Mr. Obadare Peter Adewale and Mr. Oluseyi Akindeinde are the founders of Digital Encode Limited, a company that specialses in the design, management and security of business-critical networks, telecommunications environments and other information rechnology (IT) infrastructure.
While Adewale is the chief operating officer, Oluseyi is the chief technical officer of Digital Encode. In the exclusive interview with Chinenye Anuforo, they talk about their company, cybercrime and how individuals, government and institutions should guard themselves against the activities of hackers.
Excerpts:
About Digital Encode
Basically, Digital Encode is all about information and cybersecurity and anything around computer security. We started in 2003 but did not start as a cybersecurity company because the proliferation of IT then wasn’t strong. So, we were assisting ISPs, cyber cafes to build their infrastructure. It was not easy without funding and we could not really compete at the level we wanted because there were bigger players who could give banks, institutions companies better rates. So, it was a bit difficult for us. But we sat down to look at what we could do and at that time we started doing open source technologies to help, since we could not play at the level of the companies then.
We decided to see where we could come in, using our raw skills. We started using open source technologies, open source applications, that is, free software, as we didn’t have to buy it but we actually didn’t get paid for the software, we got paid for the skills. In that way our pricing model was adjusted to whatever the customer wanted that time. We had a vertical market so, at that time, It was profitable because, up until 2005, we had up to like 90 banks in Nigeria to target but when the policy came out that banks should consolidate, we had to re-strategize and came up with an enterprise solution, that was how we started over time until 2008/2009 when banks started having ATMs, debit cards and everything was online, with the advent of that came fraud cases that necessitated our coming into cybersecurity when banks started to assure not only the people but the systems that were doing the transactions. We started giving them those services on how to make sure that those systems were secure.
Cybercrime
Essentially, cybercrime is a computer-related crime and has to do with malicious persons unlawfully penetrating another person’s network. In cybercrime, computer is used to carry out nefarious activities, so it is the combination of using a computer and the internet to hack into an individual system, corporate system or state’s system. These days, we talk about digital colonies because of internet penetration all over the world, everybody is connected and because everybody is connected, the world has now become a global village, which is why cybercrime is the new trend of crime now.
Nigeria is ranked among nations with worst cybercrime perpetrators, why is this so?
A lot of factors come into play when you look at cybercrime. First of all, it is a new medium of internet and when you have a nation with population around 180 million with percentage of youth very high. When you don’t engage these young people, they will try to engage themselves because life is about survival. Not that they don’t have cybercriminals in other nations, but in the developed countries, hacking is the demonstration of skills as most times hacking is not done to get money. This happens to places like Eastern Europe, North America but in Nigeria, you discover that before cybercrime, these young people used to rob with knives and gun but now that financial institutions have opened channels, of course they will try to steal using the channel. Cybercrime started mainly as scam, for instance, yahoo-yahoo fraud and all that, it didn’t have to do with security or hacking, it was primarily scamming people and that is why Nigeria is rife with that kind of thing because there are young people who absolutely have no jobs but have to exist and survive. The barrier to entry in Nigeria is very low because, initially, when some institutions started getting online, they were primarily concerned with usage and people. Banks at that time bought the cheapest ATMs that were easily hacked or cloned because they were thinking that no adoption would happen. When you bring in something cheap with little security, you will have people desiring to explore. So, those boys saw it as an opportunity as they saw technology was feeble. This is why when cyber security is talked about, Nigeria is among such countries but a lot is changing because there is sensitization, awareness , consumer protection as the Central Bank of Nigeria (CBN), Nigeria Communication Commission (NCC) have tried in those areas but there are still some falling prey to this crime.
Threats of cybercrime to Nigeria
Nigeria has become part of the global village and, being a global village, everyone is connected to the internet and the internet is public. Because the internet is made public, the threats are in the wild. Whether you like it or not, the internet does not recognize your nationality because it is a public space so the threats are enormous. The threats landscape has actually evolved over time with even the new forecasted research that by 2022, cybercrime loss will be in the tune of $6 million. This is to say that the cyber market is very big and the reality is the cyber criminals follow where the money is, unlike before where you think about malware viruses, now we are having sophisticated attacks like ransomware which is in the form of digital kidnapping in which if you do not have the right security measures within your system, your system is totally hijacked. MERSK was attacked by ransomeware last year and they lost $280 million just because of a ransomeware attack and it is not just about ransomeware, there are others out there. I look at it from the point of structured and unstructured attack: unstructured attack occurs when the bad guys are in the wild and will attack if the security is weak, whereas structured attack occurs when these attackers plan ahead to attack a system or organisation. So, the threats are there but what is important is that you cannot stop the threats, rather what you can do is ensure that you protect yourself, that is why it is appropriate for organizations to have a protective mechanism to ensure that the threats do not affect them.
Do you think the government is guarding its activities from hackers?
I do not think so because for you to guard yourself, you have to understand the problem, what you are guarding and what you are guarding against. When you have a proper understanding, you will able to secure your environment. The government needs to do more because when you are dealing with human beings, it is a bit easier in a country like Nigeria; you expect a level of rationality. When you are in terms with things that are outside your control, the system is not something you appeal to. Yes, the government is trying to come up with cybercrime bills but, at the end of the day, cybercrime is not something you treat the same way you treat a physical good, so a lot of that has to with training and capacity building. Government needs to get the law enforcement agencies sensitized on what to check whenever they catch someone and they should do things the right way not just arresting individuals with laptops and labelling them as fraudsters. In other jurisdictions, the governments are more sophisticated in some of the things they do. I think the Nigerian government has evolved because there was a time things were on ground zero and they were not really doing anything but right now, NITDA is focusing on creating cyber-security awareness for the Nigerian populace and of course the Office of the National Security Adviser to the President right now has a security operation centre where every day they give out bulletins on cyber threats, trend analysis of what is happening in the cyber space but can they do more? Absolutely, they can do more, aside from the education part because when you look at cyber security, there are three things involved which are the people, process and technology. We can talk about sensitizing the people but bringing it to the technology part is obviously lacking because most websites are running on default password. Even APC’s Twitter handle was assumed to have been hacked so it shows the level of maturity and attention the government is giving to infrastructure in terms of technology. They need to build more capacity and in time ensure a robust process is in place and then to ensure they are improving their security structure.
Protecting against hackers
If it is a laptop, the individual or organization has to install the latest patches of the operating system that comes with the laptop. A lot of times, people get laptops and out of over excitement, they use it without installing some things. The first thing to do is to get the latest updates or patches of software that you will be running, then get a proper antivirus, not the free one that people will download and use for free but the ones you pay for and continue to update every day. Get anti-malware, encryption process that way you can do. If it is your phone, make sure you don’t open your WhatsApp or any file from somebody. Sometimes you get a video file asking you to watch, these files are embedded in viruses and malware. Make sure the person sending you file is someone you know. Lastly, a lot of people that love connecting to free Wi-Fi access should know the authenticity of the source because a lot of those things are traps so users should be careful and do the things mentioned. If these things are done, you will be at least 99.9 per cent secure.
Security operating centre
When you talk about protection against hackers, what is very important is to have a clear enterprise risk mitigation strategy and because you need to look at how to prevent, so it is a three dimensional process. You need to be able to prevent, detect and then respond. What the security operation center does is to ensure that there is an active monitoring in place to prevent. It is just like a normal robbery, before robbers will come to your environment, they will do some surveillance to see how to attack the environment, it is also the same with the cyber space, before hackers will attack you, and they will gather information. Every organization or country in the world is recognized by their IP address. An IP address is a logical means of identification on the internet and so at that time cognizance means they are scanning or checking for so when somebody is at a point of scanning you, we trigger an alarm to tell you that somebody is scanning your IP address. What we do from the security operations is prevention, detection and in responding, we will initiate communication with the organizations that are connected to us to say this IP is trying to get to you, we ask if we can block it. Even at digital encode, the reality is that you cannot stop hackers who are trying to attack you, so if you try to scan our IP address, we block you automatically, so in a nutshell, what the security operation does is to provide services proactively in terms of preventing hackers from hacking into your environment and having a way to detect it and also giving a prompt response.
Digital Encode in the next 5 years
We are going to be 15 years this year so our first goal was to conquer the Nigerian environment because charity begins at home. We are actually number one cyber security company in Nigeria so we had a growth strategy plan, so in the next 5 years, we working hard to pride ourselves to be a Pan-African cyber security, governance risk and compliance company in Africa and ultimately be in the top 5 of the world. In fulfilling that strategy, we set up a New York office so we are not just a Nigerian company anymore; we are now a local Nigerian company operating in the world because of our global presence in New York.
Our growth strategy is to build capacity, deliver values to the customer and build and maintain relationships.