Read time: 3 minutes

'This is going to be the most powerful tech sector in Africa'

Nigeria , 04 Nov 2016

'This is going to be the most powerful tech sector in Africa'

The cyberspace is the battleground for a new type of war, and citizens who use social media platforms and emails services are in the cross-fire.

Facebook's Chief Security Officer, Alex Stamos, spoke to ITWeb Africa on the company's perspective of the global cybersecurity dialogue on the sidelines of the CyberXchange 2016 Conference held recently in Lagos.

Paul Adepoju: What makes Nigeria attractive to Facebook?

Alex Stamos: Nigeria has a very vibrant economy (with) huge growth in the tech sector, with hundred million people with huge amount of talent here that has not been totally utilised or recognised by the tech industry ... and we are very excited with the entrepreneurs that we've seen through our ability to move around. This is going to be the most powerful tech sector in Africa.

Paul Adepoju: The two major security issues that Facebook users in Nigeria complain about are fake or cloned accounts and hijacking. What is the best approach to dealing with these?

Alex Stamos: Fake accounts are a serious problem and we have a dedicated team of engineers and analysts and product managers working on this. From our side we are improving the technology to detect fake accounts quickly, we are also working to disrupt the life cycle of the criminal gains behind such accounts. From our perspective we don't combat this by just taking down the accounts, we are also make it difficult for those gained to take money, difficult for them to make it at a scale economically strong to operate a fake account.

Paul Adepoju: What is the biggest threat to social media locally and globally?

Alex Stamos: Around the world, the biggest risk threat to individuals is the reuse of passwords. If we look at the statistics of the people that have actually been harmed online, all of the advanced attacks that get a lot of thought in the security industry arise from such people. What happens is most people use the same passwords everywhere, a website gets broken into and other passwords to their digital identity gets stolen. I think the biggest problem the security in the world overall is making sure that we build really easy authentication solutions for individuals that keep them secure and discourage them from reusing passwords across the entire web.

Paul Adepoju: What is the current status of the security versus privacy dilemma especially at Facebook?

Alex Stamos: It is really important for people to understand that Facebook does not give unrestricted access to any government. Facebook does not build any backdoor to any government, including the US government. All government requests around the world are reflected in our Government Requests Report, and the guideline we give to law enforcement agencies is also publicly available online in addition to other law enforcement documents. All requests that come in need to be backed up by legal means – through a warrant signed by a judge – and those numbers you can see publicly are accurate, representing tiny fraction of the over one billion accounts on Facebook.

Paul Adepoju: Many platforms integrate Facebook APIs especially for logins, comments, and other actions but you cannot vouch for the safety of the platforms. What is Facebook doing in this regard?

Alex Stamos: A lot of work is being done to make it very clear to people that when they hook up an application to Facebook API, what information is available. We also allow you to check up on that information at any point and specifically deselect certain information from being shared with those apps. We also regularly prompt everybody with a security check up on a regular basis that includes a list of all the applications approved for API use and the information that they are asking. That gives choice to users and we then monitor the access patterns of these applications and look to ensure that we are enforcing the rules and to make sure that the developers are adhering to the rules we have for API use.

Paul Adepoju: How can individuals who are not security expert like yourself easily identify platforms that are not safe?

Alex Stamos: If I'm an individual, I'm looking at whether they have a way I can recover my account in a secure fashion – the standard way to do account recovery is to get a link into your email – that's if your email has not been taken over, then your entire online identity can be taken over by fraudsters. It is very difficult for an individual to judge the security of complex software on the other side of the internet, what they can do is to look for the features and whether or not that company has built that feature that specifically addresses the kinds of problems people often see when they use passwords. The only thing I'm looking for is are they honest about security? Do they have a security page that gives tips to people? Is their security documentation just an advertisement or is it actually an accurate explanation of risks to individuals with tips on how they can address them?

Paul Adepoju: What are the roles of the various stakeholders in ensuring cybersecurity?

Alex Stamos: I think the important change the tech security world needs to make is to focus much less on the interesting technical attacks and much more on the safety of normal people as they use the product in the normal world. We've spent way too much time interested in finding new ways to break software and talking about those new ways in much less time for PC non-data driven protection for normal people.

At Facebook, what we are trying to do is to understand how people are being hurt and design products to prevent that. I'm hoping it becomes a change we see in cybersecurity on the overall.

Read more
Daily newsletter