The paucity of requisite legal framework needed to prosecute offenders is turning Nigeria, Africa’s largest economy by GDP, into a preferred destination for cybercriminals who now use the country as a base from which to target developed economies, industry insiders have said.
“Many cybercriminals use emerging markets like Nigeria as a base from which to target developed economies. This is often because while the tools – bandwidth and internet connections – are in place, enforcement agencies don’t have the ability to regulate these illegal activities,” said Pfungwa Serima, chief executive officer for Africa, SAP, a German software maker.
The Nigerian Constitution does not define cybercrime. The only activity that has been captured on the country’s legislative radar, according to experts, is the crime conveniently referred to as ‘Internet 419’ or Obtaining by False Pretences, using the internet.
The Nigerian Communications Commission (NCC) has in recent times received a barrage of complaints from the International Criminal Investigation Organisation (ICIO) on cybercrimes committed by Nigerians through the internet, locally and abroad, according to informed sources close to the industry regulator.
This is as experts say cybercrime remains one of the biggest sources of threats organisations and governments are likely to face in the country, especially as the nation’s dependence on computer systems increases and as the cashless policy of the Central Bank of Nigeria (CBN) becomes operational in many more states. Nigerian banks lost a whooping N40 billion to an assortment of online fraud cases in 2013 alone – an indication of the spate of cybercrime in the country.
“As the cashless society is embraced, with more online shops, e-government and e-business platforms, attackers are likely to focus on low hanging fruits,” said Tope Aladenusi, partner, Akintola Williams Deloitte, in a recent note.
In view of this, online security experts are calling for the speedy passage of the Cybersecurity Bill, which is languishing in the hallowed chambers of the National Assembly. Industry experts are of the view that government and its agencies can only make headway in the fight against cybercrime if the Cybersecurity Bill is passed.
“What we are seeing is a growing trend in multinationals working with governments to help put in place security protocols and structures that benefit entire countries and educate industry within those countries about security issues,” said Serima.
The Federal Executive Council (FEC) in August 2013 approved the content of the bill and passed it to the National Assembly for enactment into law. The bill had gone through second reading and was expected to be passed into law in 2014, but experts say the prospect of it being passed into law this year appears gloomy.
The Cybersecurity Bill will provide a comprehensive framework that will initiate a more strategic conversation on its requirements and what organisations need to do to be compliant. It is also expected to provide more adequate basis for law enforcement agencies to prosecute cybercriminals.
Eugene Juwah, executive vice chairman, NCC, who spoke at the National Cybersecurity Forum 2014 held in Lagos and organised by the Office of the National Security Adviser, said that multi-stakeholder partnership was essential to the development of robust public policies required to combat cybercrime in the country. He added that the global economic loss due to cybercrimes and cost of system repairs as a result of cyber attacks ran into billions of naira annually.
In view of this, the NCC boss harped on the need for collaborative efforts amongst relevant government agencies, specifically towards the implementation of Domain Name System Security Extension (DNSSEC) on the top level Domain Name System in order to address identified vulnerabilities of the DNS system.
Juwah, who was represented by Abubakar Maina, executive commissioner, technical standards, NCC, pointed out that DNSSEC provided an additional level of security that could strengthen trust in internet usage and adoption in Nigeria. DNSSEC, he said, could actually help to protect browsers from redirection to fraudulent websites through effective integrity and authenticity checks on DNS protocols.
“Capacity building in the area of cybersecurity is necessary for the development of sustainable and proactive National Cybersecurity Culture,” he said in his keynote address.
One of the fundamental challenges of cybersecurity, he stated, was effectively educating the end user to be aware of, and understand the potential dangers inherent in the cyberspace, noting that cyber threats such as malware, spoofing, phishing, spam, worms, viruses, hacks, trojans, pharming, amongst others, were becoming extremely sophisticated.
“The internet has long ceased to be the exclusive domain of the technically-savvy users; user-friendly software and interfaces enable all types of users, including novices and children, to interact remotely,” he said, adding that this new territory contained a goldmine of valuable information for potential victims.
“Although national measures are being taken by individual nations, cyber threats remain basically an international problem. The internet is indeed a borderless communication tool, and consequently, any solution to secure it must involve global collaboration,” he said.
With perpetrators constantly exploiting loopholes in legal frameworks and as harmonisation between existing laws across nations remains unsatisfactory, cross-border investigation and prosecution would remain difficult if the categorisation of crimes differs from country to country, Juwah said.
Ben Uzor Jr
Join BusinessDay whatsapp Channel, to stay up to date
Open In Whatsapp
