A PAPER PRESENTED BY THE PRESIDENT INSTITUTE OF SOFTWARE PRACTIONERS OF NIGERIA(ISPON),CHRIS UWAJE(FNCS) AT THE MAIDEN EDITION OF THE NIGERIA INTERNETWORLD CONFERENCE AND EXIBITION ON THE 20TH OF JULY,2010,HOLDING AT AFE BABALOLA HALL,UNILAG,LAGOS.
There is no meaningful and constructive Business facet that can thrive in an atmosphere of insecurity and absence of TRUST.
H.L Mencken said “it is mutual TRUST, even more than mutual interest that holds human associations together”.
Trust is the soul of any business, thus before any individual, corporate organisation, or nation seeks a business fellowship with another, the trust and confidence implications of the relationship or association is considered critically. It becomes more critical in contemporary times when Globalization, The internet, and the quest to rescue third world and developing nations from the throes of poverty and underdevelopment.
Internet for Business, Internet oriented Governments and Economies are advocated for developing nations as a means of escape from Poverty, Unemployment, Hunger, Poor Health Care, Education etc. It is also being championed as an avenue to enhance Social Stability,Economic Viability and National Consciousness.
In the midst of all these merits of the Internet, the issue of trust also becomes a critical concern owing to the faceless and impersonal nature of business and associations carried over this resource.
No Internet Business will thrive on a compromised and exploiting framework. Strengthening our cyber infrastructure, no doubt increases trust and builds confidence in customers and prospective clients.
Today we consider the Implications of Cyber Crime on the Growth of Internet Business in
CYBER CRIME AND CYBER SECURITY
What is Cyber crime and Cyber Security?
Broadly speaking, Cyber Crime can be described as THE USE OF COMPUTERS AND OR THE INTERNET TO COMMIT CRIME. Computer-assisted crime includes e-mail scams,hacking, distribution of hostile software (viruses and worms), denial of service attacks, theft of data, extortion, fraud and impersonation. It becomes more peculiar and disturbing because
the Cyber space, through which these crimes are perpetuated is not defined by political or geographical boundries, thus amending laws to curb them becomes a challenge.
We could also define Computer crime broadly as criminal activity involving an information technology infrastructure: including illegal access or unauthorized access; illegal interception that involves technical means of non-public transmissions of computer data to, from or within a computer system; data interference that include unauthorized damaging,deletion,deterioration, alteration or suppression of computer data; systems interference that is interfering with the functioning of a computer system by inputting, transmitting, damaging,deleting, deteriorating, altering or suppressing computer data; misuse of devices, forgery (ID theft), and electronic fraud.
CyberCrimes differ from terrestrial crimes in four ways:
i. They are easy to learn how to commit;
ii. They require few resources relative to the potential damage caused;
iii. Can be committed in a jurisdiction without being physically present in it;
iv. And they are often not clearly illegal.”
CyberSecurity on the other hand entails all measures taken proactively and actively to prevent and ensure safety from cyber attacks.
Cyber attacks vary and evolve daily with advances in technology. Amongst the common cyber threats includes but is not limited to the following;
i. Cyber theft
ii. Cyber terrorism
iii. Cyber stalking
iv. E-mail Forgery /Spoofing
v. Online Auction fraud/Online fraud
vii. Online Child Pornography
viii. Malicious Codes-Viruses/Worms/Trojans
ix. Hacking/Computer Intrusions
x. Identity Theft etc.
xi. Intellectual Property Rights(IPR) matters
xii. Economic Espionage (theft of Trade Secrets)
xiii. Cyber laundering/Cyber Contraband
Statistics (World, Nigeria)
The Symantec Internet Threat First Quarter Report of 2010 ranks Nigeria as 70th on the Global Internet crime watch and 43rd in the EMEA (Europe, Middle East and Africa)Countries. Nigeria is first in Africa, followed by Ghana and South Africa.The United States of American ranks first according to IC3 2009 reports, with the UnitedKingdom coming in second. Shockingly, Nigeria is ranked third after the U.K.
Laws/policies against Cyber Crime
The success and proliferation of cyber crimes has overtime been traced to the absence or limited scope of anti cybercrime laws, both locally and internationally. To this end, most nations are taking time to shore up legislations to strengthen national cyber laws and also seek for a harmonised international law against cybercrime owing to the absence of geographically defined boundaries in cyber space.
Evidence of such limiting nature of international legislation can be seen in the case of the LOVE BUG virus in May 2000 which was reported to have cost a loss of $10billion globally and infected no less than 45 million computers. The FBI could not proceed with a search warrant on tracing the source to thePhilippines due to the absence of adequate legislation against cyber crime in the Philippines as at the time. Nations with cyber related laws include the Turkey (recently became a party to the Council of Europe treaty on cybercrimes), Australia, Belgium, Canada, Chile, Ireland,
India, Japan, Spain, UAE, USA etc
Cyber crime/Security- The Nigerian Situation
The capture of Al Qaeda’s operative, Muhammad Naeem Noor Khan in July 2004, provided the Pakistani and American Intelligence Authority with some of Al Qaeda’s Internet Communication Strategy. It also identified that Nigerian Websites and Email System were used by Al Qaeda to disseminate internet information. This has once again brought up the pertinent questions of the safety and security of Nigeria’s national cyberspace. Cybercrime in
Nigeria is difficult to prove as it lacks the traditional paper audit trail, which requires the knowledge of specialists in computer technology and internet protocols. Nigeria is rated third by the IC3 2009 report of Internet crime prevalence, and 70th by the Symantec Q1 2010
internet security report.
Internet Business & cyber vulnerability Implications
The Internet Business and E-commerce of all sorts depend on the credibility of the individual or institution to operate owing to the fact that the internet avenue often abrogates the need for physical one-to-one meeting. A facility that has a high probability of compromise or little or no assurance of security (financial returns, or legislative) will certainly not attract investors or
patronage owing to the high risk of the venture.
If the Nigerian e-commerce terrain lacks the necessary structure to guarantee security of investment as well adequate return on investment, then it leaves much to be desired.We are already enmeshed in the information/knowledge age and it’s only a matter of time
before all human activities will be modulated by ICT. The implications are rife, not only for our businesses but also for our Economy and Government as these are really threatened in the event that adequate CyberSecurity measures by way of Cyber crime laws, Training/equipping
of Personnel to handle cyber crime prevention, monitoring,detection,and prosecution etc arenot provided.
The implications of unbridled cybercrime in the Nigerian terrain include but not limited to the
– A failed state, anarchy, haven for criminals, terrorist, (the Somali experience)
– e-commerce not reaching its full potential,
– loss of money
– Online robbery of Banks
– Loss of customers,
– Brand name damage
– Potential lawsuits
– Illicit access to intellectual property.
– Hijacking of the arm of Government,
– Communications and data privacy violations and intrusions,
– The Government should live up to expectations: Most of the crimes committed result from a poor economy, high unemployment rate, lack of social welfare measures and collapse of public utilities. Few Nigerians, if at all, engage in cybercrimes for psychological kicks/ecstasy or recreational purposes, thus adequate measures should be put in place to meet the basic needs of the populace. Also, Government should proactively work with the ICT community, Law community, Interest groups etc in enacting appropriate cybercrime laws and cybersecurity measures to checkmate these
issues, else with time, the Government will be eroded when E-governance takes full stage.
– Businesses should Recognize the real problem is crime, not hacking: cyber-crime is becoming an increasingly salient component of the business environment.Disruption, denial of service, and web site defacements will continue to be problems,but exploitation of access to information systems for profit is likely to become more pervasive. The trend towards accessing business systems, highlighting security holes,and offering one’s services for a significant fee, for example, is a thinly veiled form of
extortion. As such, it is very different from traditional hacking that is designed to highlight security problems and ways of dealing with them as simply a demonstrationof expertise.
– Business intelligence needs to include criminal intelligence analysis:
Criminal intelligence analysis needs to be integrated fully into business intelligence; risk assessment needs to incorporate criminal threats; and cybersecurity needs to be conceptualized as part of a broader security problem that cannot be understood or dealt with in strictly technical terms. Defending against such contingencies requires that businesses develop broad security programs that incorporate cyber-security into a
much broader program. Cyber-security needs to be one component of a broader security program that includes personnel, physical assets, the provision of services,and financial assets.
– Beware of infiltration: this comes often by way of partnerships with foreign business organisations. Organisations should ensure a thorough background check of companies (their employees and consultants etc) seeking to partner with them before allowing for mutual sharing of data and communication assets.
– Develop partnerships and information-sharing arrangements: this comes in the form of sharing information with sister companies or firms in the same line of business and also with the law enforcement officials. Reason being that, often, theapproach used on a particular business is replicated to others in the same sector. Also,it helps in monitoring trends and following up on leads by the law enforcers.
– Be sensitive to money laundering opportunities: Companies offering financial services on the Internet – and particularly those offering mechanisms to facilitate financial transactions – need to take steps to identify opportunities for money laundering. Once this is done, they need to introduce safeguards to close loopholes
and prevent money laundering.
– Businesses should ensure an updated Security Policy:
Owing to the nature of businesses today, the computer, networks and the internet cannot be ruled out; hence businesses should regularly update their security policies keeping tabs on current procedures.
Schemes such as Real-time Content Inspection of incoming and outgoing
web traffic should be encouraged while still maintaining the regular security
procedures like Firewalls, Spam filters, Anti-Viruses etc.
We as a nation should begin to imbibe the national consciousness disposition andunderstand that any threat that is channelled towards the nation will ultimately affect us,thus all hands should be on deck to ensure that this monster of cyber crime does not find a conducive abode in Nigeria.
Thank You and GOD BLESS NIGERIA.
Uwaje Chris (FNCS)