Technology
Avoiding Security Complexities
Many years ago, the firewall was everything. Defence-in depth was a concept defined as layered defence with multiple firewalls on the path.
Behind the firewall was a fortress. Organisations designed networks with strong perimeters and demilitarised zones to ensure the crown jewels were well-protected. Attackers had a difficult time trying to break into the firewalls.
On the physical layer, Network Admission Control (NAC) technologies were implemented to prevent intruders from having direct access into the network by preventing them from plugging unauthorised devices into the network. Before a device was admitted, it had to meet a minimum requirement defined by the organisation.
Those years are gone and maybe gone forever. Cloud computing, Bring Your Own Device (BYOD), Artificial Intelligence, Internet of Things (IoT), VPNs and Remote Working Capabilities have dramatically changed the way businesses run.
These technologies have introduced a level of innovation and disruption that were unimaginable only a few years ago. They have resulted in the collapse of the traditional network perimeter, thereby increasing the attack surface for cyber-attacks. Enterprise networks coverage is today being extended beyond our imagination – outside the traditional datacentres to smartphones, cloud platforms, mobile computers and IoT interfaces without geographical boundaries.
The bad guys now have a plethora of interfaces to launch their attacks on; they do not have to breach the network using traditional social engineering tactics physically.
The recent changes in the work environment occasioned by the COVID-19 have further amplified the extension of network boundaries beyond the traditional datacentres. Employees work from home with devices and connections into the enterprise networks that were not originally designed for such. Improvised connections were made to allow functionality because the pandemic came without announcement.
The danger this poses is that some of these end devices were not originally designed with security in mind. Even if security was a consideration, not so much for enterprise data protection. These devices are most of the time not hardened, and their owners may not understand the effects on the overall organisational security posture.
A handful of these devices are installed with default passwords, and most times, these passwords are not changed during or after installation.
So, it is easy to guess the password by manual methods or using advanced dictionary or brute force attack methods. Another risk posed by these endpoints is the lack of security updates and patches. Because they are sometimes not seen to be part of the enterprise network, they are not included in the patch management programme, and their presence introduces high-level vulnerabilities within the enterprise network.
It then becomes easier to utilise malware that could tunnel through the firewall to breach the enterprise network, instead of spending months and years trying to break into the firewall or layers of firewalls.
In recent years, large-scale attacks have been launched using malware by exploiting known vulnerabilities and security gaps on endpoints.
For example, the WannaCry, Petya and another variant of Petya, the NotPetya were employed to launch attacks on enterprise networks through vulnerable endpoints. Another danger with this trend is potential data leakage because these devices are used to either temporarily or permanently store organisational data.
There is also concern about device loss. If these devices are lost, there is a risk of exposing the organisation’s data to unauthorised entities, and that could both result in financial and reputational damage.
These dangers are also expanded by the impact of the COVID 19 pandemic, where organisations made ad hoc improvisions to support businesses while employees work from home.
As commerce resumes, organisations are beginning to discover some capabilities to support their businesses remotely, and they are also rethinking their business continuity strategies.
For some businesses, this is not just a temporal shift, but a change which has permanently altered the operational procedures of the organisation.
Legacy cybersecurity strategies, techniques and investments will not be enough to mitigate the rising cybersecurity concerns introduced by this new way of working. Protection has gone beyond throwing in uncoordinated technical solutions and efforts.
Organisations need to rethink a new approach for the protection of their assets within the ever-growing complexity both to remain afloat and also to derive commensurate Returns On Security Investments (ROSI). A well-crafted strategy will ensure that cybersecurity efforts are coordinated within the enterprise, without duplication of efforts and resources, which will, in turn, drive down the cost of implementing cybersecurity initiatives.
To improve the security posture, organisations must do the following:
Continuously monitor the devices, applications, and processes running on the network.
Automate security monitoring and mitigation.
Implement systems that are capable of automatic detection, isolation and containment of threats within the network.
Ensure that monitoring covers event data, session data, and historical data on endpoint usages, such as past processes, network connections, and other information.
Another measure organisations should take is reducing complexities. The extension of the network boundaries has not stopped organisations from using existing network solutions to protect the enterprise network.
However, in a bid to ensure the protection of the on-premise infrastructure and the ones beyond the organisational traditional network boundaries, organisations combine existing technologies with new solutions and the resultant effect is an increase in complexity.
To effectively manage security, organisations should put measures in place to ensure a reduction in complexity and enhancing visibility. This can be achieved by unifying all efforts and technologies for managing both on-premise and off-premise infrastructure in a single platform. Beyond technical controls, organisations should develop procedures, standards, and policies for acceptable use of organisational resources.
For further information and engagements on the pcl. cyber security services, send an email to te********@****************ng.net
By Adedapo Adesanya
Telecommunications operators in Nigeria will now be required to give subscribers a minimum of 14 days’ notice before deactivating their SIM cards over inactivity or post-paid churn, following a fresh proposal by the Nigerian Communications Commission (NCC).
The proposal is contained in a consultation paper, signed by the Executive Vice Chairman and Chief Executive Officer of the NCC, Mr Aminu Maida, and titled Stakeholders Consultation Process for the Telecoms Identity Risks Management Platform, dated February 26, 2026, and published on the Commission’s website.
Under the proposed amendments to the Quality-of-Service (QoS) Business Rules, the Commission said operators must notify affected subscribers ahead of any planned churn.
“Prior to churning of a post-paid line, the Operator shall send a notification to the affected subscriber through an alternative line or an email on the pending churning of his line,” the document stated.
It added that “this notification shall be sent at least 14 days before the final date for the churn of the number.”
A similar provision was proposed for prepaid subscribers. According to the Commission, operators must equally notify prepaid customers via an alternative line or email at least 14 days before the final churn date.
Currently, under Section 2.3.1 of the QoS Business Rules, a subscriber’s line may be deactivated if it has not been used for six months for a revenue-generating event. If the inactivity persists for another six months, the subscriber risks losing the number entirely, except in cases of proven network-related faults.
The new proposal is part of a broader regulatory review tied to the rollout of the Telecoms Identity Risk Management System (TIRMS), a cross-sector platform designed to curb fraud linked to recycled, swapped and barred mobile numbers.
The NCC explained in the background section of the paper that TIRMS is a secure, regulatory-backed platform that helps prevent fraud stemming from churned, swapped, barred Mobile Station International Subscriber Directory Numbers in Nigeria.
It said this platform will provide a uniform approach for all sectors in relation to the integrity and utilisation of registered MSISDNs on the Nigerian Communications network.
In addition to the 14-day notice requirement, the Commission also proposed that operators must submit details of all churned numbers to TIRMS within seven days of completing the churn process, strengthening oversight and accountability in the system.
The consultation process, which the Commission said is in line with Section 58 of the Nigerian Communications Act 2003, will remain open for 21 days from the date of publication. Stakeholders are expected to submit their comments on or before March 20, 2026.
By Modupe Gbadeyanka
The founder of Interswitch, Mr Mitchell Elegbe, has been honoured for pioneering Nigeria’s digital payments revolution.
At a ceremony in Lagos on Sunday, March 1, 2026, he was bestowed with the 2025 Silverbird Special Achievement Award for shaping Africa’s financial ecosystem.
The Silverbird Special Achievement Award recognises individuals whose innovation, vision, and sustained impact have left an indelible mark on society.
Mr Elegbe described the award as both humbling and symbolic of a broader journey, saying, “This honour represents far more than a personal milestone. It reflects the courage of a team that believed, long before it was fashionable, that Nigeria and Africa could build world-class financial infrastructure.”
“When we started Interswitch, we were driven by a simple but powerful idea that technology could democratise access, unlock opportunity, and enable commerce at scale.
“This recognition by Silverbird strengthens our resolve to continue building systems that empower businesses, support governments, and expand inclusion across the continent,” he said when he received the accolade at the Silverbird Man of the Year Awards ceremony attended by several other dignitaries, whose leadership and contributions continue to shape national development and industry transformation.
In 2002, Mr Elegbe established Interswitch after he was inspired by a bold conviction that technology could fundamentally redefine how value moves within and across economies.
Under his leadership, the company has evolved into one of Africa’s foremost integrated payments and digital commerce companies, powering financial transactions for governments, banks, businesses, and millions of consumers.
Today, much of Nigeria’s electronic payments ecosystem traces its foundational architecture to the systems and rails established under his leadership.
“Mitchell’s journey is inseparable from Nigeria’s digital payments evolution. His foresight and resilience helped establish foundational infrastructure at a time when the ecosystem was still nascent.
“This recognition affirms not only his personal legacy, but the broader impact of Interswitch in enabling commerce and strengthening financial systems across Africa,” the Executive Vice President and Group Marketing and Communications for Interswitch, Ms Cherry Eromosele, commented.
By Adedapo Adesanya
The Socio-Economic Rights and Accountability Project (SERAP) has called on the Federal Competition and Consumer Protection Commission (FCCPC) to urgently investigate major global technology companies over alleged abuses affecting Nigeria’s digital economy, media freedom, privacy rights and democratic integrity.
In a complaint addressed to the chief executive of FCCPC, Mr Tunji Bello, the group accused Google, Meta (Facebook), Apple, Microsoft (Bing), X, TikTok, Amazon and YouTube of deploying opaque algorithms and leveraging market dominance in ways that allegedly undermine Nigerian media organisations, businesses, and citizens’ rights.
The complaint, signed by SERAP Deputy Director, Mr Kolawole Oluwadare, urged the commission to take measures necessary to urgently prevent further unfair market practices, algorithmic influence, consumer harm and abuses of media freedom, freedom of expression, privacy, and access to information.”
SERAP also asked the FCCPC to convene a public hearing to investigate allegations of algorithmic discrimination, data exploitation, revenue diversion, and anti-competitive conduct involving the tech giants.
According to the organisation, dominant digital platforms now act as private gatekeepers of Nigeria’s information and business ecosystem, wielding enormous influence over public discourse and market competition without sufficient transparency or regulatory oversight.
“Millions of Nigerians rely on these platforms for news, information and business opportunities,” SERAP stated, warning that opaque algorithms and offshore revenue extraction models pose both economic and human rights concerns.
The group argued that the alleged practices threaten media plurality, consumer protection, privacy rights, and the integrity of Nigeria’s forthcoming elections.
SERAP pointed to actions taken by the South African Competition Commission, which investigated Google over alleged bias against local media content, adding that the South African probe reportedly resulted in measures including algorithmic transparency requirements, compliance monitoring and financial remedies.
SERAP urged the FCCPC to take similar steps to safeguard Nigerian media and businesses.
The organisation maintained that if established, the allegations could amount to violations of Sections 17 and 18 of the Federal Competition and Consumer Protection Act (FCCPA), which prohibit abuse of market dominance and anti-competitive conduct.
SERAP stressed that the FCCPC has statutory authority to investigate and sanction conduct that substantially prevents, restricts or distorts competition in Nigeria.
It also warned that failure by the Commission to act promptly could prompt the organisation to pursue legal action to compel regulatory intervention.
Citing concerns reportedly raised by the Nigerian Press Organisation (NPO), SERAP said big tech companies have fundamentally altered Nigeria’s information environment, creating what it described as a structural imbalance of power that threatens the sustainability of professional journalism.
Among the allegations listed are: Algorithms controlled outside Nigeria determining content visibility, monetisation of Nigerian news content without proportionate reinvestment, offshore extraction of advertising revenues, limited discoverability of Nigerian websites and platforms, and lack of transparency in ranking and recommendation systems.
SERAP argued that declining revenues in the Nigerian media industry have led to shrinking newsrooms, closure of bureaus, and the emergence of news deserts, weakening journalism’s constitutional role in democratic accountability.
The organisation further warned that algorithmic opacity and data-driven micro-targeting could influence voter exposure to information ahead of Nigeria’s forthcoming elections, raising concerns about electoral fairness and transparency.
-
Feature/OPED6 years agoDavos was Different this year
-
Travel/Tourism10 years ago
Lagos Seals Western Lodge Hotel In Ikorodu
-
Showbiz3 years agoEstranged Lover Releases Videos of Empress Njamah Bathing
-
Banking8 years agoSort Codes of GTBank Branches in Nigeria
-
Economy3 years agoSubsidy Removal: CNG at N130 Per Litre Cheaper Than Petrol—IPMAN
-
Banking3 years agoSort Codes of UBA Branches in Nigeria
-
Banking3 years agoFirst Bank Announces Planned Downtime
-
Sports3 years agoHighest Paid Nigerian Footballer – How Much Do Nigerian Footballers Earn