There is no doubt that cybercrime is an image nightmare for Nigeria. The recent decision of President Olusegun Obasanjo to setup a working group, the Nigeria Cyber Crime Working Group (NCWG) (http://www.jidaw.com/itsolutions/security5.html) is an indication that cybercrime, especially Internet 419 is a source of concern and embarrassment. According to media reports in Nigeria, a bill is presently being prepared to deal specifically with the menace of cybercrime.
The Internet creates unlimited opportunities for commercial, social and educational activities. But as we can see with cybercrime the net introduces its own peculiar risks. What is the menace cybercrime poses to society? The convenience associated with IT and the Internet is now being exploited to serve criminal purposes. Cybercrime covers Internet fraud not just online 419 – the use of computers and or the Internet to commit crime. Computer-assisted crime includes e-mail scams, hacking, distribution of hostile software (viruses and worms), denial of service attacks, theft of data, extortion, fraud and impersonation.
Cyber crime uses the unique features of the Net – sending of e-mail in seconds, speedy publication/ dissemination of information through the web to anyone on the planet. Computer attacks can be generated by criminals from anywhere in the world, and executed in other areas, irrespective of geographic location. And often these criminal activities can be faster, easier and more damaging with the use of the Internet.
Since the loss suffered by consumers and investors creates serous credibility and image problems, many countries develop strategies for preventing, detecting and containing the threats associated with cybercrime. While it is acknowledged that greed is a major factor motivating most victims, what about the image created for many who never respond?
How is the nation fighting cyber crime? It’s interesting that there is quite a lot of talk about fighting cyber crime. But what are the efforts? And how effective are they? Since there is an awareness of the menace it poses to society, what have been the sincere and meaningful efforts to fight cybercrime? For one are the security agencies enlightened enough? When you talk of efforts, you have to ask again: what have the security agencies done? How much has been invested in terms of time, education, personnel, etc? Are such efforts assessable or meaningful?
Fighting cybercrime requires not just IT knowledge but IT intelligence on the part of the security agencies. In this clime, there is an IT security divide - a serious shortage of skills to deal with the threats associated with IT. Shouting and moaning about cybercrime isn’t enough. All the talk is meaningless unless the gap is closed. Security agencies need to be equipped with the skills, the know-how and the insight necessary to fight cybercrime effectively.
While resources are needed to fight the menace, it is imperative to avoid the misdirected approach of "throwing money" at the problem. Invest based on priorities and strategies. Such policies must be based on knowledge. Knowledge not just for the operatives, but also for those that will commit resources. For example, do the decision makers have any REAL, PRACTICAL appreciation of technology, not to talk of cybercrime? What is their take on the basics of information security in today's high-tech, business environment? The cybercriminals seem to have the technology advantage.
Essentially cybercrime is information and intelligence based activity. You cannot fight cybercrime with ignorance, strong directives or boastful talk.
To fight cybercrime, those involved have to spend time to learn how cybercrime operates and then devise strategies to fight the menace. And note that learning in IT is not one-off but lifelong.
How strong are the security agencies in the fundamentals of IT? You cannot fight today’s crime with yesterday’s technology. It will always be a losing battle if security professionals are way behind the cyber criminals in terms of tech knowledge. It’s not just about computing skills, but IT Security expertise (http://www.jidaw.com/certarticles/securitycerts.html) is essential.
Fighting cybercrime requires a holistic approach, not just addressing the cyber cafés alone. What is the culture towards cybercrime? All stakeholders should be involved. Security agencies should liaise with industry stakeholders. There is a need to create a security-aware culture involving the public, the ISPs, cybercafes, government, security agencies and Internet users. There must be education about the problems, risks and solutions. Existing and potential victims need to be considered. Greed and unrealistic expectations are major problems. “If an offer is too good to be true, don't believe it”.
Furthermore, legislation needs to keep pace with e-crime, especially as it becomes more prevalent and sophisticated. Apart from awareness and culture, security measures (technical and non technical) will need to be put in place and enforced, as part of the solutions. This might involve raising penalties and increasing the seriousness of e-offences. The right culture should create a high level of awareness amongst stakeholders.
Who are the main actors involved? Cyber cafés are not the only source of cyber crime. Apart from the Internet, what are the causes - both historical and current - for the continued rise in cybercrime activity? Can cybercrime be divorced from the widespread corruption in society? Or the harsh economic climate, high unemployment? Disregard for the rule of law and lack of transparency and accountability in governance certainly doesn’t help matters. There is no justification for crime but to the populace, who is perceived as the criminal? Which is the bigger crime: corruption in high places or cybercrime?
Heavier punishments and enlightenment, closing down cyber cafés, issuing draconian directives may therefore not be meaningful without addressing the causes. To fight crime you attack the causes of crime.
Also in terms of strategy, it is crucial to thoroughly address issues relating enforcement. Mishandling of enforcement can backfire. Enforcement can only work if it avoids harassment, abuse of privacy and extortion. Care must be taken not to throw out the baby with the bath water. Don't create a situation where genuine users of the Internet are frustrated out and unable to benefit from the Internet.
We cannot afford to live in the dinosaur age. In today’s world, computing tools and the Internet are used to effectively promote social development and business growth. Strategies must strike a balance between security concerns and other developmental needs.
Whatever strategy is adopted it should not be the “know-it-all” or “ram-it-down-their-throat” approach. Solutions should be practical, cost-effective, acceptable and supported by all stakeholders. It is not enough to issue directives and orders. For the right culture to grow all stakeholders must be involved in creating and accepting solutions. To fight crime, you need the cooperation of the community.
There is no one measure that will cure the menace of cybercrime. But it is the combination of measures together with the sincerity and rigour with which they are implemented and administered that will serve to reduce risks most effectively.
Jide Awe is the Founder of Jidaw.com (http://www.jidaw.com)