Expert Links Cyber Security Breaches to AI, IoT Adoption

Austin Okere

By Emma Okonji

Worried about the increasing trends in cyber security breaches globally, where individuals and organisations with lots of data are hacked periodically, the Founder of CWG Plc and Entrepreneur in Residence at Columbia Business School (CBS), New York, Mr. Austin Okere, has attributed the trend to the fast adoption of evolving technologies among others.

Okere, listed the trends to include the adoption of Artificial Intelligence (AI); Internet of Things (IoT), with over 25 billion devices forecasted to be connected by 2025. Others are globalisation of cybercrime; cyber-security skills gap; increased skill levels of attackers; increased use of the public cloud; increasing reliance on technology and digitisation, among others.

Okere, while presenting a paper on ‘Cybersecurity And Risk Mitigation’ at a recent webinar, explained that the results of the polls at a recent cyber-security webinar that he facilitated, revealed that 54 per cent of respondents had been hacked, 31 per cent said their company had been hacked, 67 per cent considered people the weakest link in cyber-security.

Okere, therefore called on organisations to put in place, deliberate policies that will guide staff when connecting to enterprise servers through personal computers.

According to him, “Hiring the most accomplished Certified Information Systems Auditor (CISA), however, will not do very much good if there is not a deliberate policy of self-awareness of all staff, especially during this period where there is an explosion in people working from home and connecting to enterprise servers through personal systems that could more easily be compromised.

“Neither is buying the most expensive antivirus the magic wand. It is like having the best pizza toppings without the base bread. Or like having the best machine leaning algorithm without the Big Data that the system will use for pattern detections.”

He listed the impact that cyber-attacks could have on businesses to include: loss of funds, theft of intellectual property, serious disruption to business, damage to reputation, loss of customer trust, huge regulatory fines, litigation costs and possible bankruptcy.
“Risk mitigation against cybersecurity is most effective in its Dynamic Collaborative Form. Dynamic because it requires a shared body of Knowledge that is consistently updated and available to all parties.

“Risk mitigation cannot be a competitive strategy for any organisation. This notion could be quite illusory because the nature of cybercrime can be likened to an elephant, where people at the side may think it is a wall, people at the trunk may think it is a snake. People at the tail may think in it is a monkey, and people at the leg may think it is a tree trunk,” Okere said, adding that as in the case of the elephant, it is only when you have curated the complete and accurate picture through which the breach can manifest that you can effectively deal with it or contain it.

“This is why there is a need for constant collaboration and open and transparent reporting, similar to the way that the COVID-19 pandemic is being collectively monitored and reported globally,” Okere added.

Citing a scenario that cybercrime has now become so prevalent globally that there is hardly any organisation that is yet to be hacked, and Nigeria is no exception, Okere advised Nigerian government to set up a national Security Operations Center (SOC) and Threat Database, where all cybersecurity incidents are reported.

“The centre should also disseminate threats and analyse incidents to help others prevent similar infiltrations. Many firms, especially banks, think it will impact their brand if they disclose vulnerabilities and attacks.

“The under reporting or cover up of breaches portends a vicious cycle of repeated unanticipated hacks, because you are inadvertently empowering the hackers to cause more damage by not reporting and exposing them and their future hacking plans,” Okere said, while calling for collaboration among government agencies in order to contain cyber-attacks.