3 Arms Zone, Central Business District, Abuja
Monday to Friday
INTRODUCTION: The term “cybersecurity”, like many other contemporary concepts, lacks defining precision and scope. It was used in the early part of the 21st century interchangeably with “IT security” and “computer security”. The term was however popularized by former US president, Barrack Obama in 2009. Notwithstanding the definitional inexactitude and indeterminacy, this article will adopt as a working definition the definition provided by the United States National Security Awareness System which defines “cyber security” as “the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information”. This definition would include protection against ransomware, spyware, privacy breaches, and all conceivable abuses of the cyberspace.
ELEMENTS OF CYBER SECURITY: There are six major elements of cyber security. These are:
THE CYBER SECURITY STATUS OF NIGERIA: Nigeria is a principal hub of cyber security attacks in Africa. According to Kaspersky, Nigeria experienced about 16.7 million cyber attacks in six months in 2021 amounting to a 20% increase. These attacks include business email compromise, identity theft, and hacking. In addition to this staggering data, the Guardian newspaper of 10 July, 2020 relying on the State of Cloud Security report 2020, reported that “More than eight in every 10 organisations from Nigeria are currently experiencing cyber security breaches, especially in public cloud. Besides, the affected firms are also battling ransom ware put at 34 per cent; other malware, 43 per cent; exposed data, 57 per cent; compromised accounts, 46 per cent and crypto jacking, 26 per cent.”
This sobering statistic shows how endemic cyber security breaches are in Nigeria. The Nigerian government has over the years taken steps to stem the spate of cyber security breaches. Apart from regular law enforcement agencies like the police and the Economic and Financial Crimes Commission (EFCC) chasing cyber criminals across the country on the basis of the regular anti-fraud laws, the Federal Government has taken dedicated measures to contain the challenge of cyber attacks. The flagship legislation in this regard is the Cybercrime (Prohibition, Prevention, Etc) Act, 2015 which among other things, criminalizes such activities as computer related forgery and fraud, unauthorized modification of computer systems, network data and system interference, Fraudulent issuance of e-instructions among several other increasingly common-place cybercrimes and security breaches.
Apart from the above legislation, Nigeria has created a dedicated agency to ensure cyber security in the country i.e. The National Information Technology Development Agency (NITDA) which is saddled with primary responsibility of data protection and cyber security in furtherance of the digital economy policy of the country. With respect to cyber security has developed information technology policy for the country and issued guidelines for data protection and cyber security for Nigeria. These include the Nigeria Data Protection Regulation (2019); Guidelines for the Management of Personal Data by Public Institutions in Nigeria (2020); Framework and Guidelines for Public Internet Access, etc.
Apart from its regulatory duties, NITDA is also involved in the administration of sanctions for established cyber security breaches. For example, in recent times loan shark have abused the personal data and information of their debtors by informing their contacts of alleged indebtedness. NITDA rightly views this practice as a breach of data security and apportioned sanctions to the defaulting creditor. One loans company had to cough up N10 million in fines for data breaches.
RECOMMENDATION:
Cyber-attacks are technical phenomena and extremely dynamic. New trends are evolving rapidly. Thus the laws to combat them must be flexible enough to meet new challenges. In Nigeria for example, the NITDA should be given wide powers of delegated legislation to make new regulations to address emerging cyber threats. For example NITDA should upgrade its regulations to reflect the 2021 CISCO Security Study . Furthermore, while the NITDA guidelines on provision of data law to enforcement agents is acceptable, the access to and use of such data should be subject judicial supervision and review abuse in order to curb abuses. Finally, cybersecurity is the responsibility of all stakeholders including end users. Therefore efforts should intensified on public awareness on the imperative and nuances of cyber security.
Sokoajin Madey Aileku