•Cybercrook
The country is said to be at severe risk of cyber attacks from all fronts as a result of the lack of appropriate legal and technical framework by the federal government, Mr. Lanre Ajayi, the immediate president the Association of Telecommunications Companies of Nigeria (ATCON) has said.
Ajayi made this submission yesterday against the backdrop of the alleged report of North Korean hackers subjecting Nigerian banks to attack for the purpose of raising money to fund its nuclear programmes.
Nigeria is listed among 18 countries where North Korean hackers have allegedly been attacking banks to get funds for sponsoring nuclear programme.
Cyber security firm Kaspersky disclosed this in a new report. The organisation said this could be regarded as the biggest bank heists in history.
The finding comes after more than a year-long investigation into the activity of Lazarus, a hacking group allegedly responsible for the theft of $81 million in US currency from the Central Bank of Bangladesh last year.
“This is all for their nuclear weapons and missile programs. They need this money for building and researching more ballistic missiles,” said Anthony Ruggiero, a senior fellow for Foundation for Defense of Democracies who specialises in North Korea.
The US has long been suspicious of the ties the Moscow-based company has to Russia but on the surface Kaspersky Lab is one of the world’s leading cybersecurity and antivirus firms.
The company’s report —presented last week at a cybersecurity conference in the Caribbean, claims it found evidence of the same hacking operation launching attacks on financial institutions in Costa Rica, Ethiopia, Gabon, India, Indonesia, Iraq, Kenya, Malaysia, Nigeria, Poland, Taiwan, Thailand, and Uruguay.
However, speaking in an interview with The Nation yesterday, the Acting Director of Communications at the Central Bank of Nigeria, Isaac Okoroafor refuted such claims, saying there is no reported incidence with any banks yet.
“I have not heard any incident of any attack on our banks. That’s all I have to say.”
The CBN, he insisted, has an existing cybersecurity policy. “l’m telling you we have a policy, we have procedures and processes that protect us from such attacks on all our IT system.”
On whether the fears over cyberattacks on banks are actually unfounded, he said the apex bank has what it takes to respond to such attacks.
“We’ve adequate security measures to detect such attacks on our banking system. But of course, these things keep evolving. Hackers are always working, nobody is safe. But to the best of my knowledge, we’ve the best cybersecurity process that is available anywhere in the world. We have those things to protect our system.”
But some stakeholders however said if CBN’s cybersecurity policy exists at all, it may be gathering dusts somewhere.
“There is nothing to suggest that the threat of cyber attacks is an imagination because there is a lot of hacking going around in the world so it would be very naïve to think that it’s an imagination. The only thing is that I’m not sure the hacking is taking place in just North Korea. I think hacking attempts can come from any part of the world and it’s real.”
He lamented that the country may not be fully prepared to fight the cybersecurity threat. “As a nation, I’m not sure we are really truly prepared for cyber attacks.”
He was however quick to admit that some individuals and organisations within the country, particularly the banks are aware of these threats and are taking the necessary precaution against such threats.
“The banks in Nigeria are serious entities and they know the implication of vulnerability to those attacks. I’m confident that the banks have put adequate measures in place to withstand the attacks,” he maintained.
Expatiating, he said: “The issue is not limited to legal framework. The people hacking are less bothered about legal framework. I think the most important thing is about technical framework, technical capability to withstand those attacks. The people doing it they are not bothered because they know they are not operating within the country. They are operating outside the jurisdiction of our land and laws so it doesn’t really bother them.”
What is important, he stressed, “Is to have technical capacity to be able to withstand those attacks. The attacks will always come. That’s the honest truth and there is nothing you can do about it. It will always come from various sources. Whether for an individual or corporate body, it will come and it’s coming and the target is not only Nigeria it’s targeted everywhere in the world. So the onus is on you to get ready to withstand the attack.”
Meanwhile, the Chief Security Officers (CSOs) of banks had last month asked the CBN to provide them with security framework that would blacklist cyber criminals in banks.
The CSOs’ resolve was presented by their leader, Mr Sam Okenye, at the end of a week-long conference on Nigerian Financial Sector Global Cyber Security held at Transcorp Hotel, Calabar.
Okenye said banks do not need to compete on security matters but rather collaborate in fighting cyber-crimes and carry out constant evaluation of their system.
According to him, the introduction of Bio-metric Verification Number (BVN) in the banking sector is an important tool to kick out fraud in banks.
He expressed the CSOs belief that whenever the CBN offered the expected framework, BVN would remain a major instrument for eliminating fraudsters from the banking system.
The CSOs agreed in principle that the CBN should implement the anti-cyber crime policy in the banking sector as a means of curbing the activities of internet fraudsters that use the banks to perpetrate their illicit activities.
