US-based Nigerian IT auditor, Temi Adeniyan is a renowned expert who has plied her trade in various industries in many countries.
She has had stints in national and global brands like Shure, Avant, and First Bank of Nigeria._
She is known to possess vast experience which has been instrumental to critical paradigm shifts in the way IT auditors view their roles in fortifying cyber governance.
In this interview she shares actionable strategies businesses can adopt to strengthen their security positions.
From emerging threats to proactive defence mechanisms, Adeniyan provides a compelling perspective on how organisations can stay ahead of cyber dangers using tools such as Artificial Intelligence, AI.
Excerpts:
Your journey in cybersecurity and IT auditing has taken you across different countries and industries. Let’s share in the experiences, so far?
My journey into cybersecurity and IT auditing was fuelled by a strong curiosity about how technology works and the need to protect digital assets from cyber threats. While studying English and Literary Studies, I became increasingly fascinated by how information systems function and the potential risks they face. This curiosity led me to pivot towards cybersecurity, and since then, I have dedicated my career to ensuring that businesses operate securely in an increasingly digital world.
Nigeria has seen a rise in cyber threats. Can you give your perspective on the country’s cyber governance?
One of the biggest challenges is the lack of awareness and a strong cybersecurity culture among businesses and individuals. Many organisations still see cybersecurity as an IT issue rather than a strategic business priority. Additionally, regulatory enforcement needs to be strengthened to ensure compliance with existing cybersecurity frameworks. Another challenge is the shortage of skilled cybersecurity professionals who can effectively respond to evolving threats. Nigerian businesses face a wide range of cybersecurity threats, including phishing attacks, ransomware, insider threats, and data breaches. Business Email Compromise (BEC) scams are particularly common, with cybercriminals impersonating executives to manipulate financial transactions. Additionally, weak cybersecurity policies, inadequate employee training, and low investment in security infrastructure further expose businesses to cyber risks.
Many companies struggle with insider threats. How best can businesses avoid internal security risks?
Insider threats can come from malicious actors, disgruntled employees, or compromised credentials. Businesses should implement strict access controls, monitor user activity, and enforce the principle of least privilege (PoLP). Conducting regular security awareness training and setting up Data Loss Prevention (DLP) mechanisms can help detect and mitigate insider threats before they escalate.
For business continuity, What best practices would you recommend for firms to ensure Cybersecurity resilience?
Ensuring business continuity in the face of cyber threats requires a strategic and proactive approach. Companies should develop a comprehensive incident response plan that clearly defines roles, responsibilities, and actions to take in the event of a cyberattack, enabling swift mitigation of risks. A well-structured disaster recovery plan (DRP) is equally critical, incorporating secure, off-site data backups to ensure that essential business operations can resume quickly after a security breach. Regular cybersecurity drills and simulations help organisations assess their preparedness and improve response times to potential incidents. Again, investing in cybersecurity insurance provides financial protection against data breaches and other cyber-related losses. Conducting business impact assessments (BIA) allows firms to identify and prioritize critical systems, ensuring that essential operations remain functional even during a cyber crisis. By integrating these best practices, businesses can enhance their resilience and maintain operational stability in an increasingly complex digital landscape.
As an IT auditor, what role do you play in strengthening cyber governance?
IT auditors serve as the bridge between technology, compliance, and business strategy. We assess security controls, identify vulnerabilities, and ensure organisations comply with regulatory standards such as ISO 27001, PCI DSS, GDPR, NDPA, and many more. By conducting rigorous audits and risk assessments, we help businesses build robust cyber defences, mitigate risks, and enhance their resilience against cyberattacks.
Our work also involves educating leadership on the importance of cybersecurity and guiding them in implementing best practicesand enhance their resilience against cyberattacks. Our work also involves educating leadership on the importance of cybersecurity and guiding them in implementing best practices.
IT auditors are no longer just compliance checkers they are now strategic risk advisors. With cyber threats evolving, IT auditors must focus on continuous risk assessment, agile audit methodology, real-time monitoring, and cybersecurity resilience testing. Their role now includes evaluating emerging technologies such as cloud security, AI-driven risk assessments, and Zero Trust architectures to ensure businesses remain secure.
What are some of the key strategies Nigerian businesses can adopt to strengthen their cybersecurity postitions?
Businesses must adopt a proactive stance by implementing robust cybersecurity strategies. This includes conducting regular risk assessments to identify and address vulnerabilities before they can be exploited by attackers. Employee training is another critical component, equipping staff with the knowledge to recognise phishing scams and social engineering tactics. Additionally, organizations should establish a clear strategy for detecting, responding to, and recovering from cyber incidents. Compliance with Nigeria’s Data Protection Act and other relevant cybersecurity regulations is essential to safeguarding sensitive information. Lastly, investing in advanced security technologies strengthens defences against evolving cyber threats, ensuring long-term resilience.
Looking ahead, what cybersecurity trends do you think will shape the future of IT governance in Nigeria?
The future of IT governance in Nigeria will be shaped by several key cybersecurity trends as businesses and government agencies work to strengthen their digital defences. Zero Trust Architecture (ZTA) is expected to become a standard security model, ensuring that organizations adopt a “never trust, always verify” approach to access control. Additionally, the use of Artificial Intelligence (AI) and Machine Learning (ML) will play a significant role in threat detection and automated incident response, helping organizations predict and mitigate cyber risks more effectively. As businesses continue migrating to cloud-based infrastructures, cloud security advancements will be critical in safeguarding sensitive data and preventing breaches. Regulatory compliance will also become more stringent, compelling companies to implement robust security measures. Moreover, as cybercriminals develop more sophisticated attack methods, cyber resilience and business continuity planning will take centre stage, ensuring that organizations can quickly recover from security incidents. These trends highlight the growing need for a proactive cybersecurity culture in Nigeria, where businesses must continuously adapt to evolving threats while prioritizing data protection and regulatory compliance.
