0 573

 The Nigeria Data Protection Commission (NDPC) on Wednesday identified human errors as a significant factor contributing to data breaches in organisations.

The Head, of Information Technology and Cyber Security, NDPC, Mr Olorunisomo Isola, made this known during a capacity building for members of the Nigeria Information Technology Reporters Association (NITRA) Lagos Chapter.

The training, which took place in Ikeja, was on data protection and privacy,

Isola said that cyber security issues are usually treated as a technology problem, whereas most data breaches are as a result of human error.

He said that employees can unintentionally help cyber-attackers break into an organisation.

The NDPC boss said that attackers often carefully profile the employees of the company they are targeting, noting that this could be done through social media and by researching publicly available information.

“Once a target has been selected, one of the most common ways to execute a cyber-attack; is to send phishing e-mails directly to employees in a targeted company.

“These emails usually contain either a link or a Microsoft Office document embedded with malicious code. Thus, employees can unintentionally help cyber-attackers break into an organisation,” he said.

Isola said that curbing cyber-attacks using firewalls was not enough, adding that it was necessary to work on human errors within the organisation as well.

He noted that security awareness and training of employees were just as important.

Isola stressed that raising awareness could be done through webinars, on-site events, as well as pro­per onboarding of security policies, training manuals and pamphlets.

He also said that companies should adopt an email policy, as email was a critical communication channel and having such a policy would ensure secure usage.

The cyber security expert stressed the need to use only official company email accounts for business communications.

He noted that they should also avoid opening emails or attachments from unknown or suspicious sources.

“We need to be cautious of phishing attempts and report them immediately.

“Companies and individuals should also ensure that sensitive information is encrypted before transmitting via email,” Isola said.

Speaking on the types of attacks, he said there were phishing, man-in-the-middle, password, drive-in, dictionary, ransomware and Artificial intelligence (AI)-powered attacks.

Isola noted that AI-powered attacks are one of the most dangerous ones.

He said that cybercriminals could leverage AI to carry out sophisticated and targeted attacks.

“AI-powered attacks can be more destructive and challenging to detect than traditional cyber-attacks.

“They are smart enough to understand how to analyse all possible attack vectors, select the best option, execute successfully, and evade detection, all while adapting and evolving in real-time.

“AI-powered attacks can also be more efficient, allowing attackers to carry out attacks on a larger scale and with greater accuracy.

“It will be a serious problem to deal with in the nearest future,” he said.

 

 

Dominica Nwabufo

Leave A Reply

Your email address will not be published.