Cyber security experts in Nigeria have urged regulatory authorities in the ecosystem to come up with a national data protection act to prevent organizations in the country from revenue loss and sanction. This is as ahead of commencement of the implementation of European Union Data Protection Regulation (GDPR) today, 25th of May, 2018.
European Union’s General Data Protection Regulation (GDPR) requires any enterprise in the world that conducts business with at least one citizen of the EU to comply with GDPR protections of personally identifiable information or face stiff penalties.
Reacting Oluseyi Akindeinde, Chief Technical Officer, Digital Encode, said that Nigeria needs to have a framework for cybersecurity, starting with a national data protection act.” Data is the new currency and as such has to be adequately protected.” He added that: “most private organizations have invested quite a lot in securing their electronic infrastructures via security operations centers however not much can be said of the public enterprises.”
On cybercrime law that never had effect before it becomes outdated, he said: “any law has to be interpreted properly and be legally enforceable by the people to whom it applies. I don’t think the people tasked with the cyber law have fully come to grasp with Nigeria’s law.
“There needs to be a concerted effort to get the lawyers, judges and law enforcement agencies up to speed with the more intricate aspects of cyber security. The field is highly technical and there are quite a number of things they need to understand before taking up and judging cases related to cyber-crime.
Ahmed Adesanya, IT Security and Connectivity consultant, said that ignoring the EU regulation could cost organizations millions, but thinking about privacy could make organization’s products and process stronger.
“I feel there must be personnel accountable for cyber security in every organization and it need to be criminalized for negligence or none-compliance for not disclosing breach to supervising agency. Our Cyber Security law must be strong as the May 25 for EU GDPR come into effect by today, which will change the model of businesses throughout the world,” he said.
Edward Carbutt, Executive Director at Marval Africa, making a case for people and process in fight against cybercrime, said that technology is only one of the components that make up a strong defence against cyberattack. “Even with the right technology in place, organizations are still vulnerable to attack, and should protect themselves in other areas, too. For optimal cybersecurity, organizations can look towards addressing five key elements: people, processes, technology, change and culture.
People, Processes and Technology have long been the cornerstones of Information Technology Infrastructure Library (ITIL) frameworks, often referred to as the “golden triangle” for successful project implementations and change management.
The ability to implement change and an organization’s culture are just as critical to security and play an important role in today’s rapidly evolving digital world.