Why Cyber Future Depends on People, Trust, Supply Chain

By Salami Adeyinka

By the time a phone vibrates with a fake bank alert or an email pretends to come from a trusted vendor, the damage has already begun. Cybersecurity, once seen as a concern for IT departments and large corporations, has become a daily issue for ordinary people. From small businesses in Aba to ministries in Abuja and the business capitals in the United States and the United Kingdom, the digital space is now a shared marketplace that must be protected collectively.

According to global economic estimates, cybercrime now costs the world several trillions of dollars annually, with small and medium-sized enterprises suffering disproportionately due to limited security budgets and expertise. As organisations migrate to cloud environments to cut costs and improve efficiency, the attack surface expands, creating new vulnerabilities that demand both technical precision and strategic foresight.

At the heart of today’s cyber challenge are four issues that experts agree will define the next decade: securing the supply chain, understanding who is really behind cyber threats, building everyday cyber awareness, and creating practical job pathways for young graduates to defend organisational workspaces.

Together, these themes explain why cybersecurity is not just about technology, but about people, habits and opportunity.
For many Nigerians, the phrase “supply chain” brings to mind trucks, warehouses and shipping containers. In the digital world, the supply chain is less visible but just as critical. It includes software vendors, cloud services, third party contractors, payment processors and even free applications downloaded from the internet. When one link is weak, attackers do not knock at the front door. They slip in quietly through a trusted back entrance.

Global cybersecurity experts have repeatedly warned that modern cyber attacks increasingly target suppliers rather than the main organisation. The logic is simple. It is easier to compromise one smaller vendor than to break into a well defended bank or government agency. Once inside the supplier’s system, attackers ride on trust to reach bigger targets.

Ruth Okewole, a cybersecurity professional, explains the danger in plain terms. “Most organisations lock their main office door, but forget to check who has keys to the back gate. In cybersecurity, that back gate is the supply chain. If your vendor is compromised, you are exposed even if your own systems look strong.”

Through Grainsfield Consulting Services, Okewole played a central role in monitoring and enforcing security processes aligned with global best practices. She worked on threat detection, data loss prevention, and messaging security at a time when phishing, identity theft, and insider threats were becoming more prevalent in West Africa’s corporate sector.

Importantly, she also led workforce training initiatives, helping to instill a security-first culture among staff.

Okewole notes that Nigerian businesses often rely on multiple technology partners without clear security checks. “We import software, outsource services and integrate platforms very quickly. Speed is good for growth, but it also means risk travels faster if we do not ask the right security questions.”
International experts echo this concern. Cybersecurity leaders consistently point out that software is built on layers of other software, many of them open source or maintained by small teams. A single malicious update or hidden vulnerability can spread across thousands of organisations in seconds. The lesson is clear. Security today is shared. No organisation is an island.

Omkhar Arasaratnam, cybersecurity executive and supply chain security leader, has emphasised the structural risks in software supply chains, especially in open-source ecosystems, and the challenges defenders face in detecting long-term, socially engineered attacks against widely deployed components. This underscores that supply chain security is a collective problem requiring systemic defenses, not point tools alone.

“Software supply chains are only as secure as their weakest link, and attackers increasingly exploit that complexity — from open-source dependencies to build infrastructure.”

Software supply chain attacks like SolarWinds and others have made it clear that even trusted components can be leveraged maliciously, prompting industry summits and collaborative efforts to improve transparency and shared defenses.

For Christopher Hadnagy, a longstanding authority on social engineering, cyber attackers often target people first rather than systems — manipulating trust and influence to gain unauthorised access. His work in social engineering education stresses that understanding human psychology is central to defence.

He said: “Social engineering is using manipulation, influence, and deception to get a person to comply with a request.” He added that: “Trust is the currency of social engineering.”
Kevin Mitnick, a security consultant and former hacker, opined that “the weakest link in the security chain is the human element.”

He emphasised that attackers often exploit human behaviour and trust to breach systems, making security as much about people as technology.

Perry Carpenter, an expert on security awareness and human-risk management, champions the idea that cybersecurity is fundamentally about human behaviour, not just technical controls. His work argues that security culture and awareness are core defences against social engineering and human-related breaches.
“Security is a mindset, not a toolset,” he said.

Stéphane Nappo, CISO, added that “cybersecurity is much more than a matter of IT — it’s a business imperative.”

And in the view of Ted Schlein, cybersecurity investor/leader, “there are only two types of companies: those that have been breached and know it, and those that have been breached and don’t know it yet.”

One widely cited principle among cybersecurity professionals is that the human element is often the weakest link. Attackers know this and design their schemes accordingly. They study behaviour, language and routines, then craft messages that feel familiar and convincing.

Okewole believes this human focus is often misunderstood. “Many people think cyber attacks are only about breaking systems. In reality, most attacks begin by breaking confidence. Once trust is broken, systems follow.”

She adds that attackers today range from organised criminal groups to opportunistic scammers. “Some are after quick money. Others are after data, influence or long term access. What they share is a deep understanding of how people think and react under pressure.”
Global social engineering experts have long warned that technology alone cannot solve this problem. Firewalls and antivirus tools matter, but they cannot stop an employee from clicking a convincing link or sharing a password over the phone. That defence must come from awareness and culture.

Cyber awareness is often treated as a one off training session or a checklist item for compliance. Experts argue that this approach is outdated. In a world where threats evolve daily, awareness must be continuous and practical.

A popular saying in cybersecurity circles is that security is a mindset, not a toolset. This means that every staff member, from the receptionist to the managing director, has a role to play. Awareness is about recognising red flags, asking questions and knowing when to pause.

Okewole frames cyber awareness as a life skill. “Just as we teach children to look both ways before crossing the road, we must teach digital users to pause before clicking, sharing or downloading. Cyber awareness should be as normal as road safety.”

She stresses that awareness programmes should use simple language and real examples. “When people hear technical jargon, they switch off. But when you explain that a fake message can empty their account or shut down their workplace, they pay attention.”
Industry leaders around the world support this approach.

They emphasise that cybersecurity is not just an IT issue, but a business and social issue. A single breach can disrupt operations, damage reputations and erode public trust. For Nigeria, where digital services are expanding rapidly, the stakes are high.

From mobile banking to government portals, more services are moving online. This creates opportunity, but also responsibility. Cyber awareness helps ensure that digital growth does not come at the cost of security and confidence.

Beyond protection, cybersecurity also offers a powerful opportunity for job creation. Around the world, there is a well documented shortage of skilled cybersecurity professionals. Nigeria is no exception. Yet many fresh graduates struggle to enter the field because employers demand experience they do not yet have.

Experts argue that this gap can be closed through deliberate investment in hands on training and entry level roles. Cybersecurity is a practical discipline. Skills are sharpened in labs, simulations and real world scenarios, not only in classrooms.
Global workforce studies consistently show that diversity and youth inclusion strengthen cybersecurity teams. Young professionals often bring fresh perspectives, curiosity and adaptability. When combined with experienced mentors, they form resilient defence units.
For Nigeria, this approach could have wider economic benefits. Cybersecurity roles are well suited to the digital economy and can be performed across sectors. Investing in these skills means investing in national resilience.

Nigeria’s digital footprint is growing fast, and the evidence is visible everywhere. From fintech apps used daily by traders and salary earners, to telecom networks powering millions of mobile connections, to government platforms handling identity, taxes and social services, the country is now deeply digital.

In the fintech space, platforms that process payments, savings and loans rely on complex supply chains. A mobile banking app may depend on cloud hosting providers, payment switches, third party application developers and identity verification services. If any one of these partners is compromised, customers can be exposed. Cybersecurity experts point to past global incidents where attackers gained access through vendors, reminding Nigerian fintech firms that trust must be backed by constant verification.
Telecommunications companies face similar challenges. With millions of subscribers, telcos manage vast amounts of personal data and critical infrastructure. Social engineering attacks that target call centre staff or field engineers can lead to SIM swap fraud, service disruptions or data leaks. Experts warn that attackers often pose as colleagues or regulators to exploit internal trust.

Government platforms are also high value targets. Systems such as national identity databases, tax portals and social intervention platforms hold sensitive citizen information. A single breach can erode public confidence and disrupt essential services. This is why cybersecurity awareness must extend beyond private companies to public institutions.
Okewole stresses that the stakes are national. “When a fintech app goes down, businesses suffer. When a telco is compromised, millions are affected. When a government platform is breached, trust in institutions is damaged. Cybersecurity is now part of national stability.”

Experts warn that ignoring cybersecurity can undermine trust in digital systems. When people fear fraud or data loss, adoption slows. This affects innovation, investment and public confidence.

Okewole believes the solution lies in collective responsibility. “Cybersecurity is not the job of one department or one expert. It is a shared duty across organisations, sectors and even families.”

She calls for stronger collaboration between government, private sector and educational institutions. “We need policies that encourage secure practices, businesses that invest in people and schools that teach practical digital skills.”