University cybersecurity, Babcock hack and NDPR
Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke
May 15, 2023532 views0 comments
In recent years, the threat of cyberattacks has become increasingly prevalent, impacting organisations across various sectors, including educational institutions. The cyber hack that occurred at Babcock University in Nigeria serves as a wake-up call for universities worldwide to reassess their cybersecurity measures.
This article aims to delve into the details of the Babcock University cyber hack, analyse the lessons that other universities can learn from it, and explore the role of the Nigerian Data Protection Regulation (NDPR) in shaping future approaches to cybersecurity in higher education institutions.
In March 2023, Babcock University, a leading Nigerian university, fell victim to a cyberattack that compromised sensitive data and disrupted its operations. The hackers, believed to be part of a ransomware group, gained unauthorised access to the university’s systems, encrypting files, and demanding a hefty ransom which the university, rightly so, refused to pay.
Recently, the hackers returned claiming they now have sensitive data which they can release to the public. However, the university in their recent communication claims that everything is in check. But is it really?
This incident shed light on the vulnerability of educational institutions to cyber threats and highlighted the need for proactive cybersecurity measures.
Nigerian universities should invest in robust cybersecurity infrastructure, including firewalls, intrusion detection systems, and encryption protocols. Regular vulnerability assessments and penetration testing can help identify weaknesses and address them promptly. I remember discussing with the vice chancellor of a private university in Nigeria and she naively claimed that “hackers don’t target universities.”
That said, it is important to highlight that human error is often exploited in cyberattacks. Universities should conduct regular cybersecurity awareness programmes to educate faculty, staff, and students about best practices, such as password hygiene, recognizing phishing attempts, and handling sensitive information securely.
Regular data backups, both onsite and offsite, can mitigate the impact of ransomware attacks. It is crucial to test the restoration process periodically to ensure data integrity and availability.
Establishing an effective incident response plan helps minimise the impact of a cyberattack. This plan should outline the roles and responsibilities of key personnel, communication protocols, and steps for containing and mitigating the attack.
Nigerian universities should foster collaboration with industry peers, government agencies, and cybersecurity experts. Sharing information about emerging threats and best practices can enhance the collective defence against cyberattacks.
The Nigerian Data Protection Regulation (NDPR), enacted in 2019, plays a vital role in shaping the cybersecurity landscape for universities and other organisations in Nigeria. The NDPR mandates compliance with data protection standards and emphasises the importance of implementing appropriate security measures to safeguard personal data.
Universities must adhere to NDPR requirements, including appointing a Data Protection Officer (DPO) — which most Nigerian universities don’t have — and conducting data privacy impact assessments.
Looking ahead, the NDPR could evolve to address emerging challenges, such as incorporating specific guidelines for educational institutions and mandating regular cybersecurity audits. The regulation should also encourage universities to adopt a proactive approach to cybersecurity, continuously updating their systems, conducting risk assessments, and providing adequate resources for cybersecurity initiatives.
The Babcock University cyber hack serves as a stark reminder that universities must prioritise cybersecurity to protect their sensitive data and ensure uninterrupted operations. By learning from this incident, implementing robust security measures, and leveraging the guidance of NDPR, universities can strengthen their defences and safeguard their digital ecosystems against evolving cyber threats.
-
business a.m. commits to publishing a diversity of views, opinions and comments. It, therefore, welcomes your reaction to this and any of our articles via email: comment@businessamlive.com