In this piece, I explain how any entrepreneur with basic knowledge of ICT and with some supporting professionals can establish a cybersecurity consulting business in Nigeria and indeed Africa.
As internet penetration continues to advance in Africa, so are the perils that come with the increased degree of digital connectivity – cyber crime. However, most organizations lack both proper security plans and trained in-house staff to counter or quickly recover from any cyber attacks. Nigeria, for example, is increasingly moving its business processes into the digital ecosystem, exacerbating the risk of hacking. This trajectory is global and no nation can be relevant without this transition. There is an opportunity to create businesses in the areas of “Capacity Building” and “Incident Response” in Nigeria.
The goal will to provide specialized cyber security and investigative training courses to digital forensics examiners, cyber investigators and selected information technology security professionals, to ensure the information systems of their sponsoring organizations are secure from unauthorized use, criminal and fraudulent activities, and exploitation.
The goals and services in this phase are as follows:
- Investigate and respond to cyber intrusions/breaches into public and private sector networks in Africa at the behest of the organization or law enforcement agencies.
- Develop a virtual cyber crime lab to conduct digital and multimedia forensics to acquire comprehensive evidentiary analysis in support of the following mission areas: Cyber crime investigations, Cyber fraud investigations, Countering threats to critical infrastructure.
POTENTIAL SCOPE OF SERVICES
The company can offer services in these areas:
- Computer forensics: The forensic preservation and analysis of computing systems
- Live memory forensics: The forensic preservation and analysis of live memory on systems to identify suspicious or malicious actively running programs
- Malware forensics: The forensic collection and analysis of malicious software (malware) to understand its purpose and capabilities, a process that often speeds up an investigative effort
- Network forensics: The collection and analysis of live and historical network traffic, as well as network monitoring logs to identify suspicious or malicious network-based activity
- Expert Witness Testimony: Coordinate with both domestic and international law enforcement as appropriate and provide expert personnel to provide expert witness testimony as required.
- Up-to-Date Threat intelligence: Serve as the operational focal point for up-to-date threat information sharing through a Virtual Collaborative Information Sharing Environment for eligible subscribers.
- Cybersecurity Policy, Cybersecurity Management
Virtual Lab Environment: A virtual lab environment employs the concept of virtualization and allows one to use a single physical computer for hosting multiple virtual systems, each running a potentially different operating system.
Note: Running multiple virtual systems simultaneously on a single physical computer is useful for analyzing malware that seeks to interact with other systems, perhaps for leaking data, obtaining instructions from the attacker, or upgrading itself. Virtualization makes it easy to set up and use such systems without procuring numerous physical boxes.
- Tool Name: VMware
- Price: $5,750 (Enterprise Edition)
Required Hardware for Virtual Lab
- 50 Blank Hard Drives
- 50 flash USB Drives
- Budget Estimate: $17,000
Computer Forensics Tools: Computer forensic tools are used for digital image acquisition, analysis, reporting, recovery and investigation of material found in digital devices.
- Tool Name: EnCase Forensic
- Price: $2,995 for 1 License
Malware Analysis Tools: Malware analysis tools are used to disassemble, debug and analyze compiled malicious executables. This is a key tool in reverse engineering and facilitates malware analysis. While analysis relies primarily on the expertise of skilled and trained personnel, these tools enable the process to be accomplished much easier.
- Tool Name: IDA Professional Edition
- Price $1,059 for 1 License
Live Memory Forensics Tools: Memory forensics tools are used to acquire and/or analyze a computer’s volatile memory (RAM). They are often used in incident response situations to preserve evidence in memory that would be lost when a system is shutdown, and to quickly detect stealthy malware by directly examining the operating system and other running software in memory.
- Tool Name: HBGary Responder Pro
- Price: $9000 for 1 License
Network Forensics Tools: Network forensic tools provide real-time network forensics and automated threat analysis solutions. It can also aggregate the best advanced threat intelligence and multi-source content of the global security community, and fuses it in real-time information to enable prompt and proactive intervention.
- Tool Name: Netwitness – There are four applications in the suite
- Spectrum applies information sourced from threat intelligence and reputation services to identify and prioritize malware.
- Informer delivers threat reporting and alerting, presented in dashboards and charts. Informer’s primary audience tends to be upper management.
- Investigator is used to determine the root cause of security event.
- Visualize enables rapid review and triage of content leaving a network by extracting and presenting entire artifacts carried by recorded traffic.
- Price: $57,000 for License
Note: This tool can also be used to provide Threat intelligence
Optional Tool: This tool, although not required would be nice to have because it provides automated threat forensics and dynamic malware protection against advanced cyber threats, such as advanced persistent threats and spear phishing. Malware Protection System for web security, email security, file security, and malware analysis.
- Tool Name: FireEye
- Price: $54,950 for system. Approx $12.00 for each license seat.
Expert Witness Testimony: To provide expert witness testimony, one must be able to provide a visual presentation of associations and linkages that may exist for any person, location or thing under investigation. This is perhaps one of the most daunting challenges faced by those investigating cyber crimes as they seek to coherently understanding the linkages between events. To simplify this process, the following tool is proposed.
- Tools: Analyst Notebook
- Price: $4,560 per user.
SOFTWARE ACQUISITION STRATEGY
In deciding the software acquisition strategy, you need to conduct a price comparison between a “Floating License” and individual licenses based on “3 -5” users.
It must also be noted that there are a number of open source software tools which can be used to conduct rudimentary forensic analysis. However to meet the requirement of authenticity and reliability for the admissibility of digital evidence in a court, it is recommended that the tools identified above be considered.
We recommend at least 4 people with two in technology, one legal expert and one business development professional. The team must have capabilities in policy, technology, management and forensics. First Atlantic Cybersecurity Institute (which I own) offers training in these areas. The Institute can prepare anyone interested in moving into this area.
photo credit: CSIS.---