‘Cybersecurity Solutions Will Mitigate Organisational Threat’

Chief Executive Officer of Ethnos IT Security Solutions Limited, Mr. Peter Ejiofor, speaks about the company’s contributions to cybersecurity in the last ten years and why organisations must take cybersecurity seriously in order to mitigate threat. Emma Okonji presents the excerpts:

How will you describe the contributions of Ethnos IT Security Solutions in addressing security in the cyberspace and what has been your greatest moment as you celebrate ten years of operations as an IT Security solution provider?
As a company, we were designed to provide security solutions to organisations, businesses and others. As technology keeps evolving, we came to the knowledge that security is the backbone of technology. We cannot talk about technology advancement without thinking of how to secure our business assets and human-to-human engagements. We at Ethnos IT Solutions have grown with the growth of technology. Today, technology is looking at artificial intelligence (AI), machine learning, metaverse, digital transformation, holography and many others. We have grown with these new technologies and also improved in our capacity and skillset to support our customers as they consume these technologies. We have grown our market base and personnel. In terms of global technical engagements, we have grown also, and that is our journey in the last ten years of operations. Someone said if I survive five years it means we would be in business for long and thank God we have survived these five years and we are ten today. Ten years has been a good experience for us. We have our ups and downs but we keep evolving with technology.

Are you focused in B2B relationship or B2C relationship as it pertains to cybersecurity business?
Currently, we have a wealth of experience and we have changed our thinking and vision as a company. What we do now is to solve real problems for organisation and we are not limited in our thinking. We are not limited in any area of cybersecurity. Companies and organisations are on a journey as it pertains to business and we come in to solve problems for organisations in terms of security. We are no longer at this stage delivering products, but solving problems. For some customers, we evaluate them, some we train them and improve their cyber hygiene culture, some we deploy technologies to control their touchpoints, some we help on their regulatory compliance and certification journeys. We do firewall, application security, database security or perimeter security. So, we look at businesses and implement threat management and we have platforms that we can plugin your environment and help you control and detect threats from internet exposure to data base. We detect and remediate these threats. We also conduct threat hunting and keep checking on what hackers will look out for, and we detect it before the hackers strike. We specialise in solving problems for customers regardless of what they are doing.

What is penetration and vulnerability testing, and how do you carry out the procedures for companies?
Penetration and vulnerability tests are the first tests that we carry out to detect any unauthorised access into a system or network, and we always do that for customers before we implement anything. We first assess your threat and risk level, then we do what we call threat assessment, which is the first level that we take. Currently, we are conducting vulnerability and assessment testing for most of the stockbrokers as required by the Nigerian Exchange Limited (NGX).

What do you think about security breaches in Nigerian banking system?
There is a roadmap from Central Bank of Nigeria (CBN) to all banks on the levels of protection that should be in place. They have gone to define some framework that the banks must have, and they are also looking at mobile environment such as mobile applications. If the CBN defines a roadmap, then banks must follow them because they are developed from expert experience and advice. So, banks must follow these guidelines. I am not aware that the Nigerian government has enacted a law that compels every organisation to make their breaches public. This is what a responsible government must do. Banks are making huge efforts and investment to protect their data and that of their customers. I do sympathise with them because as they borrow new frameworks and technologies, they sometimes run into difficulties and no organisation is breach proof and I know that the banks and CBN are not sleeping either.

What about independent merchants and those deploying mobile apps?
As of the merchants, I don’t know how much regulatory frameworks are into this area. People are spinning out all kinds of mobile app, depending on what they are offering and these apps collate critical information from people and we do not know how they store and process it. We do not know the level of investment and I do not know how they do their source code analysis. We know how much source code analysis cost. The criticality of source code environment determines how strong the app is and criminals are now looking in that direction to launch attacks. So there is a need to regulate them because if the apps are vulnerable, the users will be in trouble.

What do you think about government and the public sector engagement in terms of cybersecurity and what can government do to protect public businesses?
In any business, you have to know that there is what is called ‘focus’. Our focus as a business is to offer solutions to private businesses, and it is easier and faster to deal with the organised private sector. Government isn’t an easy client to deal with; we do not want to be distracted while chasing or engaging with government. We know the political side of it and we are apolitical as a firm. If the government wants to engage us, we are open to consultancy but as per chasing government contracts, we are strictly focused on private sector. However, we are engaging with the National Information Technology Development Agency (NITDA), as well as the Data Protection Regulator Organisations that have been certified by NITDA. We want the lawmakers to make law on security of critical public infrastructure. There are couple of experts who are speaking to government in that regard and we believe that it will come out positive.

What must have necessitated the recent change of your corporate logo?
When we started as a company, we wanted to create an identity but as we have come of age, we tweaked our logo a bit to reflect whom we are as of today. The concept of the circle you find in our logo shows a network of our customers. If you look at it clearly, it is not broken, and what we meant here is that our customers are safeguarded and we are supplying the livewire they need to grow. We wanted that to reflect in our logo as a problem-solving organisation.

What has been your experience as a CEO of a technology solution firm in the last ten years?
As a Chief Executive Officer of my organisation and the leader of the team, I have learnt a lot of things. As a person, I have learnt to create a platform for people to thrive. We recently created an academy where people are recruited and made to know the rudiments of cybersecurity. We created a platform that will have skills available to the young ones and we trained them at no charges. We are building a platform of security experts. We are also a strong and bonded team and we encourage people to try and explore the evolving technology space. Opportunities abound in the technology market and we encourage people to take advantage of them. I also learnt that you just have to put in your best strategically and see where life takes you to. I enjoy what I do it is no longer like a work to me but a lifestyle. So my experience in the last ten years as CEO is a learning curve and it has been awesome.

How did you gain market acceptance during your early years as an indigenous technology firm?
Well, it is mindset, which has become cultural where Nigerians believe that foreign firms are better but we met some Nigerians who were of different opinion and they gave us a chance and here we are today. The industry has grown today; we were early birds that came to the industry when it was young and green. The security industry has grown so wide and today a lot of people have joined and the industry has grown large.

What sets us apart from others is that we do not only provide products but we provide services. We go to companies with questions like; what have you tried and failed? What are your plans for security? What fears do you nurse and what are your plans going forward? We help organisations answer these questions and even equip the people with skillset. We help organisations to optimize their products. These are few of the things that sets us apart. We appreciate those that gave us a chance during the early days. A good number of Nigerian companies died off due to the unacceptability of their products, because many business owners think that foreign firms are better. Some companies are built from scratch to survive and we are built to stay in business and provide the business environment for many others to thrive and grow.

What are your future expectations and that of Ethnos IT Security Solutions Limited?
Currently, we are running a platform that allows us to conduct detection and response. It is a managed service that is focused on threat hunting. We want to grow that platform and use it to provide cost effective security protection for many organisations. We want to expand our capacity and give people opportunity to express themselves and contribute to protecting national assets. Cyberspace is getting more dangerous everyday and with software everywhere, we have houses, watches, phones and a whole lot that is powered by software and because software is everywhere, it means that risk is everywhere. We want to stay relevant and ensure that these software applications are protected because they carry critical information from health, flight, defense, education, to financial, among others.

Related Articles