Welcome to the Private & Property Law Department Blog

Supreme Court Complex,

3 Arms Zone, Central Business District, Abuja

8:00 AM - 4:00 PM

Monday to Friday

BRIEF OVERVIEW OF CYBERSECURITY IN NIGERIA

BRIEF OVERVIEW OF CYBERSECURITY IN NIGERIA

Bella Joshua is a research fellow at Nigerian Institute of Advanced Legal Studies. Her research interest are in International Law and Sports Law.
EMAIL ADDRESS: joshua_bella@yahoo.com.

INTRODUCTION: The term “cybersecurity”, like many other contemporary concepts, lacks defining precision and scope. It was used in the early part of the 21st century interchangeably with “IT security” and “computer security”. The term was however popularized by former US president, Barrack Obama in 2009. Notwithstanding the definitional inexactitude and indeterminacy, this article will adopt as a working definition the definition provided by the United States National Security Awareness System which defines “cyber security” as “the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information”. This definition would include protection against ransomware, spyware, privacy breaches, and all conceivable abuses of the cyberspace.

ELEMENTS OF CYBER SECURITY: There are six major elements of cyber security. These are: 

  1. Application security-This is the first step in cybersecurity. It means that developers of software, applications, and other internet-based product owe the end-users a duty of care to install security measures to protect such products against threats and vulnerabilities. 
  2. Information Security-This element refers to the process and methodology to preventing unauthorized access, use, disclosure, disruption, modification, or destruction of information. The information could be personal details, contacts, and online activities history. Information security comprises three key principles commonly called “CIA” (meaning confidentiality, integrity, and availability. The CIA principle means that data subjects are protected from unauthorized access to their data by third parties. They are also assured of the consistency, accuracy, and completeness of information placed at their disposal by service providers and that their data and other information are available for authorized use. In other words, they are protected from denial of service attacks (DoS) by cybercriminals.
  3. Network Security-This consists of programs and configurations that prevent unauthorized access, misuse, and modification of a computer network. It could take the form  of anti-virus software, firewalls, or virtual private network (VPN)
  4. Disaster Recovery Planning (DRP) – This is a business continuity plan in the event of a cyber-attack of data loss.  This includes off-site backup systems, budgetary provision, and emergency hardware.
  5. Operational Security (OPSEC)-OPSEC involves the identification of threats and vulnerabilities and developing counter measures and security plans.
  6. End-User Education-This is considered the most essential element of cyber security because end users are becoming the biggest threat targets by attackers. The major sources of vulnerability of end-users are social media use, text messaging, apps download, email use, and password creation and usage. Thus, it is imperative for organizations to provide cyber security awareness programmes for their end-users.

THE CYBER SECURITY STATUS OF NIGERIA: Nigeria is a principal hub of cyber security attacks in Africa. According to Kaspersky, Nigeria experienced about 16.7 million cyber attacks in six months in 2021 amounting to a 20% increase. These attacks include business email compromise, identity theft, and hacking. In addition to this staggering data, the Guardian newspaper of 10 July, 2020 relying on the State of Cloud Security report 2020, reported that More than eight in every 10 organisations from Nigeria are currently experiencing cyber security breaches, especially in public cloud. Besides, the affected firms are also battling ransom ware put at 34 per cent; other malware, 43 per cent; exposed data, 57 per cent; compromised accounts, 46 per cent and crypto jacking, 26 per cent.”

This sobering statistic shows how endemic cyber security breaches are in Nigeria. The Nigerian government has over the years taken steps to stem the spate of cyber security breaches. Apart from regular law enforcement agencies like the police and the Economic and Financial Crimes Commission (EFCC) chasing cyber criminals across the country on the basis of the regular anti-fraud laws, the Federal Government has taken dedicated measures to contain the challenge of cyber attacks. The flagship legislation in this regard is the Cybercrime (Prohibition, Prevention, Etc) Act, 2015 which among other things, criminalizes such activities as computer related forgery and fraud, unauthorized modification of computer systems, network data and system interference, Fraudulent issuance of e-instructions among several other increasingly common-place cybercrimes and security breaches.

Apart from the above legislation, Nigeria has created a dedicated agency to ensure cyber security in the country i.e. The National Information Technology Development Agency (NITDA) which is saddled with primary responsibility of data protection and cyber security in furtherance of the digital economy policy of the country. With respect to cyber security has developed information technology policy for the country and issued guidelines for data protection and cyber security for Nigeria. These include the Nigeria Data Protection Regulation (2019); Guidelines for the Management of Personal Data by Public Institutions in Nigeria (2020); Framework and Guidelines for Public Internet Access, etc.

Apart from its regulatory duties, NITDA is also involved in the administration of sanctions for established cyber security breaches. For example, in recent times loan shark have abused the personal data and information of their debtors by informing their contacts of alleged indebtedness. NITDA rightly views this practice as a breach of data security and apportioned sanctions to the defaulting creditor. One loans company had to cough up N10 million in fines for data breaches.

RECOMMENDATION

Cyber-attacks are technical phenomena and extremely dynamic. New trends are evolving rapidly. Thus the laws to combat them must be flexible enough to meet new challenges. In Nigeria for example, the NITDA should be given wide powers of delegated legislation to make new regulations to address emerging cyber threats. For example NITDA should upgrade its regulations to reflect the 2021 CISCO Security Study . Furthermore, while the NITDA guidelines on provision of data law to enforcement agents is acceptable, the access to and use of such data should be subject judicial supervision and review abuse in order to curb abuses. Finally, cybersecurity is the responsibility of all stakeholders including end users. Therefore efforts should intensified on public awareness on the imperative and nuances of cyber security. 

[1] Schatz, Daniel; Bashroush, Rabih; and Wall, Julie (2017) “Towards a More Representative Definition of Cyber Security,” Journal of Digital Forensics, Security and Law: Vol. 12: No. 2 , Article 8. <https://commons.erau.edu> accessed 24 October, 2021
[1] Ibid.
[1] National Security and Awareness System, “What is cybersecurity?” <https://us-cert.cisa.gov/ncas/tips/ST04-001> accessed 24 October, 2021
[1] Touhid, (2021), “Six Key Elements of Cybersecurity” <https://cyberthreatportal.com/elements-of-cybersecurity/> accessed 24 October 2021
[1]Juliet Umeh, “Cybersecurity: Nigeria, two others suffer 85m attacks in 6 months” The Vanguard, <https://www.vanguardngr.com/2021/08/cybersecurity-nigeria-two-others-suffer-85m-attacks-in-6-months/> accessed 25 October 2021
[1] Sections 13 and 14
[1] Section 16
[1] Section 20
[1] NITDA website, “From the Director General’s Desk” <www. https://nitda.gov.ng/> accessed 25 October, 2021
[1] NITDA website “Cybersecurity” < https://nitda.gov.ng/department/cyber-security/> accessed 25 October 2021
[1] See NITDA website, “NITDA Sanctions Sokoloan For Privacy Invasion” < https://nitda.gov.ng/nitda-sanctions-soko-loan-for-privacy-invasion/> accessed 25 October 2021
[1] See CISCO website, “Security Outcomes Study- A Roadmap for Success”< https://umbrella.cisco.com> accessed 25 October 2021

Share:

Add your Comment