With cyber attacks on the rise, organisations across the globe are contending with loss of reputation, loss of customers, potential financial liabilities, regulatory notification requirements and sometimes, litigation. To address this menace, however, Tardigrade, a Nollysoft’s Enterprise Risk Assessment (ERA) solution, has been identified by experts as a veritable roadmap that would provide better understanding of the cybersecurity space and a good grasp of the internal control mechanisms to organisations towards cyber threats.
The greatest war that countries in the 21st Century currently face and which they must prepare to win headlong to actively participate in the global economy largely driven by the Internet is cyber warfare.
As such, the need for organisations to deploy a security solution that helps to identify factors contributing to and determining the organisation’s overall cyber risk; assess the organisation’s cybersecurity preparedness; evaluate whether the organisation’s cybersecurity preparedness is aligned with its risks; determine risk management practices and controls that are needed or need enhancement and actions to be taken to achieve the desired state and offers informed risk management strategies to organisations cannot be under-estimated.
Indeed, local and regional authorities, professional IT associations and various reports home and abroad have raised the sentiments around the danger posed by cyber threats and the need for each organisation to get its IT infrastructure weaponised through effective internal controls and security solutions.
Rising wave of concerns
For instance, the telecoms industry regulator in Nigeria, the Nigerian Communications Commission, has noted that cybersecurity has become an essential component of human activity. This was the position of the Executive Vice Chairman of the Commission, Prof. Umar Danbatta, at a cybersecurity forum in Lagos, where he noted that cyber attacks’ high level of complexity requires action at different levels (both virtual and physical) and by different actors, including governments, private sector, civil society, intergovernmental organisations, among others.
According to him, the current scale and growth of ICT applications transcend all spheres of social and economic boundaries worldwide. “Whether it is broadcasting (digital TV) or social networking, e-Commerce (mobile banking and financial services), e-Governance (government services management, e- education, e-health, e-taxation, e-commerce), governments, institutions and the society in general are increasingly embracing these technologies and at the same time becoming exposed to vulnerabilities of cyber-attacks,” he said.
He, therefore, strongly advocated that technical measures such as the Nollysoft’s Enterprise Risk Assessment (ERA) solution and appropriate legal instruments must be put in place to enhance the resilience of cybersecurity infrastructure and safeguard cyber technologies users.
In the same vein, Secretary-General of the Commonwealth Telecommunications Organisation (CTO), Mr. Shola Taylor, has also raised serious concerns about the dangers of cyber-attacks and the need for a synergy by stakeholders to mitigate and, if possible, prevent their potential risks on organisations IT infrastructure.
According to Taylor, “Cyberspace contributes significantly to achieving countries’ national development goals, and so international organisations, national security services, operators, intelligence and data protection agencies, as well as citizens all have a role to play in making cyberspace safer and more resilient,” he said, while sharing the CTO’s experience in developing national cybersecurity strategies for Commonwealth member countries as well as other countries, including Senegal last year.
Potential risks, exposures and losses
In Nigeria, over N127 billion is lost annually by mostly business organisations and ministries, departments and agencies (MDAs) of government, translating to 0.08 per cent loss in the `country’s annual Gross Domestic Product (GDP), according to the country’s Minister of Communications, Adebayo Shittu.
Also,62 per cent of firms are being attacked weekly, according to a 2017International Data Corporation (IDC) InfoBriefsponsored by Splunk. In the report, it was noted that with malware becoming more advanced with encrypted ransomware, the security breach impacts on organisations may include loss of reputation, loss of customers, potential financial liabilities, regulatory notification requirements and sometime litigation instigated by victim customers.
President, Cyber Secure Conference organised by the Cyber Security Experts Association of Nigeria (CSEAN), Mr. Rem iAfon quoted another statistics, which puts the cost of cyber-crime globally at $700 billion per year. He said the loss is projected to rise to about $2 trillion by 2019, due to the rapid digitisation of consumer lives and company records. Breaches like these have steadily been on the rise as according to reports, the number of incidents has increased by more 38 per cent annually since 2015.
According to U.S. State of Cybercrime survey, Ponemon Institute, and Juniper research, cybersecurity events and costs are increasing, data breaches are expected to reach $2.1 trillion globally by 2019.
Thus, Afon argues that there is a need for Nigeria to implement the National Cyber Security Strategy and Policy and ensure effective implementation of the Cybercrime Act 2015 as well making organisations embrace newest solution. One of such security solutions ready to tackle cyber attacks on organisations in the country is Tardigrade, a Nollysoft’s Enterprise Risk Assessment (ERA) solution.
This is instructive as industry experts have said organisations in Nigeria are in dire need of cyber experts that could help secure the cyberspace and one of the ways to boost protection is to embrace and deploy innovative solutions offered by security company/experts.
Tardigrade – an Enterprise Risk Assessment (ERA) solution to the rescue
In the industry today, Tardigrade, an Enterprise Risk Assessment (ERA) solution, introduced into Nigeria by Nollysoft, towers among other Risk assessment solutions present robust impact assessments and strategic security solutions to organisation by helping them to have in place processes that ensure they understand their gaps and state of preparedness to respond to cyber breaches.
Senior Management and Board of organisations are often faced with the following key concerns such as how protected is their organisation from internal and external threats; whether the organisation a direct target for attacks; who is accountable for assessing and managing the risks posed by changes to the business strategy or technology? How effective is their system of internal control and being applied? How do they compare to competitions? And how do they compare with their peers in the industry. Tardigrade solution effectively addresses these concerns.
According to industry experts, organisations need a good handle on the cyber threats and risks their organisation may face. They also need to have a grasp of whether their system of internal control is effective, or basically need to implement specific security controls from standards such NIST 800-53 or ISO 27001.
The Tardigrade assessment solution helps organisations to understand their cybersecurity and internal control risks so that they can implement appropriate mitigation controls to achieve a desired state of preparedness.
“Tardigrade Cybersecurity Assessment helps organisations identify their risks and determine their cybersecurity preparedness. The assessment solution provides businesses with repeatable and measurable processes to inform senior management of their organisations’ cybersecurity preparedness over time,” said Sola Koleowo, Chief Executive Officer of Nollysoft Limited on behalf of the company.
The ERA solution, Koleowo, said is based on best practice frameworks set by Federal Financial Institution Examination Council (FFIEC), Information Technology Examination Handbook (ITEH), National Institute of Standards and Technology (NIST), Cybersecurity Framework (CF)and International Standard Organisation (ISO 27001) and regulatory guidance.
According to him, the Tardigrade Internal Control solution enables organisations to understand deficiencies in their system of internal control to allow creation of an effective mitigating controls to help achieve business objectives. It is based on industry standard and best practices framework – Committee of Sponsoring Organisations of the Treadway Commission (COSO).
On the security requirement traceability matrix, Koleowo said, “Tardigrade Security Requirement Traceability Matrix solution allows organisations to effectively select security controls from standards and regulations for implementation either as a part of a Secure Software Development Lifecycle (SSDLC) or regulatory mandate,” stressing that the solution currently supports 2 industry standards: NIST 800-53 R4 and ISO 27001-2013, and two regulations: Sarbanes-Oxley (SOX) and Monetary Association of Singapore (MAS).
The total cost of ownership (TCO) of Tardigrade solution is low. No CAPEX needed to acquire the solution. It is a Cloud-based solution and being offered as a service.
Leveraging innovative enterprise risk assessment solution such as Tardigrade by organisations from private to public sectors of the economy will not only guarantee effective protection for user organisations but also help curb losses to the national economy. This is just as industry analysts say the arrival of Tardigrade will raise the bar of organisations’ protection against potential cyber threats and associated losses.