Technology
Cybersecurity, the New Normal
A total of $706,452 has been paid in ransom to cybercriminals by Nigerian businesses. According to Sophos in The State of Ransomware 2022 report, Industrial Control Safety Systems (ICSS) in Critical infrastructure are increasingly exposed to cyber-attacks because of the digitization drive of the industry.
As supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control systems become connected to the Internet to allow greater business efficiency (remote process monitoring, system maintenance, process control, and production data analysis)-Industry 4.0, they also make the business more vulnerable to threats with the potential to affect critical Industrial Control and Safety Systems seriously.
This article will discuss the cybersecurity challenges facing these industries and the steps that can be taken to mitigate these risks.
Critical infrastructure is classified as the physical and IT/OT assets, networks, and services that, if disrupted or destroyed, would have a serious impact on the health/security/economic well-being of citizens and the efficient functioning of a country’s government.
The energy sector and manufacturing industries are critical to the global economy, and their security is of the utmost importance. The integration of operational technology (OT) and information technology (IT) – industry 4.0 – in these industries has also increased efficiency and productivity, but it has also increased the risk of cyber-attacks.
One of the main challenges facing these industries is the integration of OT and IT systems. OT systems, such as control systems, are used to control and monitor physical processes, while IT environments, i.e., the internet and cloud, are used to process and store data. The integration of these environments means that cyber-attacks on the Information Technology environment can now directly impact the physical processes controlled by Operational Technology systems.
The use of legacy (ICSS) in these industries is prevalent. Many Control & Safety Systems were developed before cyber security was a global concern and may not have the necessary security measures in place to prevent such attacks when the ICSS is compromised. In addition, the hardware and software in these legacy ICSS could have reached their End of Life (EOL), which makes them more vulnerable to cyber attackers
Some other factors have contributed to the growing vulnerability of industrial control systems, which include
• Insecure remote connections; Access links such as dial-up modems and wireless communications are used for remote diagnostics, maintenance, and examination of system status. If encryption or authentication mechanisms are not utilized, the integrity of the transmitted information is vulnerable
• Standardized technologies; Organizations are transitioning to standardized technologies, such as Microsoft’s Windows, to reduce costs and improve system scalability and performance. The result is unrestricted access to knowledge and tools to jeopardize the system and an increase in the number of systems vulnerable to attack.
• Availability of technical information—Public information about infrastructures and control systems is readily available to potential hackers and intruders. Design and maintenance documents and technical standards for a critical system can all be found on the internet, greatly jeopardizing overall security.
In addition to the challenges and vulnerabilities facing the industrial control system, Cyber threats and incidents are now a major operating and business risk for every digital enterprise. In the age of digitization, it is imperative to create and execute strategies that allow the business to monitor and mitigate cyber threats and risks supporting its financial objectives.
Traditional industry best practice recommends that the ICSS and operational business networks be physically segregated and employ dedicated networks which enhance security and prevent these attacks.
But to truly mitigate these risks and be IIOT-ready, organizations need to have a comprehensive cyber security program with the partnership of industry experts, which incorporates intrusion detection and prevention systems, firewalls, and secure remote access solutions in place, such as those offered by Schneider Electric; with a team of certified experts, delivering holistic cybersecurity programs to help maintain the system’s defences, with cybersecurity services such as vulnerability assessments, penetration testing, and incident response planning from an operations perspective, while integrating appropriate IT policies and requirements.
In conclusion, the integration of OT and IT systems in the energy sector and manufacturing industries has increased efficiency and productivity, but it has also increased the risk of cyberattacks. Organizations in these industries need to adopt a cyber security program and posture to maintain profitability to protect against cyber-attacks.
By Aduragbemi Omiyale
The Nigerian Communications Commission (NCC) has directed mobile network operators (MNOs) to commence implementation of the approved harmonised short codes (HSC) for providing certain services to telecom consumers in the country.
The Director of Public Affairs at the NCC, Mr Reuben Muoka, in a statement on Monday, said the unified short codes were approved in line with its consumer-centric approach to telecom regulation.
According to him, the use of harmonised short codes is aimed at achieving uniformity in common short codes across networks.
This means that the code for checking airtime balance is the same across all mobile networks for the same function, irrespective of the network a consumer uses.
With the new codes, telecom consumers using the over 226 million active mobile lines in the country can now use the same codes to access services across the networks.
Already, the agency has set a deadline of May 17, 2023, for all mobile networks to fully migrate from hitherto diverse short codes to harmonised codes.
The period between now and May 17, 2023, is provided by the NCC to enable telecom consumers to familiarise themselves with the new codes for various services.
Under the new harmonised short codes regime, 13 common short codes have been approved by the NCC and include 300 for Call Centre/Help Desk on all mobile networks; 301 for voice Mail Deposit; 302 for Voice Mail Retrieval; 303 for Borrow Services; 305 for STOP Service; 310 for Check Balance, and 311 for Credit Recharge.
Also, the common code for Data Plan across networks is now 312. In line with the new direction, 321 is for Share Services, while 323 is for Data Plan Balance. The code 996 is now for Verification of Subscriber Identity Module (SIM) Registration/NIN-SIM Linkage.
The code 2442 is retained for Do-Not-Disturb (DND) unsolicited messaging complaint management, while the common code, 3232, is also retained for Porting Services, otherwise called Mobile Number Portability.
The old and new harmonised short codes will run concurrently up until May 17, 2023, when all networks are expected to have fully migrated to full implementation of the new codes.
By Adedapo Adesanya
Cryptocurrency exchange, Bitfinex, has listed the first-of-its-kind CryptoGPT token ($GPT) in what has been touted as a revolutionised approach to artificial intelligence (AI).
The CryptoGPT, a cryptocurrency token built on an Ethereum platform, is the first-of-its-kind multi-value gas token and has the necessary demand as fuel for network transactions. It is topped up with value funnels from validator staking, cash flow from core products, and power of fee treasury which can be deployed for liquidity events like buybacks, burns, and/or expanded yield.
In a statement, the company said CryptoGPT token would revolutionise the world of AI by decentralising the data industry and giving billions of users across the world, including Africa, full control of their own AI data and freedom to monetize such data as they live their daily lives, creating a sustainable income stream.
CryptoGPT is a dedicated layer-2 blockchain built to create trillion-dollar data and power the AI revolution. The blockchain hosts apps with 2+ million active users, placing it as one of the biggest blockchains at launch. This innovation uniquely merges blockchain technology with AI and offers an ecosystem that treats data like an asset class.
The rise of artificial intelligence (AI) is bringing drastic changes in the technological fields around the world, where if implemented, it automates systems for more efficiency and performance.
From the comfort of a mobile phone and in multiple fields, AI is continuously providing high-performance and accurate system work with efficiency whilst playing an important role in helping humans work better without the help of humans. Since its inception, there is no doubt that the algorithm and success of AI is data-driven, and currently, many big tech companies and players like Meta, Google, and Amazon make billions and trillions of dollars by monetizing users’ AI data.
By creating an ecosystem that incentivizes users to earn crypto tokens and avoid constant inflation, CryptoGPT lets users capitalize on their data through its versatile $GPT token.
“No matter how much CryptoGPT ultimately decentralizes data, the $GPT token is a good investment because users can amass significant quantities of it by using the ecosystem’s apps and making referrals. This makes CryptoGPT the first sustainable ‘to earn’ ecosystem that pays users for contributing data that is then sold in the global data marketplace,” the company said.
CryptoGPT, unlike most participants in the AI boom, entered the marketplace with a compelling value proposition setting itself apart.
Currently, AI is used for different purposes and in different fields like virtual assistants or chats, healthcare agriculture, security and surveillance, logistics, shopping and fashion, agriculture, and farming. The CryptoGPT has an ecosystem of millions of daily app users with over 20+ apps in these fields as well as lifestyle, music, dating, travel, and gaming.
By Adedapo Adesanya
Financial technology (fintech) companies in Nigeria are reportedly working on a joint strategy that will help create a new registry to tackle fraudulent transactions within their networks.
A report from the publication revealed that three people familiar with the development said the registry had been stylised as Project Radar.
The registry, when public, would enable companies to pool details, including banking and government identity data, of individuals and groups that have attempted or made fraudulent transactions.
The report revealed that representatives of more than a dozen companies — including payments processor Flutterwave, digital banks Kuda and Branch, and savings app Cowrywise — joined a call on Monday (March 6), to come up with the move.
It was reported that the most vocal appeared to be Mr Olugbenga Agboola, the chief executive officer (CEO) of Africa’s most valuable startup, Flutterwave.
This could be tied to recent happenings around the company after news broke that Flutterwave was hacked for N2.9 billion ($6.3 million) in over 60 transactions in February.
Court documents showed the company filed a suit in Lagos against 16 commercial banks to freeze over 100 accounts suspected of receiving proceeds of the reported hack.
Business Post later reported that Flutterwave denied the hack, saying it observed an unusual trend of transactions on some users’ profiles, and it quickly took action.
The company said, “We want to confirm that no user lost any funds, and we take pride in the fact that our security measures were able to address the issue before any harm could be done to our users.
“Our commitment to keeping our users’ financial information safe and secure is why we invest heavily in security initiatives such as periodic audits, certifications, and licenses such as the PCI-DSS & ISO 27001. These are in line with global best practices in information security management.
“We want you to continue to trust us and feel secure using Flutterwave for your business needs. Our commitment is to enable your business growth while keeping your financial information safe and secure.”
