Technology
Phillips Consulting’s Guide to Avoiding Security Complexities
Many years ago, the firewall was everything. Defence-in depth was a concept defined as layered defence with multiple firewalls on the path.
Behind the firewall was a fortress. Organisations designed networks with strong perimeters and demilitarised zones to ensure the crown jewels were well-protected. Attackers had a difficult time trying to break into the firewalls.
On the physical layer, Network Admission Control (NAC) technologies were implemented to prevent intruders from having direct access into the network by preventing them from plugging unauthorised devices into the network. Before a device was admitted, it had to meet a minimum requirement defined by the organisation.
Those years are gone and maybe gone forever. Cloud computing, Bring Your Own Device (BYOD), Artificial Intelligence, Internet of Things (IoT), VPNs and Remote Working Capabilities have dramatically changed the way businesses run.
These technologies have introduced a level of innovation and disruption that were unimaginable only a few years ago. They have resulted in the collapse of the traditional network perimeter, thereby increasing the attack surface for cyber-attacks.
Enterprise networks coverage is today being extended beyond our imagination – outside the traditional datacentres to smartphones, cloud platforms, mobile computers and IoT interfaces without geographical boundaries.
The bad guys now have a plethora of interfaces to launch their attacks on; they do not have to breach the network using traditional social engineering tactics physically.
The recent changes in the work environment occasioned by the COVID-19 have further amplified the extension of network boundaries beyond the traditional datacentres.
Employees work from home with devices and connections into the enterprise networks that were not originally designed for such. Improvised connections were made to allow functionality because the pandemic came without an announcement.
The danger this poses is that some of these end devices were not originally designed with security in mind. Even if security was a consideration, not so much for enterprise data protection. These devices are most of the time not hardened, and their owners may not understand the effects on the overall organisational security posture.
A handful of these devices are installed with default passwords, and most times, these passwords are not changed during or after installation. So, it is easy to guess the password by manual methods or using advanced dictionary or brute force attack methods.
Another risk posed by these endpoints is the lack of security updates and patches. Because they are sometimes not seen to be part of the enterprise network, they are not included in the patch management programme, and their presence introduces high-level vulnerabilities within the enterprise network.
It then becomes easier to utilise malware that could tunnel through the firewall to breach the enterprise network, instead of spending months and years trying to break into the firewall or layers of firewalls.
In recent years, large-scale attacks have been launched using malware by exploiting known vulnerabilities and security gaps on endpoints.
For example, the WannaCry, Petya and another variant of Petya, the NotPetya were employed to launch attacks on enterprise networks through vulnerable endpoints. Another danger with this trend is potential data leakage because these devices are used to either temporarily or permanently store organisational data.
There is also concern about device loss. If these devices are lost, there is a risk of exposing the organisation’s data to unauthorised entities, and that could both result in financial and reputational damage.
These dangers are also expanded by the impact of the COVID 19 pandemic, where organisations made ad-hoc improvisions to support businesses while employees work from home.
As commerce resumes, organisations are beginning to discover some capabilities to support their businesses remotely, and they are also rethinking their business continuity strategies.
For some businesses, this is not just a temporal shift, but a change which has permanently altered the operational procedures of the organisation.
Legacy cybersecurity strategies, techniques and investments will not be enough to mitigate the rising cybersecurity concerns introduced by this new way of working. Protection has gone beyond throwing in uncoordinated technical solutions and efforts.
Organisations need to rethink a new approach for the protection of their assets within the ever-growing complexity both to remain afloat and also to derive commensurate Returns On Security Investments (ROSI). A well-crafted strategy will ensure that cybersecurity efforts are coordinated within the enterprise, without duplication of efforts and resources, which will, in turn, drive down the cost of implementing cybersecurity initiatives.
To improve security posture, organisations must do the following:
- Continuously monitor the devices, applications, and processes running on the network.
- Automate security monitoring and mitigation.
- Implement systems that are capable of automatic detection, isolation and containment of threats within the network.
- Ensure that monitoring covers event data, session data, and historical data on endpoint usages, such as past processes, network connections, and other information.
Another measure organisations should take is reducing complexities. The extension of the network boundaries has not stopped organisations from using existing network solutions to protect the enterprise network.
However, in a bid to ensure the protection of the on-premise infrastructure and the ones beyond the organisational traditional network boundaries, organisations combine existing technologies with new solutions and the resultant effect is an increase in complexity.
To effectively manage security, organisations should put measures in place to ensure a reduction in complexity and enhancing visibility. This can be achieved by unifying all efforts and technologies for managing both on-premise and off-premise infrastructure in a single platform. Beyond technical controls, organisations should develop procedures, standards, and policies for acceptable use of organisational resources.
By Aduragbemi Omiyale
One of Africa’s leading integrated payments and digital commerce companies, Interswitch, has expressed its commitment to promoting a vibrant digital ecosystem on the continent.
The Nigerian fintech firm reaffirmed this by supporting the recently concluded Google Developer Groups (GDG) DevFest Ibadan, Oyo State.
The flagship conference, which held at the Aweni Arena in Ibadan, brought together developers, tech enthusiasts, and industry leaders for a dynamic day of knowledge sharing, networking, and exploration of cutting-edge technologies, including artificial intelligence, machine learning, cloud computing, and mobile app development.
Now in its fifth edition, DevFest Ibadan has grown in scale and impact over the years, attracting thousands of attendees from across Oyo State and beyond.
Participants enjoyed a variety of engaging activities, including thought-provoking talks, hands-on workshops, and hackathons designed to inspire innovation and foster collaboration.
Interswitch said it threw its full weight behind this programme because of its unwavering commitment to advancing Nigeria’s technology landscape and nurturing the next generation of innovators.
“At Interswitch, we recognise the pivotal role developers and tech communities play in driving innovation across the continent.
“Sponsoring GDG DevFest Ibadan 2024 aligns perfectly with our mission to equip these communities with the tools, platforms, and opportunities they need to innovate, collaborate, and succeed.
“We are committed to promoting a vibrant ecosystem that accelerates Africa’s digital transformation while nurturing the next wave of innovators shaping the future of fintech in Nigeria and beyond,” the Divisional Head for Growth Marketing (Merchants and Ecosystems) at Interswitch, Mr Olawale Akanbi, said.
In her presentation, a Developer Ecosystem Executive at Interswitch, Ms Elizabeth Okaome, highlighted the company’s robust suite of Application Programming Interfaces (APIs) and their use cases, supported with live demos.
Cutting across payments integration, transfers, bill payments and airtime recharge, identity verification or lending services, Interswitch APIs equip developers with tools to enable secure and seamless online and offline payment acceptance).
Another highlight at the event was the introduction of the Quickteller Business Referral Programme, also known as the ‘5 for 5’ Initiative, which offers developers or any referrer an opportunity to earn 5% commission on Interswitch’s share of every transaction charge, for five whole years, while enabling businesses to thrive.
By Adedapo Adesanya
Nigerian will today, Friday, January 10, 2025, know what they will henceforth pay to make calls, send SMS, and browse the internet as telecommunication operators have received the approval of the Nigerian Communications Commission (NCC) to raise tariffs.
This will bring an end to the long-term tussle for a hike in tariffs, which telcos wanted to be at 100 per cent, but the Nigerian government rejected.
Industry sources have shared with the media that the new tariffs will be announced by the NCC on Friday.
on Wednesday, the Minister of Communications, Innovation, and Digital Economy, Mr Bosun Tijan, at a stakeholders’ meeting in Abuja, said the NCC would come up with modalities for tariff adjustment in the telecoms industry.
“We’ve look at a number of things in terms of how to ensure that can meaningfully contribute to the development of Nigeria.
“Some of those things include implementing the Executive Order around ensuring that we can protect infrastructure around telecoms, driving up significantly local content and importantly, ensuring the sustainability of the companies themselves that as we see inflation across the world that telecommunications companies, we don’t run them down but we allow them to continue to be sustainable so that they can contribute to our economy.
“You have seen over the past weeks that there has been agitation from some of these companies to increase tariffs, requesting for 100 per cent tariff increase. This is not something that as a government we will be able to subscribe to at the minute,” he stated.
Recently, the chief executive of MTN Nigeria, Mr Karl Toriola, said in an interview that although operators have put forward the 100 per cent suggestion, he doubts that the regulator, the Nigerian Communications Commission (NCC), would accept.
“Now, we’ve put forward requests of approximately 100 per cent and type increases to the regulators,” he said.
The operators have also said the sustainability of the telecommunications industry in Nigeria needs to be addressed, if not, it could negatively impact Nigeria’s economy.
Mr Toriola’s counterpart at Airtel, Mr Dinesh Balsingh, in an op-ed published by this newspaper said it was needed to acquiesce to the proposed tariff adjustments in order to ensure the long-term sustainability of the sector while unlocking significant benefits for Nigerian consumers.
“For over a decade, tariffs have remained static despite the dramatic increase in operating expenses, which have surged by over 300% in the last 18 to 24 months alone,” he wrote.
By Aduragbemi Omiyale
The prices of calls, data and others will not be increased by Mobile Network Operators (MNOs) in Nigeria by 100 per cent as being proposed, the federal government has assured citizens.
The Minister of Communications, Innovation and Digital Economy, Mr Bosun Tijani, after a meeting with the operators on Wednesday in Abuja, however, said Nigerians should expect to pay more for call and data services very soon to keep the operators afloat, especially due to rising cost of doing business in the country.
The telcos had asked the government for permission to increase tariffs by 100 per cent because the current rates were no longer sustainable.
The chief executives of two of the leading operators in Nigeria, MTN and Airtel, said they would want tariffs to be raised by 100 per cent to guarantee qualify service delivery.
Operators in the sector had warned that if the rates were not raised by the regulator, the Nigerian Communications Commission (NCC), they may begin to ration their services across the nation to remain in business.
“You have seen over the past weeks that some of these companies have been agitated to increase tariffs. They are requesting a 100 per cent tariff increase.
“But it will not be by 100 per cent; the NCC will soon come up with a clear directive on how we will go about it.
“We want to strike the balance as a government, to protect our people, but also protect and ensure that these companies can continue to invest significantly,” Mr Tijani said yesterday.
“As a country, over time, we have left these investments in the hands of the private sector. They typically invest where they can see returns in the short to medium term.
“We will not want this conversation to just be about tariff increase. What the world is talking about today is meaningful connectivity; people want to have access to quality service.
“A part of it that the consumers may not be aware of is the investment that needs to go into the infrastructure that is used to deliver these services,” he noted.
On his part, the Executive Vice-Chairman of the NCC, Mr Aminu Maida, said, “We have looked at all of these factors, and that is why, as the Minister said, it is not likely that we are going to approve a 100 per cent tariff increase.
“I know that Nigerians are agitated to hear the exact percentage approved. We are still going through some stakeholder engagements, but you will hear from us within a week or two.”
“We are moving away from the regime where you will have a main rate, then you will now have a bonus which is at a different rate.
“It makes it often complicated and difficult for Nigerians to actually understand what they are being charged for. There is this agitation that the MNOs are stealing our data,” he added.
-
Feature/OPED5 years agoDavos was Different this year
-
Travel/Tourism8 years ago
Lagos Seals Western Lodge Hotel In Ikorodu
-
Showbiz2 years agoEstranged Lover Releases Videos of Empress Njamah Bathing
-
Banking7 years agoSort Codes of GTBank Branches in Nigeria
-
Economy2 years agoSubsidy Removal: CNG at N130 Per Litre Cheaper Than Petrol—IPMAN
-
Banking2 years agoFirst Bank Announces Planned Downtime
-
Sports2 years agoHighest Paid Nigerian Footballer – How Much Do Nigerian Footballers Earn
-
Technology4 years agoHow To Link Your MTN, Airtel, Glo, 9mobile Lines to NIN