ISSUES AND SOLUTIONS TO ETHICAL HACKING AND CYBER SECURITY IN NIGERIAN TELECOMMUNICATION INDUSTRY
1.1 BACKGROUND TO THE STUDY
Cybersecurity through ethical hacking plays an important role in the ongoing development of telecommunication industry, as well as Internet services (Odinma, 2010). Enhancing cybersecurity and protecting critical information infrastructures are essential to each nation’s security and economic well-being (Odinma, 2010). Making the Internet safer (and protecting Internet users) has become integral to the development of new services as well as government policy.
An ethical hacker is a computer and networking expert who systematically attempts to penetrate a computer system or telecommunication network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could potentially exploit (Okonigene & Adekanle, 2009).
Ethical hackers use the same methods and techniques to test and bypass a system’s defenses as their less-principled counterparts, but rather than taking advantage of any vulnerabilities found, they document them and provide actionable advice on how to fix them so the organization can improve its overall security (Laura, 1995). The purpose of ethical hacking is to evaluate the security of a network or system’s infrastructure. It entails finding and attempting to exploit any vulnerabilities to determine whether unauthorized access or other malicious activities are possible. Vulnerabilities tend to be found in poor or improper system configuration, known and unknown hardware or software flaws, and operational weaknesses in process or technical countermeasures. One of the first examples of ethical hacking occurred in the 1970s, when the United States government used groups of experts called “red teams” to hack its own computer systems (Laura, 1995). It has become a sizable sub-industry within the information security market and has expanded to also cover the physical and human elements of an organization’s defenses. A successful test doesn’t necessarily mean a network or system is 100% secure, but it should be able to withstand automated attacks and unskilled hackers.
Deterring cybercrime is an integral component of a national cybersecurity and critical information infrastructure protection strategy. In particular, this includes the adoption of appropriate legislation against the misuse of ICTs for criminal or other purposes and activities intended to affect the integrity of national critical infrastructures (Adebusuyi, 2008). At the national level, this is a shared responsibility requiring coordinated action related to prevention, preparation, response and recovery from incidents on the part of government authorities, the private sector and citizens.