported that the recent alleged cyber attack on the Central Bank of Nigeria (CBN) and other public institutions caused apprehension in the financial service industry with Information Technology (IT) personnel and top executives working to upscale the firewall of the servers.
The Guardian was reliably informed that the threat by Anonymous, which launched a campaign in solidarity with #EndSARS protesters about two weeks ago, had exposed banks’ vulnerability to cyber-attack. It was also learnt that many of the banks were deploying new cutting-edge security software to protect their servers.
A source privy to the ongoing efforts to minimise cyber risks said: “Our IT guys spent last weekend (October 24/25) upgrading the system.”
He added that the unit worked with hired external experts “under strict instruction from the managing director” who warned repeatedly that cybersecurity must not be compromised.
Asked about the financial cost of the system upgrade, the source said, even the IT personnel were “not privy to the amount spent” and that only top executives would know. Considering the scope of work carried out, coupled with the profiles of the experts hired. The source added that the budget would certainly run into hundreds of millions.
ANOTHER source at a new generation bank said his bank was not threatened in any way because “it is considered as a small bank.” The source, however, said the bank did a system upgrade shortly before Anonymous struck.
The source said: “Our job portal suffered an attack a few months before Anonymous launched a campaign in Nigeria. Following the attack, though customer data were not affected, we quickly carried out an upgrade.
“Besides, the feeling that they could not have targeted us because of our size, we did not panic as we just did an overhaul. But that does not mean we have taken the threat in the industry for granted.
“We are very vigilant. If there is any need for an upgrade, we will move into action quickly because nobody wants to expose customer data to an external threat, not when Anonymous is mentioned.”
Many banks have, in the past two weeks, sent messages informing depositors that they were halting online operations to enable them effect system upgrade.
A day after the CBN was reportedly attacked, a second-generation bank grounded its online platforms for 48 hours for a “system upgrade.”
Even after the 48 hours elapsed, it sent another message apologising for the “inconvenience” it caused its customers while it was yet to resume online operation.
On Wednesday, the same operator sent an email notifying customers that transaction alerts would “be delayed or not received at all” in the meantime.
MEANWHILE, cybersecurity and technology analysts, who spoke with The Guardian yesterday, said the porous status of Nigeria’s cyberspace and ineffective implementation of the Cybercrime Act 2015 was responsible for the country’s high vulnerability.
Their submissions were based on the alarm raised by Abdullahi, who said there have been coordinated attacks on a sensitive government database. The minister, at the quarterly management meeting of the ministry in Abuja on Wednesday, said the recent crisis in the country confirmed Nigeria was targeted for attack.
Abdullahi said it was high time Nigeria prioritised cybercrime and security, as he urged staff of the ministry and its agencies to improve their research capacity to achieve their mandate.
But experts said the task ahead remained huge. They advised the Federal Government to be proactive and back its words with actions to bring sanctity to the country’s porous cyberspace.
A cybersecurity lawyer, Ola Agbaje, said cyberspace attack is a major concern now globally. He said the US and Europe were not immune, as they had been attacked and still under threat.
“So, you could imagine where we belong. We are most vulnerable and ill-equipped to cope with the technological sophistication in cyberspace attacks. That is why it is so easy to manipulate the people’s psychology through fake and unauthenticated news, whose sources are never known, while such dangerous news spread like harmattan wildfire to the detriment of our collective security,” he said.
Publisher of Detective Magazine, Dipo Kehinde, said: “The Anonymous attacks only highlighted what Nigerians have always known and have been experiencing over the years. Hackers have always been penetrating the banking system to steal depositors’ money.
“All levels of government must invest more in advanced software and constantly upgrade to keep pace with hackers who are a step ahead.”
Chairman, Mobile Software Solutions, Chris Uwaje, charged Nigeria to “prioritise software as a core strategic action.”
Uwaje, a former president, Institute of Software Practitioners of Nigeria (ISPON), noted the national software domain was not in harmony with the perceived objectives and expectations of the digital economy and the quest for the attainment of Sustainable Development Goals (SDGs).
He observed that the nation’s investment profile in software research and development and digital innovation capabilities are very low, saying the country needed to establish 10 private institutes of software engineering.
The former ISPON boss recommended that there was the need to apply software conversion strategies to retool the engineering and other relevant sectors to upgrade nationwide cybersecurity expectations.
Senior Partner, e86 Limited, a software development company, Olugbenga Odeyemi, in a report, said there was the need to get decision makers of organisations or agencies trained in cybersecurity. He said most leaders simply hire cybersecurity professionals without the slightest understanding of the concept themselves.
In an article titled: ‘Cybercrime in Nigeria demands public-private action,’ Maurice Ogbonnaya, admitted that cybercrimes had increased in Nigeria in the wake of COVID-19 restrictions and lockdowns.
Ogbonnaya said the country’s 2015 cybercrimes law might not be adequate to reduce the vulnerability of financial institutions, especially the banking sector. He said public-private partnerships and joint task forces could be the solution.
According to him, partnerships between government and financial institutions are needed to deal with the problem.
“If responses are dominated by state security agencies, concerns are likely to be raised about abuse, accountability, access to information as well as obligations on the commercial sector to report attacks. This may cause a reluctance to report offences and a perpetuation of behaviour that increases vulnerability to cybercrimes,” he said.
The President of Association of Telecoms Companies of Nigeria, (ATCON), Olusola Teniola, said Nigeria was not an exception to the challenge. He said recent reports suggest that Nigeria’s ‘fincrime’ and ‘romance crime’ are prevalent because of the level of unemployment.