InfoTech
Hackers Target Govt Digital Assets, NITDA Raises the Alarm
By Ateed Yusuf, Abuja
The National Information Technology Development Agency (NITDA) has warned that it detected activities of a hacktivist group targeting the nation’s vital digital infrastructure and has cautioned the general public to be aware.
In a statement yesterday, Head of Corporate Affairs and External Relations, Mrs.
Hadiza Umar, said the hacktivist group is known for its politically and religiously motivated cyber campaigns.“Their tactics include targeted attacks on government digital services, using various attack types, particularly Distributed Denial-of-Service (DDoS), and they have a track record of successful attacks in various countries.
“NITDA hereby alerts the general public to be wary of the occurrence of these attacks, which underscore the undeniable and concerning fact that cyber-attacks are not a distant threat.
“Cyber-attacks are a looming danger that resides much closer to us than we may have previously acknowledged.
“This realization compels us to recognize the urgency of reinforcing our cyber front, fortifying our digital defenses to shield against these malicious intrusions and secure the safety of our critical information and infrastructure,” Umar said.
According to her, the consequences of such cyber-attacks are always severe and may have wide-ranging impacts, including disruption of critical services, economic losses, public trust, and reputation loss.
Umar further warned that government institutions and critical sectors needed to take precautions against attacks targeted towards them.
“NITDA, through its NITDA-CERRT, seeks to advise all MDAs, including other providers of critical services in the country, to ensure the implementation of measures to prevent against DDoS attacks.
“This includes deploying DDoS monitoring systems to watch out for signs of DDoS attacks, minimizing the attack surface area thereby limiting the options for attackers and allowing you to build protections in a single place.
“For example, obscuring the target, closing unused ports and protocols, hence minimizing possible points of attacks.
“Implementing or subscribing to DDoS protection features, applications, or services to fortify your cyber defenses against disruptive DDoS attacks,” she added.
Other measures that could be taken, Umar said, included ensuring that hosting providers offer abundant redundant Internet connectivity, enabling systems to manage significant volumes of traffic effectively.
Umar said there was a need to configure network hardware such as a firewall or router to drop incoming Internet Control Message Protocol packets or block Domain Name System responses from outside the network by blocking User Datagram Protocol port 53.
“Furthermore, enhancement of all critical national infrastructure such as financial services providers, telecommunications providers, and relevant government service providers should ensure cybersecurity readiness and resilience.
“This can be done by implementing necessary cybersecurity measures to safeguard against potential attacks,” Umar said.
She, however, urged the public to contact CERRT.NG through email: cerrt@nitda.gov.ng or on the phone: +2348178774580.
Economy
NCC, CBN Approve Refund Framework for Failed Airtime and Data Transactions
By David Torough, Abuja
In line with the consumer-focused objectives of the Nigerian Communications Commission (NCC) and the Central Bank of Nigeria (CBN), the two regulators have drawn up a framework to address consumer complaints arising from unsuccessful airtime and data transactions during network downtimes, system glitches, or human input errors.
The framework is the outcome of several months of engagements involving the NCC, the CBN, Mobile Network Operators (MNOs), Value Added Service (VAS) providers, Deposit Money Banks (DMBs), and other relevant stakeholders.
According to the NCC, these engagements were prompted by a rising incidence of failed airtime and data purchases, where subscribers were debited without receiving value and experienced delays in resolution.
“The Framework represents a unified position by both the telecommunications and financial sectors on addressing such complaints. It identifies and tackles the root causes of failed airtime and data transactions, including instances where bank accounts are debited without successful delivery of services. It also prescribes an enforceable Service Level Agreement (SLA) for MNOs and DMBs, clearly outlining the roles and responsibilities of each stakeholder in the transaction and resolution process,” a statement by Head of Public Affairs of NCC, Nnen Ukoha said.
Under the new framework, where a purchaser is debited but fails to receive value for airtime or data—whether the failure occurs at the bank level or with an NCC licensee—the purchaser is entitled to a refund within 30 seconds, except in circumstances where the transaction remains pending, of which the refund can take up to 24 hours.
The framework further mandates operators to notify consumers via SMS of the success or failure of every transaction. It also addresses erroneous recharges to ported lines, incorrect airtime or data purchases, and instances where transactions are made to the wrong phone number.
Director of Consumer Affairs at the NCC, Mrs. Freda Bruce-Bennett in a comment on the development said the framework also establishes a Central Monitoring Dashboard to be jointly hosted by the NCC and the CBN. According to her, the dashboard will enable both regulators to monitor failures, the responsible party, refunds, and track SLA breaches in real time.
“Failed top-ups rank among the top three consumer complaints, and in line with our commitment to addressing these priority issues, we were determined to resolve it within the shortest possible time,” she said.
“We are grateful to all stakeholders—particularly the Central Bank of Nigeria and its leadership—for their tireless commitment to resolving this issue and arriving at this framework, and for ensuring that consumers of telecommunications services receive full value for their purchases.
“So far, pending the approval of management of both regulators on the framework, MNOs and banks have collectively made refunds of over N10 billion to customers for failed transactions” she explained .
Mrs. Bruce-Bennett further noted that implementation of the framework is expected to commence on March 1, 2026, once the two regulators have made final approvals, and technical integration by all MNOs, VAS providers and DMBs is concluded.
InfoTech
FIFA Hides More than 10 million Hate Posts, Comments
Football’s ruling body FIFA on Thursday said that it has hidden more than 10 million abusive comments in its fight against hate speech.
FIFA said it has analysed some 33 million posts and comments on 15,302 accounts since it launched its Social Media Protection Service (SMPS) at the 2022 World Cup, and made it available to all its members and players in 2024.
It said that SMPS has been used at 23 tournaments as well as in qualifying and friendly matches.
It is also available at the current Club World Cup for the 32 teams and 2,019 accounts of players, coaches and officials.
FIFA said it is using Artificial Intelligence (AI) to filter abusive posts and hide them from the account owners.
A FIFA survey has revealed that women’s players are more subjected to abuse than the men. (dpa/NAN)
InfoTech
Cloud Security and its Role in Healthcare Cybersecurity
By Engineer Olusola Omotunde
The advent of cloud technology can be traced back to the 1960s according to https://www.cloudzero.com/blog/history-of-the-cloud/.
Cloud technology has evolved from a myth to a revolution in the global space.
In fact, it forms one of the best ways to secure data and save organizational funds.
A drift from the era of physical data centers has become the norm. Cloud platforms like Amazon and Azure have taken over the scene even in developing climes. How much space does an organization need for its operations and what is the cost effect?
Another pertinent point would be, the security of organizational data.
In this paper, we will provide a synopsis of cloud security and its role in healthcare cybersecurity.
The healthcare industry is one of the most critical aspects of any nation. How safe are patient’s data? What are the mitigating factors? How regularly does the IT team carry out an assessment of the security in place? In all of these, cloud security comes into play.
Cloud security is critical in healthcare cybersecurity because it provides the tools, processes, and policies required to protect sensitive patient data and assure regulatory compliance in an increasingly digital environment. Healthcare organizations that use cloud services for electronic health records (EHRs), telemedicine, patient portals, and other services face specific cybersecurity challenges, such as protecting huge amounts of personally identifiable information (PII) and protected health information (PHI).
Below are some aspects where cloud security contributes or plays pivotal roles in healthcare cybersecurity:
1. Data Protection
• Data Backup and Recovery: Cloud solutions provide backup and disaster recovery capabilities, which assist healthcare organizations in protecting data from loss due to cyberattacks or system failures.
• Encryption: Cloud providers provide sophisticated encryption options for data at rest and in transit. This is critical for healthcare providers to safeguard sensitive patient information from unauthorized access.
2. Prevention and Detection of Threat
• Real-time Monitoring and Alerts: Cloud security solutions can provide 24-hour monitoring and notifications if suspicious behaviour is discovered. This quick response capability is crucial for healthcare organizations to avoid or mitigate the effects of cyber events.
• Advanced Threat Protection: Cloud providers provide services that include threat detection features like intrusion detection, malware scanning, and vulnerability assessments. These services assist healthcare organizations in identifying and addressing hazards before they cause harm.
• Automated Patch Management: Cloud providers frequently handle patch management for their infrastructure, ensuring that systems are up to date against the most recent vulnerabilities, which can dramatically minimize the risk of attack.
3. Flexibility and Scalability
• Scalable Security: As healthcare organizations expand, cloud security can scale with them, allowing for the installation of additional security measures without requiring major infrastructure upgrades.
• Adaptable Infrastructure: Healthcare organizations can quickly respond to emerging threats with cloud-based solutions that include updated security tools and services. This adaptability is critical in a dynamic threat context.
4. Cost Efficiency
• Pay-as-you-go Model: Many cloud services use a pay-as-you-go model, which allows healthcare providers to only pay for the security services they use. This can help organizations manage costs while still providing high-quality security tools.
• Reduced IT Costs: Cloud providers manage and maintain the infrastructure, eliminating the need for healthcare companies to invest heavily in on-premises security hardware and personnel.
5. Regulatory Compliance
• HIPAA and GDPR Compliance: Cloud providers that service healthcare organizations frequently offer solutions designed to comply with industry-specific standards such as the Health Insurance Portability and Accountability Act (HIPAA) in the United States and the General Data Protection Regulation (GDPR) in Europe.
• Audit Support: Many cloud services provide logging and monitoring capabilities to assist healthcare organizations in tracking and auditing data access and usage, which is critical for regulatory compliance.
Key Considerations for Healthcare Providers across the globe
When healthcare providers deploy cloud solutions, they must address a number of security concerns to safeguard sensitive patient data, ensure regulatory compliance, and manage possible risks. It is also important that they scrutinize the security certificates held by cloud providers, ensure that they clarify ownership rights to their data with their cloud providers, training staff on the security best practices which include training on data handling, phishing awareness and secure access protocol.
There is no one-size fits all rule other than being careful!
Engineer Olusola Omotunde is an IT expert and writes from Lagos, Nigeria


