Technology
Navigating the Digital Age: Why Cybersecurity is Everyone’s Responsibility
By Abuh Ibrahim Sani
Introduction
As technology continues to evolve, the significance of cybersecurity cannot be underestimated. Cyber threats continue to increase daily, with hackers developing sophisticated tools to carry out heinous acts; individuals and corporate bodies must arm themselves with the basic knowledge and tools to navigate the digital landscape safely.
The challenge of Internet security has grown significantly. Nearly everything we use, see, or come into contact with is online, including wearable technology, home appliances, cell phones, and even partially driverless cars. Businesses, governments, and other institutions may access trade secrets, medical information, and financial data remotely thanks to the Internet. This is the paradox of connectivity; the more interconnected our computer systems are, the more vulnerable they are to data theft, malware, operational disruption, and even outright physical harm to network and hardware infrastructure.
Despite the efforts of industries, corporate bodies and government to protect cyberspace, there is a greater threat which stands as the worst part of threats – the human factor and psychology. No matter the number of security devices like firewalls, intrusion detections, and intrusion prevention tools put in place by organizations can guarantee sufficient security without addressing the human element and its impact on security. The failure to consider human psychological means there is no security. There is a need for education, training, and awareness that cybersecurity is everyone’s business not the sole responsibility of IT professionals or cyber experts. It is a collective effort to protect cyberspace, data and network infrastructure. There is so much ignorance on the issue regarding cybersecurity that needs to be addressed. The absence of basic cybersecurity knowledge makes small and medium enterprises vulnerable to attacks, allowing attackers to steal from people and their assets. There should be a rigorous campaign in public gatherings such as schools, parks, etc. An effective cyberattack against one person frequently leads to a cyberattack against an organisation. Additionally, if they are not trained to recognise the telltale signs of a cyberattack, they may unintentionally allow an attacker in by the front door or rear door.
Cybersecurity is a crucial issue in the digital age, yet its complexities can be intimidating for everyday users. This paper aims to bridge that gap by offering a clear and practical approach to cybersecurity education.
One of the main concerns in safeguarding a country’s cyber sovereignty from hostile activity is through education and awareness. This demonstrates how crucial cybersecurity education is to foster the development of a robust cybersecurity ecosystem promote cyber sovereignty create safe digital and IT infrastructure and services, protect against advanced cyberattacks, and raise people’s knowledge and maturity in cybersecurity.
Global authorities and people alike are increasingly concerned about cybersecurity resilience, especially as people’s awareness of their privacy is growing. Therefore, we assume that educating people about cybersecurity is essential to building a society and businesses that are resilient and secure online.
Understanding Cybersecurity Basic
In a modern world dominated by technology, the term “Cybersecurity” has become important in ensuring the integrity, confidentiality and availability of digital information. Cybersecurity can be described as the practice of protecting computer systems, networks, and data from theft, damage, or unauthorized access. It involves developing mechanisms and strategies to defend against a diverse array of cyber threats. In the field of cybersecurity, the biggest threat often lies not in technology, but in the human element. Despite improvements in digital security measures, social engineering attacks continue to exploit the most vulnerable part of any security system; the people who use it. These attacks underscore a significant challenge, as they involve persuading individuals to give out sensitive information or take actions that put security at risk. Cybercriminals are using more and more advanced methods, such as psychological manipulation, to get around technical defences. This study seeks to shed light on the strategies employed in social engineering attacks and highlight the significant impact of human elements in cybersecurity. By identifying and resolving these weaknesses, we can enhance the security of sensitive data and improve overall safety measures. Emphasizing human factors is not just a component of cybersecurity, but it is the key to a strong security plan.
Why Cybersecurity Matters, Even for everyday users?
Cybersecurity might seem like a concern reserved for IT professionals, but that’s not the case. In our increasingly connected world, where our personal and professional lives rely heavily on digital tools, cybersecurity is crucial for everyone.
We entrust a vast amount of sensitive information to online platforms, from financial records ,medical record to personal details. Unfortunately, some of these platforms don’t always have adequate security measures in place. This leaves our information vulnerable to theft and misuse. Every online interaction contributes to building our digital identity. Cybersecurity helps safeguard our privacy by protecting our accounts from unauthorized access and threats. It prevents identity theft and ensures the confidentiality of our information .
In July 2016, The DNC email leak is a prime illustration of how social engineering can result in a significant security breach. Hackers were able to access the DNC’s email system by carrying out a phishing attack. A legitimate Google security team sent an email to DNC staff members, asking them to reset their passwords. When staff clicked the link and entered their login information, they unknowingly gave hackers access to their email accounts. This incident revealed important political communications and caused significant consequences. Social engineering and the significance of securing account recovery protocols, staff training and awareness.
Economic Implications of Cyber Theft
Individuals, businesses and industries are prime targets of cyber threats. For startups and multinational companies, the consequences of cyber-attacks and theft can be devasting and significant, leading to financial losses, reputational damage, and even bankruptcy in some terrible cases.
In 2021, Facebook suffered a data breach that leaked users’ information. The breach emerged that a total of 533 million users’ personal information was compromised. The attack cost Facebook a total cost of $3.7 billion. And also, In 2017, Equifax suffered a data breach due to poor cybersecurity handling and management. The breach resulted in approximately 143 million American customers losing their personal information such as social security number, date of birth, driver’s license, addresses and other sensitive information. The company pays compensation to the tune of $ 1.3 billion as a consequence of the data breach. These losses are due to poor measures or negligence by the company which affected individuals. These examples highlight the impact of human error in cyber-attack.
A lack of knowledge and awareness of the importance of cybersecurity has led to many losses. There is an urgent need for an aggressive campaign to educate the masses on how cyber theft can harm their lives and businesses. Business loss and data theft are on the increase daily due to ineffective policy, protection and awareness among the people, resulting in economic loss.
A shared Responsibility
Contrary to the perception and belief of the populace that cybersecurity is a thing of IT professionals, in a real sense, cybersecurity is everyone’s responsibility. Responsibilities that require the active participation of every individual who interacts in the digital world and outside the platform. Anyone can be a victim of cybercriminals, either online or offline. Every person has a role to play to have a safe cyberspace . These roles range from using a strong password for an online application or platform to knowing who you share information with and what information you share with people. Individuals and corporate bodies are responsible for securing credit cards, debit cards, and other sensitive information. Being vigilant would protect everyone and loved ones from social engineering, phishing and other forms of hackers’ tricks of obtaining information. Phishers do not use advanced technologies; instead, they take advantage of human nature to commit hacking. There is a dearth of knowledge on which ring in the information security chain is first compromised, even though people are more to blame for the chain’s fragility than technology. Research has shown that certain personality traits increase a person’s susceptibility to different types of lures.
To back up the point why cybersecurity is a shared responsibility. In 2021, a Colonial Pipeline Ransome attack resulted in a shortage of fuel across the southeastern United States. The attacker exploited a compromised password to gain access to the company network. This breach demonstrated how a weak password can lead to widespread disruptions. Also in 2020, a Zoom security incident occurred during covid-19 pandemic when a user failed to secure the meeting with a password or used public links which allowed uninvited participants to disrupt the meetings. Individuals need to comprehend and make use of security options offered by platforms, like implementing passwords for meetings and utilizing waiting areas . This scenario shows that cybersecurity is more than just technical solutions; it also involves user behaviour and awareness. Security cannot be achieved by simply installing a robust security system. Ignoring the human factor and failing to raise awareness will lead to security breaches.
Social Engineering (Exploiting Human Psychology)
Social Engineering is an act of obtaining sensitive information from victims through pretence. An attacker could come as a legitimate person and obtain information without the victims verifying their identity before releasing information. Social Engineering is increasing, according to statistics due to technological advancement and attractiveness in the world. Many have fallen for social engineering attacks, and many will still be victims. There is a need for a holistic approach by government and policymakers to develop strategies on how to educate and create awareness for the masses to be aware of whom they share information with and what to share. A zero-base trust mindset should be encouraged. An organization needs to do more to train employees, both recruits and old staff, to be aware of hackers’ tricks. Hackers can pretend to be staff members of a company and come in the way of helping an employee in distress, but in a real sense, it’s an act to obtain valuable information from the staff. Hackers’ tricks involve playing with human thinking and behaviours, the act of deceiving and convincing to get sensitive information about individuals or organizations.
Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. Unlike other cyber threats that depend on the use of software and online platforms and loopholes in the system, social engineering targets human elements, exploiting their weaknesses and the natural tendency to trust. This can be done offline without the use of any software. It is just a matter of technique and tactics. It is called “Master the Art”.
In July 2020, Twitter experienced a significant breach in which numerous prominent accounts were taken over to endorse a Bitcoin scam. The attackers employed phone spear phishing to deceive Twitter employees into giving access to internal tools. They pretended to be IT department staff and persuaded employees to disclose their credentials during phone calls. Upon gaining entry, the intruders seized verified accounts of significant individuals and businesses, sharing messages requesting Bitcoin from followers with a pledge to double their investment. This event demonstrates how social engineering can be used to target insiders to access important systems. Social engineering attacks can be carried out in different format such phishing, shoulder surfing, malware, phone, social media chat, ransomware, malware, eavesdropping. These are easy because of human error and behaviour toward their information security.
Information security is everyone’s business, it’s your primary responsibility to protect your data from being compromised and stolen. Hackers are aware that human beings are the easier target so they leverage the emotional state, negligence, carelessness, and ignorance to steal information. Many are victims of social engineering and many will still fall because people tend to forget the basic principles of security. It’s human nature, however, all hope is not lost if you take precautionary measures to protect yourself and your organization. Companies with sophisticated security appliances have been hacked due to human error. Protect your password like your life, no one should have access to your password even if the person is the IT of your company. Remember, the protection of your information is your responsibility. No security measure can prevent your data from being stolen if you give free access to the attacker. In simple interpretation, if you leave your door open without locking it, you will know what the outcome would be.
Technology
NITDA urges users of LiteSpeed Cache plugin for WordPress to update
The National Information Technology Development Agency (NITDA) has called on users of the LiteSpeed Cache plugin for WordPress, to update to the latest version, (6.4.1), to prevent their websites from being attacked.
Mrs Hadiza Umar, Director, Corporate Affairs and External Relations at NITDA, said this in a statement in Abuja on Monday.
LiteSpeed Cache for WordPress (LSCWP) is an all-in-one site acceleration plugin, featuring an exclusive server-level cache and a collection of optimisation features.
Umar said that a critical security vulnerability (CVE-2024-28000) had been discovered in the LSCWP, affecting over five million websites.
“This vulnerability allows attackers to take complete control of a website without requiring any authentication.
“The vulnerability is due to a flaw in the plugin’s role simulation feature and if exploited, an attacker can manipulate this flaw to gain administrative access to the website.
“This could lead to the installation of malicious plugins, theft of data, or even redirection of site visitors to harmful websites.
“Website administrators using the LiteSpeed Cache plugin are strongly advised to update to the latest version (6.4.1) immediately,” she said.
She noted that the simplicity of the attack vector, combined with a weak hash function, made it easy for attackers to exploit this vulnerability by guessing via brute-forcing or exploiting exposed debug logs.
According to her, to check for updates, log in to your WordPress dashboard and navigate to the Plugins section, where you can update the LiteSpeed Cache plugin.
“As a precautionary measure, administrators should ensure that debugging is disabled on live websites and regularly audit their plugin settings to prevent vulnerabilities from being exploited,” Umar said.
Technology
NITDA DG Showcases Nigeria’s Digital Transformation at 79th UN General Assembly
The Director General of the National Information Technology Development Agency (NITDA), Kashifu Inuwa Abdullahi CCIE, made significant contributions to discussions on Africa’s digital transformation at the 79th session of the United Nations General Assembly (UNGA 79) in New York.
Participating in a series of high-profile events, the DG emphasized Nigeria’s efforts in digital transformation, cybersecurity, and public-private partnerships.
At a panel titled “Digital Transformation in Africa: Jumping Ten Years in One,” hosted by the Consulate of Denmark in New York, the UNDP, and cBrain, Abdullahi highlighted how government-led initiatives, private-sector collaboration, and digital technologies can drive Africa’s future growth.
He shared insights from NITDA’s own digital initiatives, offering valuable lessons for other African nations in their pursuit of sustainable digital growth. The panel underscored Africa’s role as the next global workforce frontier.
Also, during the “Summit of the Future” held at the UN headquarters, the DG participated in a session focused on “The Power of the Commons: Digital Public Goods for a More Secure, Inclusive, and Resilient World.”
The panel explored the importance of Digital Public Goods (DPGs) and Digital Public Infrastructure (DPI) in social and economic development. The NITDA boss emphasized the crucial role of academia in advancing digital commons and stressed the significance of safeguarding digital infrastructure for global security.
In a bilateral meeting with Doreen Bogdan-Martin, Secretary-General of the International Telecommunication Union (ITU), Abdullahi also discussed strategic collaboration in capacity building, cybersecurity, and digital transformation. He highlighted NITDA’s efforts to align with ITU’s goals in fostering Nigeria’s IT development, highlighting the importance of international cooperation in achieving mutual digital growth objectives.
On the sidelines of the assembly, the NITDA DG met with Cisco Vice President Fran Katsoudas to review the progress of the Cisco Country Digital Acceleration (CDA) programme. The CDA programme is a key initiative in Nigeria’s digital transformation, aiming to stimulate economic growth and promote innovation. The DG also explored potential collaborations in enhancing cybersecurity to support Nigeria’s long-term development goals under President Bola Ahmed Tinubu’s Renewed Hope Agenda.
Additionally, the NITDA boss was a key participant in the launch of the Universal Digital Public Infrastructure (DPI) Safeguards Framework. This new framework offers guidelines for the design and implementation of DPI, prioritising public interest and promoting safe, inclusive, and interoperable digital infrastructure. He shared Nigeria’s experience in building a resilient and secure DPI, reinforcing the nation’s commitment to leveraging technology for sustainable development.
Through these engagements, the NITDA DG showcased Nigeria’s leadership in digital transformation, positioning the country as a key player in Africa’s digital future.
Technology
Data Protection and People’s Rights Under Nigeria’s Data Protection Regulations (NDPR): Know Your Rights
Data Protection and People’s Rights Under Nigeria’s Data Protection Regulations (NDPR): Know Your Rights
In a time where private information is more and more important and at risk of being exploited, safeguarding people’s privacy is now a significant priority. The implementation of the Nigeria Data Protection Regulation (NDPR) in 2019 in Nigeria is a major move in protecting citizens’ personal information and ensuring organizations follow legal and ethical guidelines when handling data. As the number of Nigerians participating in digital activities like online banking, e-commerce, and social media increases, the NDPR is fundamental in influencing the collection, processing, and protection of data. This article examines the main provisions of the NDPR, the privileges it provides to people, and its influence on companies and the digital environment in Nigeria.
What Is NDPR?
The National Information Technology Development Agency (NITDA) introduced the Nigeria Data Protection Regulation (NDPR) in January 2019. The NDPR was created to tackle the increasing concerns about personal data misuse in both private and public sectors. It is in line with worldwide data protection trends, like the European Union’s General Data Protection Regulation (GDPR), while also meeting the unique requirements of Nigeria’s digital environment.
The goal of the regulation is to safeguard Nigerian citizens’ data from unauthorized access, exposure, or exploitation. It includes a range of industries like finance, telecom, education, health, and online shopping, which commonly involve gathering and handling personal data.
Key Provisions of the NDPR
The NDPR outlines specific guidelines on how organizations should handle personal data. Some of the provision as outlines in NDPR guidelines are:
Data Collection and Consent: Organizations must obtain explicit consent from individuals before collecting their personal data. This ensures that data subjects are fully aware of what information is being collected, the purpose of its collection, and how it will be used.
Data Processing: The regulation mandates that personal data should only be processed for legitimate and specified purposes. Organizations must ensure that the data is accurate and kept up to date. Processing personal data for purposes other than those originally specified is not permitted without further consent from the individual.
Data Security: One of the core elements of the NDPR is the requirement for organizations to implement adequate security measures to protect personal data. This includes safeguarding data from unauthorized access, data breaches, or any form of manipulation.
Third-Party Sharing: If personal data is to be shared with third parties, the organization must inform the data subject and obtain their consent. The third party must also adhere to the same level of data protection as stipulated by the NDPR.
Data Breach Notifications: In the event of a data breach, organizations are required to notify the affected individuals and NITDA within a specified period. This provision ensures that individuals can take action to mitigate the effects of a breach.
People’s Rights Under The NDPR
The acknowledgement of people’s rights regarding their personal data is a key aspect of the NDPR. The rule gives Nigerians various rights to manage how their data is treated. Some of the right are:
- Right to be Informed: Individuals have the right to be informed about the collection and use of their personal data. Organizations are required to provide transparent information on the types of data collected, the purpose of the collection, and how long the data will be retained.
- Right to Access: Data subjects have the right to request access to their personal data held by an organization. This means they can inquire about the specific data collected, the reasons for its collection, and whether it has been shared with third parties.
- Right to Rectification: If an individual’s personal data is inaccurate or incomplete, they have the right to request that the organization correct or update the information.
- Right to Erasure (Right to be Forgotten): Under certain circumstances, individuals can request that their personal data be deleted. This is particularly relevant if the data is no longer necessary for the purpose it was originally collected or if the individual withdraws their consent for its processing.
- Right to Data Portability: This allows individuals to obtain and reuse their personal data across different services. They have the right to request that their data be transferred from one service provider to another in a commonly used, machine-readable format.
- Right to Object: Individuals have the right to object to the processing of their personal data in cases where the processing is based on legitimate interests or public tasks, direct marketing, or scientific/historical research.
Rights Of Individuals In Cases Of Data Misuse, Breaches, Or Use Without Consent
The NDPR grants the data subject particular rights and solutions if their data is mismanaged, disclosed, or utilized without authorization. These rights give individuals the ability to find a solution and shield themselves from additional damage. Some important rights in such situations include:
- Right to lodge a complaint:
According to Section 3.1.1(e) of the NDPR, individuals have the option to file a complaint with NITDA or other authorized regulatory entities if they suspect their data has been mishandled, processed illegally, or exposed. This privilege allows people to seek legal recourse in cases of mishandling of their information by a company.
- Right to Compensation
The NDPR acknowledges the entitlement to receive compensation for harm caused by data breaches or unauthorized data handling. Individuals can request compensation from the data controller under section 2.10 of the NDPR if they can prove that their data rights violation resulted in harm. This clause guarantees that individuals affected by data breaches can receive compensation for any financial losses, emotional distress, or harm to their reputation.
- Right to withdraw consent
Individuals can revoke their consent for the processing of their personal data whenever they choose. As per Section 2.8 of the NDPR, organizations must respect these requests and stop processing the individual’s data unless there are strong legitimate reasons for the processing. This right is important when data is utilized without permission, enabling individuals to take back control of their personal information.
- Right to Data Erasure
If personal data is breached or used without authorization, individuals have the right to request erasure. According to Section 3.1.2(f) of the NDPR, individuals have the right to ask for the deletion of their personal data if it has been used without permission or if the reason for collecting the data is no longer valid. This right, sometimes referred to as the “right to be forgotten,” guarantees that unauthorized data use is stopped and eliminated from any future handling.
- Right to Restriction of Processing
If someone believes their data has been mishandled or misused, they can ask for processing restrictions under Section 2.10.2. This right enables people to halt additional data processing during ongoing investigations. It serves as a protection, making sure no additional damage occurs during the resolution of the problem.
Benefits To Individuals
When individuals’ rights are breached under the NDPR, they are eligible for certain benefits.
- Reclaiming Privacy: Through exercising the right to be forgotten or limiting additional data processing, individuals can take back authority over their personal information and reduce the consequences of its unauthorized exploitation.
- Financial Compensation: If individuals experience financial loss or emotional distress due to a data breach or misuse, they have the right to request financial compensation from the organization at fault. This serves as a deterrent for careless data handlers and compensates for the damages they cause.
- Legal Remedy: By utilizing the NDPR’s complaint procedures and regulatory supervision, people have the opportunity to take legal measures or regulatory actions to hold those responsible for data misuse or breaches accountable.
- Public Trust: The NDPR’s protections promote trust in the digital world, inspiring people to engage in online activities knowing their data rights are secure.
Compliance Requirements For Organizations
In order to comply with the NDPR, organizations must meet various obligations related to compliance. Some of these items are:
- Appointment of Data Protection Officers (DPOs): Organizations that process a large volume of personal data must appoint a DPO to oversee compliance with the NDPR and ensure the organization’s data practices are in line with the regulation.
- Annual Data Protection Audit: Organizations are required to conduct annual data protection audits and submit the reports to NITDA. This process helps organizations identify potential risks and ensure that they are taking the necessary steps to protect personal data.
- Fines for Non-Compliance: Failure to comply with the NDPR can result in significant penalties, including fines of up to 10 million Naira or 2% of an organization’s annual revenue, depending on the nature and severity of the breach.
Challenges and Gaps in NDPR Implementation
Even though the NDPR has created a strong foundation for safeguarding data in Nigeria, there are still obstacles in its execution. An important obstacle is the lack of public awareness and law enforcement. A large number of Nigerian citizens are still not completely informed about their data rights or the responsibilities that organizations have under the NDPR. Raising public education and awareness is essential in order to give citizens the power to safeguard their privacy.
Another difficulty that must be addressed is ensuring compliance. While NITDA has made progress in encouraging adherence, there are doubts about the agency’s ability to ensure proper enforcement of regulations, especially with major international companies, government agencies and smaller domestic enterprises.
Conclusions
The NDPR in Nigeria sets up rules for data protection and gives individuals rights to safeguard their personal information. The regulation offers various solutions, such as compensation and erasure rights, in situations where there is data misuse, breaches, or unauthorized processing. These safeguards are essential for establishing confidence in Nigeria’s fast-developing digital economy and guaranteeing the preservation of privacy in the era of digital technology. As the public becomes more aware of their data rights and enforcement becomes more rigorous, the NDPR will remain vital in influencing Nigeria’s digital future.
Written By Ibrahim Abuh Sani, Co-Founder, Eybrids.
-
Business3 years ago
Facebook, Instagram Temporarily Allow Posts on Ukraine War Calling for Violence Against Invading Russians or Putin’s Death
-
Headlines3 years ago
Nigeria, Other West African Countries Facing Worst Food Crisis in 10 Years, Aid Groups Say
-
Foreign2 years ago
New York Consulate installs machines for 10-year passport
-
Technology3 weeks ago
Zero Trust Architecture in a Remote World: Securing the New Normal
-
Entertainment2 years ago
Phyna emerges winner of Big Brother Naija Season 7
-
Business6 months ago
We generated N30.2 bn revenue in three months – Kano NCS Comptroller
-
Business4 months ago
Nigeria Customs modernisation project to check extortion of traders
-
Headlines4 months ago
Philippines’ Vice President Sara Duterte resigns from Cabinet