Cybersecurity in Nigeria

I just learned that Windows XP is still in use in Nigeria and that Federal employees can format hard drives and replace the licensed OS with pirated copies.

Microsoft has stopped supporting Windows XP since April 8th, 2014. Meaning there will be no more security updates and technical support. The Nigerian Government needs to learn from what is going on around the world. Imagine if the #WannaCry attack that happened yesterday was targeted towards Nigeria. Nigeria would be crippled.

Nigeria needs an agency or unit dedicated to Nigeria’s Cybersecurity Governance. Every sane country in the world has one, why can’t we do the same. Why can’t we be proactive? No. Until calamity strikes, that is when we’ll start implementing reactive measures. We need an agency that drafts cybersecurity policies and ensures compliance within the federal, state, and local levels.

NITDA is not enough. Cybersecurity shouldn’t be a unit within an IT development agency. Cybersecurity is more than just catching a hacker or stopping phishing attacks etc. It is ensuring employees have access to only what they need to work; it is drafting, documenting, and implementing security policies, baselines, and guidelines. It is ensuring due care and due diligence. It is guaranteeing cyber risk is reduced to limit exposure. It is so much more!!!

Seriously, Nigeria is not doing anything towards cybersecurity. Fighting hackers and stopping 419 scams are just the tip of the iceberg. Those are just news for headlines, to satisfy our narcissistic personality. If Nigeria wants to stop 419 scammers etc., then Nigeria should draft strict policies for Internet Providers and ensure they comply with those policies.

How can a government employee install video games and torrent software on a government computer? How does the average employee have administrative access? What happened to access control. Shouldn’t the IT department be the only ones with administrative access? There is so much work to be done.