Joseph Tegbe is the Partner and Head of Technology Advisory and Markets at KPMG Nigeria. In this interview with Ugo Aliogo and Gloria Onoja, he spoke about cyber security, what should be done to address the challenges it poses and efforts by KPMG to push cyber security discussions to boardroom levels. Excerpts:
Tell us briefly about yourself and your professional background?
I am Joseph Tegbe. I’m a partner in KPMG. I lead the technological advisory practice. I also lead the market functions at KPMG in Nigeria. I have a background in Engineering and later I became a chartered accountant. I have intention of studying Law later. I started my career as a tax consultant then went on to become an auditor and then a management consultant. I have been a partner in KPMG for about 16 years and 28 years in my career in consulting. I lead a team of over a 100 people that basically focusses on technology advisory on one side. On the other side, I lead another team, which project focusses on branding of KPMG.
Sir, what is the relevance of cyber security to Nigeria?
People feel that since Nigeria is not fully developed compared with most developed countries; therefore, the issue of cyber security is not relevant. It is relevant and will continue to be relevant as technology development is on the upward swing. Statistics from the World Economic Forum, and Global Risk report, revealed that the world is now networked. Somebody can actually sit in North Korea and be able to hack into a system in Nigeria; this is an activity which is now on the increase. In the North Korea story, it was not on Nigeria alone, financial institutions were alleged as being used to fund their operations.
Organisations in Nigeria are facing cyber challenges risks, it will continue to be on the increase, and fraudulent transactions on online banking platform will continue to happen. We have seen instances of fraudulent transaction taking place. Therefore I think that the Nigerian business ecosystem is not insulated from challenges that are being faced by businesses across the globe. Whether we like it or not, internet connectivity will continue to evolve in Nigeria as long we remain a global world.
What is the level of risk and exposure of cyber-attack we have in Nigeria?
If I put the measurement on the level of high, medium and moderate across all industries, I will say that today it is moderate. Hacking is on the increase. Whether we like it or not, we will continue to network because it is efficient, safer and cost effective. The key issue is that the risk of moving from moderate to high without experiencing medium is the risk that we run. Adoption of technology in Nigeria is very high. Population is also a factor and Nigeria is an oil based economy so there is a lot of money moving around. The risk that we run is the possibility of us moving from a moderate to high risk without taking necessary security steps to address them. This is why we are trying to create awareness and getting our clients and organisations to put this at a board level issue for discussion and not a technological operational issue. Therefore such risk exists. Our biggest fear is that we do not want Nigeria to move from moderate to high risk without necessarily putting measures in place to address it; otherwise we will continue to leave in self-denial.
How do you intend to fight cyber fraud in Africa?
Everybody has a role to play in all these, even as a journalist you have to create awareness. Cyber fraud will be on the increase in Africa as we get more sophisticated. But it also rests solidly on the organisation, security agents and institutions. In Europe and America, they are building what is known as cyber army. Over there, they have realised that the cyber war is even more potent than the physical fight. At KPMG, we are helping clients also to create the awareness and to marshal their action plan to address some of those issues. We are helping clients to put together strategies and also help them to build resilience over time. The most important thing we intend to achieve in the next one year is how we can get organisations in Nigeria and Africa to push cyber security discussions from the level of technology operational perspective to a board level discussion and if we can do that it will address it. There are also regulatory provisions today. Regulators are playing their role, institutions will have to play their role and government agencies are playing their role, as consultants we have to play our role. Journalists have to play their roles.
With its relevance, why are Nigeria institutions not giving attention to cyber security?
Across the globe so many institutions have taken the issue of cyber security very seriously. Some organisations have been attacked; an example is the democratic National Congress (DNC) has taken it very seriously. President Donald Trump is fighting to ensure that cyber is a big issue. Most organisations feel that their presence is not being felt. Today, a lot of organisations have partial activities online and offline to safeguard themselves. But the truth is that beyond financial losses, there are reputational damages, which are brand damages to organisations, therefore we have to be very careful with these delicate issues. Some of the organisations have a lot of things offline that is why they have lackadaisical attitude. There is also the mindset amongst Nigerians which overtime we always succour to whatever that comes, therefore we want to take the back seat when it comes to risk management.
We want to raise a bar from the point of making people realise that this can actually be more perfect than you think. The Centre of Security and International Studies (CSIS) estimates that the cyber-crime cost the global economy $445 million in 2015. One industry that stays ahead of the watchers is crime. Therefore the hackers are always ahead. They come up with new innovations. These hackers are the same people who developed the real applications. They suddenly become rebellious and begin to dismantle and hack system. I think that mindset has to change as our economy and networking ecosystem grow so it doesn’t become a high risk environment.
What are the obstacles and challenges to building strong cyber security in Nigeria?
I think part of the challenges we have in building very robust cyber security ecosystem or framework is the complexity of building cyber security itself. It is a complex thing; you need to understand before you can address it. It is not something you say you have an attack and you want to do it in-house. It is not something you do once because the hackers will always be there. Also most of the system for most organisations, we have legal systems that are very flexible and that alone is a challenge. The biggest challenge is lack of awareness. People don’t have awareness on the impact of cyber risk on their business and they think they are not exposed. But little things add up. There is also lack of resources. In Nigeria we have about 90 million internet users, while we might have over 20 million android users. It might look small when compared to America. The bigger one from a government perspective is lack of resources. Here we consider if we have people with the right skillsets? But we continue to do it. The beauty of all these is that it is a global world. Ten, Fifteen years ago, most banks were using legacy systems, but today they are using proverbs systems.
How do we bridge the problem of knowledge gap amongst us today?
The IP shadowing is for people who do things on the surface. You can drill down and do your vulnerability assessment, and testing to know where it is coming from. No matter, where it is coming from, that vulnerability is there. There is lack of integrated and shared strategies. The second issue is about mix message on technology adoption. Some element of government doesn’t encourage it. There is a concerted effort by Nigeria Communications Commission (NCC) to encourage secondary school students and universities to adopt technology. You are aware of those programmes of linking optic fibres to tertiary institutions, and giving VISAT computers with solar panels to secondary schools. This is also part of the challenges we have in Nigeria today. The reason why they ban phone is not because they want technology adoption, it is just to avoid distraction. This applies even in work places. For me, I support an integrated concerted effort at technology adoption.
When the ICT plan was being developed under former Minister of Communication Technology, Omobola Johnson, I happened to be part of the support technology resources that were used and we recommended an adoption. In Nigeria, we have the issue of creating demand on technology, when there is no demand then no supply. Demand `has to be created in government area. We must encourage E-governance.
The biggest problem we have today in Nigeria is adoption of technology. It is not even private sector or the school, because the school is out of government. The major area where have adequate awareness creation is in the government area and demand has to be created in the government area. E governance is extremely important. Government has much role to play. I’m one of the advocates of Technical and Vocational Education in Nigeria. It is important that people get educated, so as to create demand for these things. Those who go to school, can go into vocational studies; then apply technology to their craft.