News by Professionals 4 Professionals

manufacturing

Nigeria: Finally, Senate Probes Lopsided SSS Recruitment

The Senate Committee on Federal Character and Inter-Governmental Affairs says it has commenced investigation into the lopsided recruitment by the State Security Services, SSS.

The chairman of the committee, Tijjani Kaura, who announced this during Thursday’s plenary, promised that the committee would soon come up with its recommendations.

Quoting Order 43 of the Senate Standing Order, Mr. Kaura said the committee was prompted to commence investigation into the matter following petitions from concerned Nigerians.

He assured the committee would stop at nothing to ensure that the issue of federal character as contained in 1999 Constitution (Amended) was followed to the letter.

“I stand before you, on behalf Senate Committee on Federal Character and Inter- Governmental Affairs, to say that this committee is looking critically into this matter.

“This is with the intention of ensuring that justice is done in this recruitment.

“I also want to add that this committee has similar cases from different agencies, which it is already looking into to ensure the Constitution is strictly followed,” he said.

The president of the Senate, Bukola Saraki, urged the committee to carry out thorough investigation into the matter and report back to the Senate.

“In line with our standing rule, we cannot debate on the matter. We take note of your comment and we will look into the matter.

“The committee should keep us posted on its findings and recommendations.”

The Senate probe is coming days after the Federal Character Commission asked the SSS to explain the shockingly skewed appointments into the organisation.

Shockingly lopsided

PREMIUM TIMES had on April 28 exclusively reported the shocking lopsidedness in the composition of the new officers recently absorbed into the agency.

The agency, also called DSS, had commissioned 479 cadet officers after their passing-out parade in Lagos on March 5, after a nine-month training programme under the agency’s Basic Course 29/2016/17, which encompassed academic activities, insurgency/counter insurgency, intelligence operations and gathering, firearms drills and physical training exercises.

Also Read: EXCLUSIVE: SSS in recruitment scandal – Katsina 51, Akwa Ibom 5; Kano 25, Lagos 7 — SEE FULL LIST

But PREMIUM TIMES investigations revealed wide disparity in the numbers of slots allocated to the 36 states and the Federal Capital Territory, indicating that the federal character principle may have been ignored in the recruitment of the officers.

Our findings revealed that the SSS recruited 51 persons from Katsina State alone whereas all the six states in the south-south got a combined 42 candidates. Also, all the five states in the south-east got less than 50 states.

The action is believed to have unduly favoured northern states, contrary to section 14 (3) of the 1999 constitution as amended.

The report sparked outrage across the land, with many calling for thorough investigations into the alleged lopsidedness.

FOCUS ON SECURITY: Ransomware can paralyze a business

FOCUS ON SECURITY: Ransomware Can Paralyze A Business

BEN SIMS

FOCUS ON SECURITY: Ransomware Can Paralyze A Business

TOM RITTER

By BECKY GILLETTE

Ransomware can not only leave a business paralyzed with no access to its computer system, it can be extremely costly. The amount of ransom demanded has been on the rise over the past year, according to information provided by the Mississippi Attorney General Cyber Crime Center. Documented complaints in Mississippi range anywhere from $2,000 to $21,000 in Mississippi. Outside of Mississippi, victims have been demanded to pay as high as $500,000. According to the Center: Over the past two years, we have seen attacks on the private sector, big business and small business to include casinos, church organizations, web design and data related companies, hospitals, real estate agencies, and private citizens.

There have also been numerous documented attacks on government agencies to include police departments, sheriff departments, state agencies, and county and city agencies. Ben Sims, vice president of operations, Fuse Cloud, said ransomware is a type of malware that holds computers or files for ransom by encrypting files or locking the desktop or browser on systems that are infected with it, and then demanding a ransom in order to regain access.

Criminals have used high pressure techniques to get victims to pay the ransom often several thousands of dollars in order to regain access to file systems, Sims said. This is becoming a bigger problem. Cybercriminals are constantly improving ransomware s hostage-taking tactics with the use of increasingly sophisticated encryption technologies.

Normally the cybercriminals work from a foreign country like India, and payments are made with non-traceable cash systems like Bitcoin. That makes it difficult for law enforcement to pursue ransomware cases. In addition to being deployed by someone clicking on a fraudulent link in an email or downloading from a website, ransomware criminals also get access to a computer system software vulnerability. According to the Cyber Crime Center: The most recent attacks have seen the use of software vulnerability, specifically through remote desk top in windows where the default port is exploited and weak passwords are attacked and brokenl This method of ransomware deployment is most troubling due to the fact the criminal actors are inside the system undetected. The criminal actors can access the system to mine data before deploying the ransomware and erase any trace of their foot prints. A successful deployment of the ransomware renders the victim helpless to the ransom demands.

What should be done to prevent becoming a victim of ransomware?

First of all, educate your users on how to detect phishing campaigns, suspicious websites, and other scams, Sims said. And above all else, exercise common sense. If it seems suspect, it probably is. Outside of education of users, it is a multiple layer approach from protecting your individual IT systems and Internet connections via both hardware and software tools to secure your network. Mississippi State University Chief Information Officer Tom Ritter said ransomware has become all too common.

Many users may see what looks like an innocuous email attachment, but it is really a threat, Ritter said. One of the best ways for a system to be protected is to have security aware users who are skeptics about emails that contains attachments or links to unknown sources. Ritter said that security awareness must be an important part of corporate culture. It can be difficult when a company has a large number of users because one weak link can bring down the entire system. It is important to take the time to train users how to detect phishing campaigns, suspicious websites, and other scams.

And above all else, exercise common sense, Ritter said. If it seems suspect, it probably is. Outside of education, it is a multiple layer approach from protecting your individual IT systems and Internet connections via both hardware and software tools to secure your network.

Staff should review their data backup strategy.

MSU has seen instances of ransomware that have encrypted user data, and our solution was to restore from our previous day s backup, Ritter said. In some cases, the backup systems are also infected by ransomware, so it is preferable to have an offsite backup system. TEC Director of Network Operations Brent Fisher said as a preventive measure, businesses should implement a cybersecurity plan. They should back up data regularly, verify the integrity of those backups and test the restoration process to ensure it is working.

Fisher said they should also conduct an annual penetration test and vulnerability assessment and finally, secure all backups.

It is crucial to implement a data security plan and train your staff to adhere to the measures as set forth, Fisher said. The Cyber Crime Center says to avoid victimization by ransomware, vigilance in spam e-mail awareness, passing on known attack methods and identified spam e-mails, changing passwords, hardening passwords, and the upgrading and patching of software is essential. The best way to defeat a ransomware attack is to regularly backup data and the backup must not be attached to the system. According to the Center: Many victims have suffered the loss of their backup due to the backup being connected to the system at the time of the attack. This is most common with victims who utilize cloud back up. If the system can access the backup readily, so can the ransomware. Onsite hardware backups are best but must be maintained separately from the active system.

The infected system, should be wiped or sanitized to remove the ransomware before accessing the backup. Internet Technicians should monitor connection logs for suspicious IP addresses. Particularly any computer within the network calling out or trying to connect to outside servers. This is an indication of an active exploit kit attempting to download a package containing the virus or ransomware. Disable services not needed for business operations. Only allow access to those who need access to do their jobs. Principle of least privilege.

The Center also advises when a ransomware attack has occurred, the victim should disconnect any infected computer from the system. The victim should report the intrusion to law enforcement immediately for the recovery of any possible evidence. If the victim wipes the infected system or begins a back-up process to restore, all evidence of the attack will be overwritten. The Cyber Crime Center can also assist with situation by identifying the ransomware variant. In some cases, there are known keys that will unlock older versions of ransomware.

Additional tips from the center:

Stay vigilant log files and change management systems can give you early warning of a breach.

Make people your first line of defense train staff to spot the warning signs.

Keep data on a need to know basis only employees that need access to systems to do their jobs should have it.

Patch promptly this could guard against many attacks.

Encrypt sensitive data make your data next to useless if it is stolen.

Use two-factor authentication this can limit the damage that can be done with lost or stolen credentials.

Don t forget physical security not all data theft happens online.

More than 300 girls celebrated DigiGirlz Day at Wilmington University

Find your passion and figure out how to turn it into a career. Then work won t seem like work, State Cyber Security Officer Elayne Starkey encouraged the nearly 300 teen girls who attended DigiGirlz Day Tuesday.

According to a study done by Microsoft earlier this year[1], most girls lose interest in STEM around the age of 15. One major reason for the loss of interest is that girls are not getting enough practical, hands-on experience with STEM subjects.

Microsoft and the Delaware Department of Technology and Information, who sponsored DigiGirlz Day along with JPMorgan Chase and Dell, hoped to help correct the imbalance of diversity in STEM-based occupations. The seventh annual event, which gave eighth and ninth grade girls an inside glimpse at the various rewarding and fulfilling career opportunities STEM has to offer, was held on the Dover campus of Wilmington University. Attendees were able to write code and create a video game, learn how to detect hacks through cybersecurity and forensics and discover the role chemistry has in the manufacturing of beauty products.

Throughout the afternoon, the young ladies also heard from speakers, who currently hold jobs in the technology and science field, about the importance of pursuing a career in STEM.

We need you in technology to help figure out the solutions of the future, state Chief Information Officer James Collins told the group.

References

  1. ^ According to a study done by Microsoft earlier this year (news.microsoft.com)
1 2 3 41