Security policy, human capacity hobble cybersecurity war

Cybersecurity experts have decried poor human capacity and pointed at the absence of national security policy as a major roadblock in the fight against cybercrime.

They also expressed worry over unyielding attitude of management board of organizations in approving information technology security budget as a proactive measure, rather than reactive measure.

Peter Obadare, chief operating officer, Digital Encode, said that major challenge organizations face in the fight against cybercrimal and cyber warfare is lack of trained manpower.

“I have been in cybersecurity ecosystem for many years now and have identified lack of trained manpower in most organizations. Cybersecurity is not a certificate that speaks for you, but a continuous training to be ahead of the smart criminals, most organisations find it difficult to continually update their IT security staff to be able to face cyber threats,” he said.

Rommy Okonkwo, country manager, Check Point Software Technologies, frowns at lack of National Security Policy in the country.“For security policy, somebody needs to take ownership and run with it. So that if you are the chief technology officer of an organisation and you know what the security act of your country says on losing critical data which could land you in jail or make you lose a job and so many other things, people will embrace these things. We see it happen in other jurisdictions- we see where managing director of a company steps out to publicly declare he is resigning while investigation continues. Until we get to that level in this country, we might not make the much advanced progress as we want to as organisations or government agencies,” he said.

According to him, “security is more virtual stuff that has to do with licences. So, some people have difficulty justifying the bases or why they need to invest huge amount of money. Some people tend to claim: ‘we have run this business for five to six years without anything happening. How come you wake up one morning and telling us we have to spend this XYZ amount of dollars to just put our house in order?”

“The chief technology officers (CTO) and chief information officers (CIOs) get stocked. It is a major problem. We have also had instances people walk up to us and say ‘we need help’. Help in what direction? Help us build justification.”

“Why do we need to make this investment? Truly, cost is an issue, but for people who do not know, you think you are actually saving money in your organisation by not implementing IT security and not having the right policies in place, but you are actually not in business, that is what is called total cost of ownership.

Ahmed Adesanya, IT Security and Connectivity consultant, added that National Information Technology Development Agency (NITDA) should come out with a framework that organizations must follow in order to secure their sensitive data which will also provide a coordinated approach to fighting cybercrime, especially, now that organizations have taken their businesses to the cloud.