EDITORIAL
Editor's Note- February 2020 Cyber security remains to be an important concern in today's society. The safety of each person's data matters to them. Global Information Security expert Stephane Nappo once said, "It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it." Reputation is an invaluable form of property which African states have endeavoured to regulate. In this edition of The People's Accolade Law Magazine, we focus on the dynamic areas of cyber security regulation. Here, we strive to inform you of the going- ons in the African states with this respect while striking a balance with the global aspects. Brandon Otieno, a Kenyan lawyer gives a critique of the International Convention on Cybercrimes- Budapest Convention on Cybercrime, quite an interesting read. Nigerian- based cyber security and technology practitioners- Ibrahim Tijani and Ridwan Oloyede put a deep focus on cyber insurance, and its impact on cyber security as David Akindolire informs us on the subject of data protection with a clear focus on Nigeria. Our own Alphayo Ongeri gives us an informative yet critical outlook of the Kenyan perspective of cyber security, and how it has grown; as Kenyan lawyer and cyber security enthusiast Gwehona Neto informs us of this looming cyber security threat in the name Deep fakes; quite informative. We sum it up with one from our own Ezekiel Archibong who gives us an artistic approach towards privacy. This edition's special feature is ConďŹ dence Staveley: a security professional and an Information Technology (IT) expert with a remarkable background in Cyber security, a sector she has passion for. She shares her deep insights on this disruptive area, which indeed is an informative and educative aspect. At The People's Accolade Law Magazine, we strive to inform, entertain and inspire our readership by giving them a topical approach in our editions. Share with us your feedback to editor@thepalmagazine.com The PALM prides itself to be Africa's Millenial Magazine. Editor Happy Reading.
EDITOR IN CHIEF Adedoyin Fadare DEPUTY EDITOR IN CHIEF Moses Brian Onyango
MANAGING EDITOR Olayanju Phillips DEPUTY MANAGING EDITOR Oluwatobi Adekoya
SENIOR EDITOR Alphayo Ongeri Wyclie EDITORS Olusola Odeku Georgina Mabezere Stanley Omotor Simi Sebiomo
www.thepalmagazine.com
2
CONTENT
CONTENTS CYBER INSURANCE IN NIGERIA
4
Cyber-attacks are getting more complex, frequent and expensive. According to the Global Risk Report 2019
10
CYBER SECURITY IN THE 21ST CENTURY
8
Cyber security is a contemporary concern within any organization and government that takes the security of its data and stakeholders seriously.
12
16
19 10
CYBERSECURITY : A TIMETICKING BOMB FOR THE WORLD TO DECISIVELY ACT
According to the Black's Law Dictionary, technology can be defined as 'information application to design, production and utilization of services and goods and organizing human activities according to the Black's Law Dictionary 12
ADVOCATING DATA PRIVACY IN NIGERIA
The definition of data is extensive and contains all available information concerning individuals and corporations. 16
WHEN SEEING IS NOT BELIEVING
Psychologists contend that our brain's cognitive capacities are wired to believe everything we see evidently, cross-cultural adages and proverbs are littered with the inviolable standard of proof-primarily hinged on sight 19
THE PEOPLE’S ACCOLADE LAW MAGAZINE (THE PALM) INTERVIEW WITH MRS. CONFIDENCE STAVELEY
Overtime, Confidence Staveley has become a distinguished leading voice in the African Technology Space; last year, she became a BBC Biz 100
www.thepalmagazine.com
3
CYBER INSURANCE
CYBER INSURANCE IN NIGERIA RISK HEDGING IN AN INCREASING THREAT LANDSCAPE IBRAHIM TIJANI AND RIDWAN OLOYEDE
C
yber-attacks are getting more complex, frequent and expensive. According to the Global Risk Report 2019, cyber-attack ranked 4th on the global risk landscape. A data breach could result in revenue loss, operational disruption, loss of trust and reputation; drop in share price, loss of investment opportunities, litigation, fines and sanctions, and in extreme cases, and a shutdown of business. According to Serianu’s 2017 Cyber security Report, Nigeria lost $649 million to cyber-attack. According to Hiscox, cyberattacks cost organizations about $200,000 on the average. The NotPetya attack for example cost pharmaceutical giant, Merck $ 8 7 0,0 0 0,0 0 0 a n d D a n i s h s h i p p i n g c o m p a n y, M a e r s k $ 3 0 0,0 0 0,0 0 0. T h e a b o v e underscores the impact of cyber attack to an organization or a country as a whole.
The growing global privacy and security legal obligation is increasing compliance requirement for organizations. Similarly, the persistence and the wide spread of attack affects small, medium and big size organizations. Verizon’s Data Breach Investigation Report 2019 indicates that about 43% of online attacks are aimed at small businesses. The increasing cost of cyber security has made a growing need for cyber insurance to limit exposure and liabilities of company. Christine Marciano, President, Cyber Data Risk Managers, rightly noted that “the cyber threats of today are the insurance claims of tomorrow.” C o n s e q u e n t l y, b e y o n d compliance obligations, organizations are considering insurance as part of their risk management strategy.
UNDERSTANDING CYBER INSURANCE
A cyber insurance policy, "also referred to as cyber risk insurance or cyber liability insurance coverage (CLIC), is designed to help an organization mitigate risk exposure by offsetting costs involved with recovery after a cyber-related security breach or similar event." Cyber insurance is fast becoming an integral part of survival for organizations. According to PwC, VI the cost of premium is predicted to be $7.5 billion by
www.thepalmagazine.com
4
CYBER INSURANCE
LEGAL FRAMEWORK IN NIGERIA Cyber insurance is still a nascent phenomenon in Nigeria. A quick search of top insurance companies product offering in the country did not include it as a product, though we found a number of insurance companies offering "electronic equipment" and "computer and electronic equipment" policy as a product; the scope of the policy covers electronic data processing, data loss amongst other things.
Managers, rightly noted that "the cyber threats of today are the insurance claims of tomorrow." C o n s e q u e n t l y, b e y o n d compliance obligations, organizations are considering insurance as part of their risk management strategy.
Nevertheless, cyber insurance is not mentioned inside the Insurance Act 2003 (the "Act"), but a close reading of the law does not expressly prohibit the creation of such policy. Section 2(5) of the Act provides that an insurer "may be authorized to SCOPE OF INSURANCE COVER transact any new category of miscellaneous insurance Cyber insurance policy business…" Section 16 of the Act characteristically covers similarly provides a framework for a p p r o v a l o f n e w p r o d u c t . expenses related to first and Similarly, the Central Bank of third parties claim. The cover Nigeria Risk based Cybersecurity includes cost of the breach, Framework provided that cyber- i n f r i n g e m e n t o f d a t a insurance coverage should be protection and privacy laws, considered as part of security and cost of recovery. When assurance program for Payment there is a claim, the insurance Service Providers. The growing global privacy and security legal obligation is increasing compliance requirement for organizations. Similarly, the persistence and the wide spread of attack affects small, medium and big size organizations. Verizon's Data Breach Investigation Report 2019 indicates that about 43% of online attacks are aimed at small businesses. The increasing cost of cyber security has made a growing need for cyber insurance to limit exposure and liabilities of company. Christine Marciano, President, Cyber Data Risk
company is expected to indemnify the assured the cost of forensic investigation; computer and data restoration costs; business interruption; public relations cost; notification of victims of the breach cost; electronic theft and fraud protection; and cyber extortion. In the event that a third party suffers from the loss occasioned on the assured, the insurance company will be expected to indemnify the third parties in accordance with the terms of the insurance policy.
www.thepalmagazine.com
5
CYBER INSURANCE
CHALLENGES
1 Low reporting rate – The risk landscape keeps evolving and organisations are inclined to under report the full impact of breaches in order to avoid adverse publicity and loss of customers trust. In Nigeria, despite the obligation to report an attack under different laws, the level of reporting is low. The absence of true data to reflect extent of data breaches makes it hard to ascertain precisely the cost of financial loss, which in extension makes it harder for the insurer to have incisive insight.
3 Regulatory – the insurance regulatory body, National Insurance Commission (NAICOM) pose a major threat to the advent of cyber insurance. The body is conservative and hence a bit careful with the adoption of new insurance products. NAICOM as regulators must take steps to develop a comparable framework among multiple jurisdictions for cyber insurance conduct and supervision.
2 Difficulty in identifying skilled practitioners – Though, according to the 2016 Serianu's Africa Cyber Security Report, it was reported that the skill gap in Nigeria is low compared to our population. However, some professionals differ and opine that lack of opportunities for practitioners is the actual problem, rather than absence of competence. According to Nurudeen Odeshina, a privacy and cybersecurity manager, "I do not think there is lack of experts, but dearth in the identification of experienced security experts." In today's online age, the number of threats to businesses and their customers increases every day and the awareness and ability to combat these threats is still very low. For cyber insurance to thrive, the knowledge gap and the ability to unearth talent in the industry has to be addressed.
4
Proper risk profiling – The Risk Profile Assessment (RPA) is a tool that calculates the inherent risk of an organization based on the answers to a series of multi-choice questions. This is an essential activity that must be properly executed before any cyber insurance policy can issued. The major challenge here is related to the lack of skilled personnel to carry out a proper risk profile exercise.
FACTORS TO CONSIDER BEFORE CONSIDERING CYBER INSURANCE POLICY Any organization that processes personal data and hold other valuable corporate digital asset, or uses the cloud, should consider adding cyber insurance to its budget. The proliferation of devices that could connect to business networks increases the threat landscape for malicious attack on an organization. "As with any other sort of insurance, the cost of a cyber-insurance policy will depend on a number of factors—industry type, size of business, annual revenue, and estimated risk level, among other things." An adequate policy will aid organizations to survive the storm more effectually. It is important for an organization to assess its risk exposure by creating a risk profile. The risk profile help to create a list of expenses an organization desire to cover in the event of a breach. Then, the organization can make projections for third-party costs. Such organization must have in place best cyber security practices to protect against attack. "An insurer might request an audit of an organization's processes and governance as a condition of coverage." The insured should be wary of policies that are vague and unreasonable, and mindful of exclusions. The decision to take a policy should involve the cyber security, IT, legal department and the board. Regarding costs, cyber insurance coverage and premiums are based on an organization's industry, type of services provided, data risks and exposures, security posture, policies and annual gross revenue. Organizations have to decide if they need insurance relative to their risk exposure and also if the scope of the cover, they are buying addresses their risk.
www.thepalmagazine.com
6
CONCLUSION Cyber insurance is still a burgeoning product in the Nigerian market, and indeed a global phenomenon but as the threat landscape increases, it will emerge as part of wider business survival strategy. Cyber insurance is not a replacement for implementing the appropriate level of privacy and security required by a business. Organizations will continuously need to put in place process and technology to limit risk and also train its staff to maintain best practice. Cyber insurance at best, forms part of risk management strategy and not a replacement for good privacy and security practice. Above all, insurance companies must remain flexible and should continue to review their products and consider new offerings. IBRAHIM TIJANI AND RIDWAN OLOYEDE The writers: Ibrahim Tijani is a cyber-security analyst with experience in the Insurance industry in Nigeria while Ridwan Oloyede is the Partner (Privacy, Data Protection & Legal Services) at Tech Hive Advisory, Nigeria
REFERENCE 1 Ÿ https://www.weforum.org/reports/the-global-risks-report-2019 2 Ÿ https://www.zdnet.com/article/company-shuts-down-because-of-ransomware-leaves-300-without3 jobs-just-before-holidays 4 Ÿ https://www.serianu.com/downloads/NigeriaCyberSecurityReport2017.pdf 5 Ÿ https://www.hiscox.com/documents/2019-Hiscox-Cyber-Readiness-Report.pdf 6 Ÿ https://enterprise.verizon.com/resources/reports/dbir/ 7 Ÿ https://www.pwc.com/gx/en/industries/financial-services/publications/insurance-2020-cyber.html Ÿ National Insurance Commission established by the NAISOM Act of 1997 8 Ÿ https://www.oecd.org/daf/fin/insurance/Enhancing-the-Role-of-Insurance-in-Cyber-RiskManagement.pdf
A RAID OF CLOISTERS by Ezekiel Oluwasalvage Archibong We value our privacy ! The solace in secrecy, Blissful obscurity, Like an anchor, holds the lock to our precious oblivion. We hate invasion of privacy! It's a rape on revered psyche, A foray into an hermitage. Privacy is a right, a right abused! We dread people sliding into our cupboard life Yet we loosen the hydrant on our timeline A leeway to snoop and foil for spite. A career is born in public. Is privacy still private ? The birds are fleeing the trees, They no longer feel at ease. The antelopes react from every foot-fall, For fear of plunging their lungs with bullets. Because my life lay bare like an open book, Makes it very easy to be caught in this hook.
The Poet is an Editor at The PALM
www.thepalmagazine.com
7
ST
CYBER SECURITY IN THE 21 CENTURY
C
A KENYAN PERSPECTIVE ALPHAYO ONGERI WYCLIFFE
yber security is a contemporary concern within any organization and government that takes the security of its data and stakeholders seriously. Governments all over the world are concerned with creating an unpenetratable firewall to safeguard their data. The risk has increased significantly with the ever demanding adoption of technology in all sectors of the economic, social and political spheres of life. The risk of suffering a cyber-attack is not only resident in the developing world but also in the most advanced territories of the world. Lest we forget Julian Assange and the Wikileaks saga of the year 2006-2010 and before seeking asylum in his country's (Ecuador) London Embassy for close to seven years. Cybercrimes assumes many styles and shapes. In Kenya, there are created 22 cybercrimes that are punishable offences in Kenya. They are; unauthorized access to device, unauthorized interference, unauthorized interception, illegal devices and access codes, unauthorized disclosure of passwords and access codes, cyber espionage, false publications, publication of false information, child pornography, computer forgery, computer fraud, cyber harassment, cybersquatting, identity theft and impersonation, phishing, interception of electronic messages and money transfers, willful misdirection of electronic messages, cyber terrorism, intentional withholding message delivered erroneously, unlawful destruction of electronic messages, wrongful distribution of obscene or intimate images and fraudulent use of electronic data. In pursuit of a large social media following many young men and women are involved in one or two cybercrimes without intention. Ignorance can be so costly though. In Kenya for instance, Section 11 of the Penal Code in no uncertain terms decrees that ignorance of the law is no defense in any criminal or civil suit. Impersonation and identity theft will and can therefore be punished under the law as a cybercrime whether it is manifested through a parody account or any other forms.
The Kenyan system has had its fair share of cyber security issues. In the wake of the historical ruling of September 1st 2017, Supreme Court Presidential Petition No. 1 of 2017, Raila Amolo Odinga & Another v Independent Electoral & Boundaries Commission, Uhuru Kenyatta & Others, the main argument raised by the opposition, Raila-led National Supper Alliance, NASA, was that the Electoral commission's servers had been infiltrated by the government and its surrogates thus interfering with the integrity of the vote. Indeed, maybe as a vindication of the same, the IEBC and the government in general contumaciously disobeyed the Supreme Court's orders to open the servers, allow the court experts and the petitioner access so as to confirm or refute the allegations. To date, the servers remain closed, what lies therein is only known to a few people and indeed the people in France are "still asleep". Based on the disobedience of the order and the glaring irregularities and inconsistencies unearthed by the counterchecking of the hardcopies of Form 37A, 37B & 37C, the court was left with no option but to disturb the election and order a rerun. This is how far cyber
www.thepalmagazine.com
8
CYBER SECURITY IN THE 21ST CENTURY
Cyber encryption and password protection may not perse solve the problem in the long run. The Insurance industry in Kenya has not yet developed enough to assure organizations, corporations, individuals and the government enough cover in case of great losses. Something needs to be done. With the passage of the Data Protection Act, 2019, the agency that will be charged with protecting personal data will have to think out of the box. The 21st Century problems cannot be detected and solved using the 20th Century lenses. In a recent report by the Kenya Bankers Association, the body faulted digital money lenders[Mshwari offered by NCBA under the auspices of the telecommunications operator, Safaricom; Tala, Branch et cetera.]for exploiting
'insider information' about their borrowers. The lenders have gone too far in data privacy breaches, they access the contact lists and use them to pressure repayment of debts. This kind of illegal processing of personal data, which is a crime under the Data Protection Act and thus punishable exposes Kenyans to possible cyber-attacks, hacking, loss of revenue, breach of security and exposure of intimacy to unauthorized persons. Indeed some businesses may close down due to the fact that some fraudulent individuals will hack their icloud systems, steal their intellectual marks and offer counterfeit services thus rendering the intellectual property holders jobless. In the upshot, Kenya, Africa and indeed the entire globe have a task to perform. Cyber bullies are many. th Cybercrimes are on the rise. Each second they go undetected if we continue to use the 20 Century lenses to detect and arrest their happening. Resources will be needed, expertise will be required. Countries must now invest in training and exposure of their youthful generation so as to tackle the problems that cybercrimes pose. Probably, the insurance sector will consider having as part of its products cyber security policies. Technology has come and is advancing daily, contemporary issues require it to be sorted, but like a double-edged sword it demands to be handled wisely and carefully lest it will be the curse of the 21st Century. Alphayo Ongeri Wycliffe The writer is a Kenyan, holds an LLB Hons (UoN); LLM Candidate (SLS); Advocate Trainee (IKM Advocates) & Senior Editor, The PALM. He takes great pride in mentorship and teaching. He believes in sound leadership as an engine for growth.
CALL FOR ARTICLES All contents should be sent to editor@thepalmagazine.com +234(0)907-186-0400 +254 702 242288
www.thepalmagazine.com
9
CYBERSECURITY A TIMETICKING BOMB FOR THE WORLD TO DECISIVELY ACT
-BRANDON OTIENO OTIENO
A
ccording to the Black's Law Dictionary, technology can be defined as 'information application to design, production and utilization of services and goods and organizing human activities.' A literal analysis of this definition mirrors the tremendous impact that technology has had on the modern world. The advent of technology resulted in rapid industrialization of countries, as well as, accelerated the flow of information and communication of people to unprecedented levels. The increase in technological advances has not been all positives. There are notable cyber security challenges that have shaken the world in recent times. Of great concern have been privacy issues, hacking and misuse of personal data. The world over, nations have continually enacted laws and introduced legal mechanisms to minimize the risk of citizens falling victims of cybercrime in its many forms. The Kenyan legislature recently enacted the Data Protection Act, 2019 (the "Act") which gives effect to Constitutional clauses that provide for the right to privacy. The Act not only defines what falls within
the realms of personal data, but also addresses critical issues such as the compulsory obtaining of express consent from a data subject before processing his or her personal data. The Act also stipulates guiding principles that must be adhered to in relation to data processing. Some of these include the prohibition of transferring data outside Kenya unless there is proof of consent from the data subject and a guarantee of adequate data protection. The Act also stipulates a penalty for non-compliance with the provisions of the Act. Such a penalty may constitute either a fine not exceeding Three Million Kenyan Shillings or a term of imprisonment not exceeding 10 years or both. The
www.thepalmagazine.com
10
A TIMETICKING BOMB-TIME FOR THE WORLD
Kenyan Data Protection Act, 2019 is a testament to the realization of the threats posed by unregulated use of technology and cyber security attacks. The world needs to unite and come up with ingenious measures and laws that can be used in curbing these negative effects of technology.
Recently, the world woke up to the news that the personal phone of Jeff Bezos might have been hacked by the Saudi Crown Prince Mohamed Bin Salman. Investigations are still ongoing on the matter, however, the question of what such a development means for an ordinary citizen? If the personal phone of one of the world's richest men can be easily hacked then what guarantees the safety of personal information of people from the lower cadres of the society? This only affirms the need for a more practical international convention to regulate the field of cyber security and data protection. Such a convention ought to outline severe sanctions on the violators of cyber security rules. C u r r e n t l y, t h e B u d a p e s t Convention on Cybercrime is the substantive international Convention on cybercrime. The Convention establishes some
positive standards on cooperation among States in fighting cybercrimes. It also provides for extradition rules and highlights the need to pursue criminal policies that relate to cybercrimes. It is, vital to acknowledge the glaring flaws presented in the Convention. Firstly, the Convention fails to cover a wide range of cybercrimes such as unsolicited emails and identity theft. Secondly, it is hard to facilitate mutual legal assistance between States due to complex and lengthy procedures. Lastly, the convention has not been ratified by nearly two-thirds of countries in the world. In Conclusion, world leaders have to act now to amend and overhaul the existing Convention to make it more effective or in the alternative proffer a new internationally accepted
proffer a new internationally accepted Convention. Technology changes with time, so also should the law, both at the national and international levels in order to keep abreast with this rapidly developing landscape.
BRANDON OTIENO OTIENO
The writer is a third-year student of Law at the University of Nairobi, Kenya. He is an author of fiction stories and a blog post, 57TH CORNER. He is an avid reader and a lover of technology
www.thepalmagazine.com
11
ADVOCATING DATA PRIVACY IN NIGERIA DAVID AKINDOLIRE
The definition of data is extensive and contains all available information concerning individuals and corporations. The advent of information technology has quadrupled the amount of information available. Necessarily, governments of the world are promulgating data protection legislation to regulate the processing of data and to safeguard information of persons. The Nigerian experience has been slow and steady. In the beginning, there was no comprehensive law for data protection. However, the privacy of persons is protected by Section 37 of the Constitution of the Federal Republic of Nigeria 1999 (as amended) which guarantees the privacy of citizens, their homes, correspondences, telephone conversations and telegraphic materials. Specifically, the rights of children are protected by the Child Rights Act No. 26 of 2003. Section 8 of the Act guarantees every child's right to privacy. Section 205(2) protects the records of child offenders.
www.thepalmagazine.com
12
ADVOCATING DATA PRIVACY IN NIGERIA
REGULATORY FRAMEWORK There have been specific laws that have contained snippets of data protection. For instance, the Freedom of Information Act No. 4 of 2011. This Act actually provides for public access to public records. Still, it prevents a public institution from disclosing personal information to the public unless the concerned individual consents to such disclosure. It also provides that a public institution may refuse to disclose information that enjoys professional privilege (lawyer-client privilege, for instance). The National Identity Management Commission Act of 2007 establishes a Commission. This Commission is responsible for operating a National Identity Database. The Act provides that no person or company shall have access to data or information contained in the database with respect to a registered individual without authorisation. The Commission is only authorised to share such information if it is in the interest of national security. The Consumer Code of Practice Regulations was issued by the Nigerian Communications Commission (NCC) in 2007. It requires telecommunication operators to take reasonable steps to protect consumer information against "improper or accidental disclosure". It further provides that consumer information must "not be transferred to any party except as otherwise permitted or required by other applicable laws or r e g u l a t i o n s ." I n t e r e s t i n g l y, t h e Registration of Telephone Subscribers Regulation 2011 (as issued by the NCC) affords confidentiality for telephone subscriber records maintained in the NCC's central database.
records for every user of health service. The confidentiality of such records is to be maintained and protected. Meanwhile, the Cybercrimes Act 2011 prevents the interception of electronic communications and imposes data retention requirements on financial institutions. Finally, the Federal Competition and Consumer Protection Act of 2019 requires the Commission to protect the business secrets of all parties involved in the Commission investigations.
THE NIGERIAN DATA PROTECTION REGULATION 2019 In 2007, the National Information Technology Development Agency (NITDA) was set up by the National Information Technology Agency Act (NITDA Act) as the statutory Agency with the responsibility for planning, developing and promoting use of information technology in Nigeria. The Agency is mandated to develop regulations for electronic governance and to monitor the use of electronic data. In line with this responsibility, the Agency issued the Nigerian Data Protection Regulation (the "Regulation") in January 2019. Essentially, the Regulation aims at protecting the personal data of all Nigerians and non-Nigerian residents. It targets transactions that involve the processing of personal data.[3] The Regulation is directed to government agencies and private organizations that own, use and deploy Nigerian information systems as well as foreign organisations that process personal data of Nigerian residents.
The National Health Act of 2014 requires health establishments to maintain health
www.thepalmagazine.com
13
ADVOCATING DATA PRIVACY IN NIGERIA
WHAT IS PERSONAL DATA? Section 13 of the Regulation defines data to include a name, an address, a photo, an email address, bank details, posts on social networking sites, medical information, computer internet protocol (IP) address and any other information specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that natural person. Data is personal when the information relates to an identified or identifiable natural person, whether it relates to his or her private, professional or public life. Under the Regulation, certain general principles govern data processing. Personal data must be processed for the specific lawful purpose as consented to by the Data Subject. It must be without prejudice to the dignity of the human person. Also, it must be stored only for the period within which it is reasonably needed. Finally, it must be secured against all foreseeable hazards and breaches. Accordingly, everyone who is in possession of the personal data of a Data Subject owes a duty of care to the Data Subject. WHO IS A DATA SUBJECT? A Data Subject is the identifiable person who is identified with reference to an identification number or other factors specific to his/her identity.[6} Simply, a Data Subject is the individual who the data is about. Every natural person is a Data Subject. That is, humans, not companies. Data Subjects are accorded certain rights: the right to rectify the information and to have it in a portable format, the right to erasure of the information, restriction in processing the information and the right to transfer the information to a third party
WHO IS A DATA CONTROLLER? A Data Controller determines how ("the processes for and the manner in which") personal data is processed. In most cases, the Data Controller is the company or organisation that possesses/requests for your data. This is distinguishable from a data administrator who simply processes data. A Data Controller must adhere to the legal basis provided by the Regulation. Data processing is only lawful in the following instances. That is, the processing has been consented to by the Data Subject, the processing is for the performance of a contract, the processing is required for compliance with a legal obligation, the processing is required for protection of the vital interest of a Data Subject or another natural person; or the processing is necessary for the performance of a task carried out in the public interest. When the Data Controller seeks to obtain information from the Data Subject, the Data Controller must provide certain information. These include the identity and contact details of the Data Controller, the contact details of the Data Protection Officer, the purpose for which the data will be processed as well as the legal basis, recipients of the data, the period for storing personal information, rights of the Data Subject and information about the possible transfer of the information to third parties, foreign countries or international organisations.
DATA PROTECTION OFFICER This person is designated by the Data Controller to ensure that the Data Controller is compliant with the Regulation.[11] That is, Data Controllers may hire compliance staff to oversee data protection within the organisation. PENALTIES The penalty for failing to comply with the Regulation is dependent on the number of data subjects that a Data Controller processes:[12] More than 10,000 Data Subjects – payment of the fine of 2% of Annual Gross Revenue or 10 million naira whichever is greater Less than 10,000 Data Subjects – payment of the fine of 1% of the Annual Gross Revenue or 2 million naira whichever is greater
www.thepalmagazine.com
14
ADVOCATING DATA PRIVACY IN NIGERIA
ENFORCEMENT
CONCLUSION
The NDPR contains “implementation mechanisms”. For instance, it directs all public and private organisations in Nigeria (that control data of natural persons) to publish their data protection policies within 3 months after the issuance of the Regulation. It makes the designation of a Data Protection Officer compulsory. The NDPR creates Data Protection Compliance Organisations (DPCO) to monitor the compliance of Data Controllers and provide advisory services. On 10th December 2019, NITDA published a list of licensed DCPOs that included 27 entities. An Administrative Redress Panel is legislated to investigate allegations of breach. Ultimately, it directs the Agency to foster international cooperation mechanisms with foreign countries.
DAVID AKINDOLIRE THE WRITER IS A NIGERIAN LEGAL ENTHUSIAST
Overall, the NDPR is a welcome development for Nigeria and is perhaps the highlight of a legislative year. The actions of NITDA are visible and commendable. In October 2019, it commenced investigation into a potential breach of privacy rights of Nigerians by the Truecaller Service. Apparently, the privacy policy of the Truecaller was divided into two sets – one for those in the European Economic Area and another for those outside the EEA. Nigeria fell under the second category. An assessment of the relevant policy revealed noncompliance with the NDPR. The expository press release (as published on NITDA's website) concluded with the following words: NITDA would like to assure Nigerians that will continue to monitor the activities of digital service providers with a view to ensuring that the rights of Nigerians are not unduly breached while also improving the operational environment to support ethical players in their bid to get maximum benefit from Nigeria.
REFERENCES 1 DLAPiper, Data Protection Laws of the World https://www.dlapiperdataprotection.com/index.html?t=collection-and-processing&c=NG 2 Aelex An Overview of Big Data & Protection in Nigeria https://www.aelex.com/wpcontent/uploads/2019/05/An-overview-of-Big-Data-and-data-protection-in-Nigeria-1-compressed.pdf Udo Udoma & Belo-Osagie Data Privacy Protection in Nigeria https://www.uubo.org/media/1337/dataprivacy-protection-in-nigeria.pdf 3 Templars Nigeria Data Protection Regulation 2019: A Safety Net for Personal Information or just Bandaid? https://www.templars-law.com/wp-content/uploads/2019/03/Templars-ThoughtLeadership_NIGERIA-DATA-PROTECTION-REGULATION-2019_-A-SAFETY-NET-FOR-PERSONALINFORMATION-OR-JUST-BAND_AID.pdf 3 KPMG The Nigerian Data Protection Regulationhttps://assets.kpmg/content/dam/kpmg/ng/pdf/advisory/NDPR-journey-to-compliance.pdf 4 Nigeria Data Protection Regulation Nigeria Data Protection Regulation https://nitda.gov.ng/wpcontent/uploads/2019/01/Nigeria%20Data%20Protection%20Regulation.pdf [1] Section 14 [3] Section 1.2
identification number or other factors [9] Section 2.2 specific to his/her physical, psychological, mental, economic, [10] Section 2.13.6 [11] Section 1.3 cultural or social identity.
[4] Section 2.1
[6] Section 1.3
[5] The Data Subject is the identifiable person who is identified directly or indirectly with reference to an
[7] Section 2.13
[2] Section 16
[12] Section 2.10
[8] Section 1.3
www.thepalmagazine.com
15
WHEN SEEING IS NOT BELIEVING; DEEP FAKES, FUTURE AFRICAN POLITICAL, AND LEGAL NIGHTMARE; A CYBER SECURITY OUTLOOK BY NERO B. GWEHONA
INTRODUCTION
P
sychologists contend that our brain's cognitive capacities are wired to believe everything we see. Evidently, cross-cultural adages and proverbs are littered with the inviolable standard of proof-primarily hinged on sight. For millennia, eye-witness accounts form the most acceptable source of information and standard of proof. Yet there is an emerging technologicallyinduced legal ambiguity posing a threat to democracy in the name of deep fake. improving the operational environment to support ethical players in their bid to get maximum benefit from Nigeria.
AFRICA CASE NUMBER 1 OF 2019 The Republic of Gabon vs. Deep Fake
That Africa is notorious for coup d’états is an open secret. A prevailing consensus is the primary motive for the overthrow of any constitutional order is power. Yet occurrences on January 7, 2019, defied
this time-tested belief. The small West African country of Gabon gave reason for alarm on the power of misinformation. The chain of causation of the coup was an exception rather than the norm considering it's hinging on a perceived deep fake of President Ai Bongo. After much absence (no public appearance since October 2018), President Ali Bongo made a customary new year’s speech to the nation via video. What followed seven days later was a section of the military (Republican guard), not sold on the authenticity of the video, boldly claiming it was a hoax. Considering the coup didn’t instantly occur but took seven days after the address, observers made two interpretations;Either verification period of the authenticity of the video took longer than expected resulting in an uncalculated quick response in the form of a coup or it was a deliberate seven day planning period after the video.
www.thepalmagazine.com
16
The Putsch (The first since 1964) led by elite Republican Guard Deputy Lieutenant Kelly Ondo Obiang, “Operation Dignity,” was, however, u n s u c c e s s f u l . Lt . O n d o a n d h i s h e n c h m e n questioned among other things, oddities in Bongo’s eyes, demeanor and the out of sync jaw movements terming the video( What experts term as) a deep fake. A year later, experts still debate the veracity of the video, ushering an age in the continent where once unimpeachable” video evidence is questionable. Deep fakes are not limited to Africa. Recently, the President of the free world, Donald Trump was on the receiving end after deliberately sharing a video of seemingly drunk Democratic House Speaker Nancy Pelosi. Although the video went viral, it took expert intervention to dismiss it as a deep fake. Yet, the damage was already done, not to mention the inconvincible president’s hardline base. At the time, Congress speaker was leaning towards giving congress the green light for Trump’s impeachment proceedings. Pelosi’s video displayed the possibility of deep fake’s political weaponization in an age where misinformation can influence the outcome of an election, end opponents’ careers, and settling scores amongst private citizens. It is against this backdrop that experts forebode an intractable political and private citizen conflict given the detrimental potential of deep fakes. In a continent bedeviled with electoral malpractice, iron-fist rulers, punishment of dissenting voices, and occasional revenge porn cases deep fakes are a reality.
WHAT IS A DEEP FAKE? A deep fake is a video developed through artificial intelligence via machine learning of images/likeness of a person superimposed on an existing one. Artificial Intelligence utilizes autoencoders and deep learning technology mimicking audio, facial movements of a new image to the original video, making the victim seem to say what they never said. Deep fake’s utility of deep learning is through an algorithm study of the subject matter and adaptions to data obtained to generate a nearperfect fake video in addition to almost perfect audio. Thus the more, images, videos, and audio of a person available, the easier it is to develop a deep fake due to the many set of data available for deep learning.
Africa has 22% internet access, mobile internet penetration and a respectable social media digital footprint. Cases of fake videos of celebrities, politicians, dissidents or revenge porn by jilted lovers are projected to rise. Deep fakes alter the truth, making it difficult to distinguish real events and actions from fiction and fantasy. A recent study by cybersecurity company Deep Trace established that 96% of deep fake videos are sexually explicit in content. Even more alarming is that apart from high celebrity susceptibility, women surpass them by being victims in 99% of the cases. In a continent where women are marginalized, the concept of deep fake videos serves to complicate their private lives further.
HISTORY Deep fakes are reputed to have found their way into mainstream pop culture as early as 2017.A story is told of an anonymous Reddit user with the pseudonym “deep fakes” (origin of the name),who notoriously started superimposing celebrity faces on pornographic videos. As a result, of this, several notorious developers immersed themselves in developing applications that could do the same. An example is Deep Nude, which altered images of women to appear nude. Credible reports indicate that deep fake was previously preserved of Hollywood pre-2017 movie making. However, regular computer users can now develop a deep fake, virtually free from open source softwares from the internet. While in Hollywood, it involved high skills and technological infrastructure, the post2017 era marked the entry of user-friendly opensource software and free apps to do much damage.
IMPACT OF DEEP FAKES AND LEGAL QUESTIONS It’s a no-brainer that autocratic regimes consider deep fakes as their new inexpensive and reliable allies. Whether it is masking disease to cling to power, diverting attention from national issues attributed to “Foreign enemies” or pornographic videos of dissidents to discredit, deep fakes can embolden authoritarian regimes. This technological advancement projects a possibility of reversal of gains made in democratizing post-cold war Africa. Despite the threat it poses to fragile democracies, the conspicuous silence of the continent by opinion
www.thepalmagazine.com
17
AMERICAN PRECEDENCE Across the Atlantic, out of the frustration of lack of Federal legislation (Partly Federal government restraint in interfering with individual states), most states are already exercising their dual sovereignty by passing laws covering deep fakes. Recently, California passed a deep fake- specific law operationalized on September 1, 2019.AB 730 as it is fondly known, expressly makes it illegal to circulate false audio, images, and audiovisual images of politicians, 60 days prior to an election. While the move has been lauded, for shielding voters from misinformation, legal experts are skeptical on its law enforcement.
LEGAL ISSUES Even with the passing of such legislation, the question of free speech versus individual rights of citizens arises. Whereas public official’s victims of deep fake videos may have to contend with the defense of free speech, sexually graphic fakes is as humiliating and career-ending even for private citizens. The thin line between fair comment and copyright or defamation of a public personality through deep fakes is yet to be thoroughly tested in case law and remains purely an exercise of legal speculation Yet African politics is so dirty that one can argue that a politician iis a victim who ‘doesn’t have a reputation ‘which can be damaged by a deep fake (sic). While a victimized private citizen argues the person in the video isn’t actually him, it still borders on a false and malicious statement that constitutes defamation. However, most of these malicious perpetrators/publishers may be either abroad or anonymous, presenting a jurisdiction issue and enforcement of a judgment if the court finds in the victim's favor. Social media platforms prove a challenge when prosecuting libel and reproduction, given the virality of such videos. For example, suing 1 million social media users for libel isn’t practical. Yet platforms giving these videos latitude in the private policy are regarded as third parties.
remedy is the obligation of the original publisher is obligated to remove the original video while the other third platforms aren’t obligated t. While a private citizen enjoys equitable remedies like damages, sought in the form of copyright infringement or defamation, the case is slightly different from public figures. Copyright infringement is difficult to prove when it comes to private citizens since only individuals in the original video having IP rights to the video have legal grounds to sue for an infringement. However, a deep fake victim cannot purport to seek copyright infringement remedies from a video they weren’t in the first place (sic). Unlike in the case of defamation, social media platforms are more likely to be pull down a video from its websites due to copyright infringement.
SILENT WITNESS THEORY In State versus Pulphus 465 A.2d 153 (R.I. 1983), the Supreme court of Rhodes adopted the silent witness theory of photographic admissibility, adding that photographs are substantive evidence that can be admitted upon satisfying the two critical tests of competency and relevance in the absence of witness testimony. The precedence set here has been used worldwide since the decision. Yet, deep fakes seek to rewrite legal standards of proof. It remains to be seen if benches world over will gladly admit video evidence without using expert testimony on a “silent witness. “Deep fakes thus present a departure from the classical dichotomy between truth and “alternative facts”. In a world now riddled with foreign interference of elections such as the Russian interference, deep fakes are the new nuclear weapons in international relations, perjury in criminal cases and rigging of elections. Deep fakes continue to be a cyber security concern even in the advent of regulative mechanisms for technology.
BY NERO B.GWEHONA, KENYA The writer is a Kenyan Lawyer
Third party status of platforms cushions them mostly from libel but doesn’t absolve them from copyright infringement. In a defamation case one
www.thepalmagazine.com
18
THE PEOPLE’S ACCOLADE LAW MAGAZINE (THE PALM) INTERVIEW WITH MRS. CONFIDENCE STAVELEY Overtime, Confidence Staveley has become a distinguished leading voice in the African Technology Space; last year, she became a BBC Biz 100; and was also nominated as an External Faculty Member of the Fintech Institute which is based in Lagos, London and Toronto- this is arguably an attestation and acknowledgement of her professionalism. She is also a Global Shaper, an Initiative of the World Economic Forum and serves in the Lagos Hub, which is one of over 400 other Hubs across the world. Being a Global Shaper is a way she contributes to social responsibility. She loves to write and has authored some of the most relatable and striking Cyber security articles one would find in the Nigerian Cyber security space, she has a knack for adapting her articles for those who are not Information Technology inclined. She enjoys technology and life!
Q Hi! Kindly tell us who Confidence Staveley is? We earnestly wait to meet her. Answer: I am a cyber security professional and an Information Technology (IT) expert. I have a strong background in IT generally and at some point in my career, chose a specialization in Cyber security because it is a field I absolutely love; I am also an entrepreneur and that is what balances me out. I also have a decade's worth of experience in Government, IT and business development roles across multiple sectors ranging from education, banking, government, fintech, etc. Currently, I work as the Country Manager for Digital Information Securities Solutions LLC (DIGISS LLC), a multinational security solutions provider; I lead a world-class team to help clients who are faced with cyber-adversarial elements by implementing and optimising security controls which reduces the likelihood of a successfully breach. While we do that, we increase the odds of promptly detecting an ongoing attack. In my capacity as Country Manager, I lead the development and implementation of cyber champion programs for multiple clients, while working closing with DIGISS LLC Cyber-Fraud Intelligence Unit to better understand the most efficient ways to defend client's data assets and the employees. I am very adept at presenting results of security assessment to clients and coordinating cross functional teams to remediate these findings.
Q Please tell us the institutions you have attended; qualifications and awards obtained. Answer: I studied Information Technology and Business Information systems at Middlesex University London for my first degree where I bagged a First Class Honours. Thereafter, I
proceeded to obtain a MSc in Information Technology Management at the University of Bradford where I also bagged a distinction too. My desire to obtain this degree was predicated on the fact that I was really cut out to balance my tech skills with my business skills in order to function in both roles. More so, I wanted to garner deep knowledge and also the know-how to sell solutions I get involved with or build. I also have an Advanced Diploma in Software engineering and have earned a number of Cyber security certifications.
www.thepalmagazine.com
19
Q
Tell us about your journey to the Cyber security career world? Answer: I was first exposed to the idea of building a career in Cyber security during my MSc in 2012. My interest in cyber security was sparked by a course i happened to choose when I was looking for an intellectually challenging elective. I knew I will get bored if my degree did not challenge me enough. Considering other options, it seemed Cryptography was the right course, because it was perceived as the most dreaded course in my Faculty, by my course mates. As I commenced lectures, the elective became interesting, and this sparked up my interest in Cyber security . There's been a lot of self-learning in this journey of building a career in Cyber security , as well as managing teams which my current job affords me too. It has been an interesting and thrilling journey. I really love how Cyber security remains ever challenging and how one can never actually know it all; it is a fast-paced field which requires training and constant self-development
Q What key areas should African policy makers look into to tackle the deficit in Cyber security Answer: I believe a key thing African Policy makers need to look into to tackle the deficit in Cyber security infrastructure will border around two key things. First is Public Private Partnership (PPP) and also intentional budgeting around meeting the needs in Cyber security , including defending the sovereignty of their nations. Basically, putting in the right funding and the right structures are key things African leaders need to look into. I will say strongly the revision of the laws on Cyber security and executing them will address some of the deficits in Cyber security infrastructure.
Q
It is apparent that the millennial generation is the most active in the cyberspace at this point in time. They are susceptible to attacks; please can you tell us what some of these attacks how can they avoided? Answer: Some of the key attacks millennials tend to face are over exposure on social media which allows people gather enough intelligence to hack their accounts. Millennials should share information discreetly and must be conscious enough not to
post sensitive personally identifiable information. Also, joining online trivias and games which requires provision of highly sensitive data such as date of birth, bank account details, etc. Millennials are exposed to over sharing which must be curbed. Millennials should build cyber-secure habits, such as choosing strong and unique passwords per platform; containing alphabets, uppercase and lowercase, special symbols, numbers and should not be less than twelve characters. I recommend millennials use a password manager to securely manage their passwords. Millennials should also be weary of clicking links or downloading attachments in unsolicited emails or social media messages. Millennials should also learn to possess a healthy level of paranoia to enable them question thoughts as to whether the information contained in any email, phone call or message is true. Millennials tend to download a lot of cracked and free software, which can sometimes be used by cyber criminals to infiltrate and steal personal data. I will highly recommend purchasing software; using cracked software is not safe. Most times when one uses this kind of software, inadvertently a backdoor is open for hackers to pass through or unknowing to the owner, the computing device can be recruited into an army of botnets. When we partake in certain trends, we should be conscious and always question why this app or software is asking for certain personal data,. It is also best practice to check the permissions we grant free software which are not downloaded from the recognized Stores across all platforms and are uncertain what such data will be used for.
Q
The African Union Commission and Symantec, as part of the Global Forum for Cyber security Expertise (GFCE) Initiative, released a report analysing cyber security trends and governmentresponses in Africa. The report explores various Cyber security trends including the overallprofessionalisation of cybercrimes: Rise of Ransomware and Cryptolocker; Social Media, Scams,and Email Threats; Smartphones and the Internet of Things; Business Email Scams; Vulnerabilities. What do you make of this report?
Answer: .This is a great report, it amplifies and further drills down into some of the thoughts we have at #NoGoFallMaga about these issues like the rise of ransom ware, social media scams, business email compromise, etc. The Report stated that
www.thepalmagazine.com
20
“Social email scam and email threats in their simplest forms rely on the poor security habits of the public to succeed". This statement is very true in my experience, as a lot of these ill perpetrators succeed because members of the public do not pay attention or demonstrate good cyber security habits while using the internet. The Report is worth appreciating as it really resonates with me.
. There have been attempts to amend and create laws in this respect; however, it would seem that most of these steps have been foregone, Nigeria needs to open the books and address these issues as the reality demands. Furthermore, the laws of Nigeria must be stricter in punishing cyber o ff e n d e r s g e n e r a l l y, w h i l e p r o m o t i n g e government services and electronic consumption both in the private and public. It will also be of national interest if we define the liability of service providers and ensure they provide service that are secure and protect the consumers; more profoundly our laws must be in line with global best practices. The NDPR is one regulation whose enforcement is questionable. Across the world, there are two things I know the Government is notoriously bad at: doing business and regulating itself; I find out it is a lot easier for the government to regulate the private sector and does poorly at regulating itself especially in this clime. I do not think the NDPR will be dutifully enforced when the government is found wanting in this respect; the structure the NDPR has created can not be sustained. It is best w e a d o p t a m e t h o d o f "A n I n d e p e n d e n t Enforcement Agency" regulate the affairs rather than place it in the hands of the government.
Q
The Cyber Crime Act 2015 and the Nigeria Data Protection Regulation 2019 (NDPR) are two major laws regulating the cyberspace in Nigeria? How profound do you think they have beesustained; do you recommend amendments? Answer: The Cyber Crime Act is long overdue for amendment as it does not address the current realities and threats landscape of the Cyberspace. Law Enforcement Agencies try their best to contain crimes which are reflective of the 21st Century, unfortunately the current laws limit their executory powers. Our laws must be reflective of this Century. Another reason Nigeria must amend its laws is for it to gain the respect amongst the comity of nations to restore and restore the good name of the Country as one which is in line with Global Best Practices.
Q Cyber security careers are complex and many roles can be found with banks, retailers and government organisations. On the job, you can expect to safeguard an organisation's files and network, install firewalls, create security plans and monitor activity. Are these all there is to a career in cyber security? Answer: There is a lot more to Cyber security than these tasks mentioned above. Depending on the role, some cyber security professionals are tasked with collecting intelligence, creating cyber security programs & policies and reporting. Cyber security Professionals conduct Cyber Defense Posture Assessment (CDPA) by ethically attacking the organizations they're hired to protect, that is where the role of Ethical Hackers and penetration testers come into the picture. These ethical hackers will get the written consent of the hiring organization to use the same tools as the unethical hackers, to identify and leverage vulnerabilities in the organization's infrastructure and systems. The key
www.thepalmagazine.com
21
rationale for a Cyber Defense Posture Assessments is identifying these vulnerabilities and mediating them (solving the risk the actual Malicious cyber attackers may capitalize on). There are also Cyber security Professionals who are committed to Research, they research on threats and ensure that required patches are applied to systems are working. Another key role Cyber security Professionals play is educating users, which is a huge part as it concerns maintaining a good Cyber security posture in any organisation. Cyber security professionals depending on their roles usually play the part in change management by driving the adoption of best practices and people management; Cyber security has three parts: People, Technology and Process, the People part is the strongest pillar in Cyber security . Another thing is getting the Board of an organisation to invest in Cyber security programs is a huge thing, securing this investment is a key thing that Cyber security professionals in leadership roles would have to undertake; Risk Management is a very strong underlying part of Cyber security task in some roles; Business Developments too, some Professionals sell Cyber security solutions because of the skills they possess, and it is a huge thing; I cannot exhaust them as the parts in Cyber security are diverse in subsets; due to these various sub sets, individuals who are not IT inclined can also make a successful move into this field.
Q How does your company, DIGISS bring sanity to the cyberspace in Africa? Answer: We bring sanity in Africa by helping organisations that desire certificates, such as the PICSS, ISO7001; we do more than regulatory and compliance consulting. We see organization's needs to meet compliance requirements as an avenue to drive implementation of Cyber security initiative that ensure cyber posture enchancement. We have come to a market in Africa where organisations are keener on getting certificates and bragging about them than on the actual journey of enhancing Cyber security posture in the organisation, this is a key thing DIGISS LCC is doing differently. DIGISS LCC is keen on changing the narrative of Nigeria, from being the Cyber fraud to the cyber talent capital of the world. Nigeria has a huge mass of untapped talents. What we are trying to do with the offerings we have is basically
facilitating or cyber talents in Nigeria to take opportunities and serve our clients in other parts of the world. Another key thing we are doing to sanitise the space in Africa is cyber fraud intelligence gathering, I feel fraud intelligence and cyber threat Intel as a whole is very key to fighting the cyber adversaries. Apart from talent grooming, we are very keen on ensuring that the organizations we serve are protected at all times and we do it excellently!
Q
You are the initiator of the creative movement: #NoGoFallMaga, what is it all about? Answer: It is a National movement with young people working to combat preventable digital fraud and we are focused on fraud perpetuated using social engineering strategies in Nigeria, we believe we can combat this monster with consumer centered education and sensitization. What is social engineering? It is an attack type used by cyber criminals to manipulate and deceive their victims to disclose confidential information. We have seen that this is the number one form of attack prevalent in Nigeria, so we have focused as our Campaign on thwarting this kind of attack especially those that involve email deception, phone-based scams, online fraud. We have also taken keen interest in instances where cybercriminals impersonate trusted organizations to have their way, this attack style has been increasingly successful. Consequently, we are focused on driving awareness about digital fraud, and bringing about its decline, one informed technology consumer at a time. Interestingly, we have over 150+ volunteers across Nigeria and we have reached over 50,000 Nigerians with a combination of both online and offline activities. We have activated events in different parts of Nigeria on different platforms; I can tell you that people are remarkably impacted. We have recently released a book that is Africa's first Cyber security awareness Handbook through a story telling approach to educating the end users about Cybercriminals tactics and procedures they use to commit the crime, and we have got great and raving reviews about the book from major business players.
www.thepalmagazine.com
22
Q
What is the next big thing you are working on?
Answer: From the DIGISS LCC angle, we intend to re-launch cyber talent-as-a-service where we grow and groom cyber talents for virtual export to other parts of the world that experience a huge shortage and can pay for cyber talents. Our talents will be able to serve organizations within and outside Nigeria but do so virtually, and this is a huge one for me. We are also relaunching the IDP service which allows entities to see in real time whether their data has been involved in a cyber-breach and be able to feed our partners with this information to help them protect themselves and the people they serve. On the #NoGoFallMaga angle, the next big thing would be to convert the stories in the book we've just released, into multimedia content that is consumable by Bibliophiles who are a major number in Nigeria and Africa as a whole
Q
It has been a pleasure speaking with you. Please would you be kind to share some ďŹ nal thoughts
Answer: I do appreciate your thoughtful questions; it has been a pleasure sharing a bit of myself and my life, what I am doing with your esteemed Platform. My ďŹ nal thoughts, I just want to put it out there that we should not see Cyber security as that thing that IT does or something for the Tech personnel; we all have a shared responsibility towards ensuring the cyberspace we enjoy is safe, while we consume services and every other thing we consume over the internet, it has become a shared Responsibility in other to make the African continent a safe cyberspace.
www.thepalmagazine.com
23
DISCLAIMER The People's Accolade Law Magazine is meant purely for educational and entertainment purposes. It contains only general information about legal matters. It is not legal advice and should not be treated as such. Limitation of warranties: The legal information in this magazine is provided as is without any representations or warranties, express or implied. The PALM makes no representations or warranties in relation to the legal information in this magazine. Professional assistance: You must not rely on the information in this magazine as an alternative to legal advice from your attorney or other professional legal service provider. All queries, concerns and compliments on the contents should be directed to Info@themagazine.com Kindly visit www.thepalmagazine.com for more information, inquiry or complains Contact details: thepalmagazine.com +234(0) 907 186 0400 (Nigeria) +254 702 242288 (Kenya)
Reach us, for Advert Placement, Subcriptions, & Brand Projection. Sales@thepalmagazine.com +234(0)907-186-0400 +254 702 242288
