Tackling cyber space security breaches

0
173

Cyber space breaches are increasing at a faster rate than the country can keep up with.  OLATUNDE ODEBIYI looks at some of the issues in the Cyber Crime Act and how its implementation can bring sanity to the internet community.

Over the years, the cyber space has transformed the way people think, communicate, travel, run businesses,  run the economy and even get services. But like every good thing, there is the other side, which is cyber crime. While some unsuspecting persons have died, others have lost their life savings to cyber crooks.

Former President Olusegun Obasanjo set up the National Cyber security Initiative (NCI) in 2003. Former President Goodluck Jonathan, at the twilight of his administration, also passed the Cyber Crime Act 2015 to combat cyber crimes.

To criminals, it is all a means of livelihood, but cyber crime is a dent on the country’s image and a source of  embarrassment to the nation.

Faces of cyber crimes

  • Hackers: They make use of the weaknesses and loop holes in operating systems to destroy data and steal important information from victim’s computer.
  • Cyber-stealing: It is the use of computers and communication systems to steal information in electronic format.
  • Viruses and worms are major threat to normal users and companies. Viruses are computer programs that are designed to damage computers, while worm usually exploits loop holes in soft ware’s or the operating system.
  • Spamming: It involves mass amounts of email being sent in order to promote and advertise products and websites. Cyber harassment is electronically and intentionally carrying out threatening acts against individuals.
  • Website Cloning is the recent trend in cyber crime, which involves fake ‘copy-cat’ web sites that take advantage of consumers that are unfamiliar with the Internet or who do not know the exact web address of the legitimate company that they wish to visit.
  • Cyber laundering is an electronic transfer of illegally obtained monies with the goal of hiding its source and possibly its destination.

Goals of cyber security

Cybersecurity would enable people to reduce the vulnerability of their Information Communication Technology (ICT) systems and networks. It would help individuals and institutions to develop and nurture a culture of cyber security. It would also enable people work collaboratively with public, private and international entities to secure cyberspace and thereby help people to understand the trends in IT/cybercrime and develop effective solutions.

Effects of Cyber Crime Act

An Internet Security Expert/Chairman, Education and Manpower Development Committee, Nigeria Computer Society (NCS), Mr. Aderogba Adeoye, said the Cyber Crime Act has not helped to combat cyber crime to the extent that human resources to drive it and capacity are almost not in the system.

Adeoye, who is also the Executive Secretary, Information Technology Systems and Security Professionals (ITSSP), said the government should put structures in place to drive the Act.

He said Cyber crime is in the domain of information technology and related communication services, but the Act is being domiciled in an improper place.

“Cyber means online; cyber crime is the criminality within the online space. Cyber crime is a serious security threat to the nation, which deals with somebody that interfere with e-processes, banking activities, e-mail, theft of identity, theft of data and misbehavior within the online space,” he said.

He said human resource and technical knowhow are required. “We need to build capacity in the area of cyber crime so that we can run with the Act. The Act is ok as at now; at least we are starting from somewhere. Every law over time will be reviewed. The law requires a lot of human capacity and resources in the various organs and institutions that are involved in the information technology domain.

“The Police, Armed Forces and Judiciary are doing their own part but, what of the IT professionals. The Nigeria government said you can only be IT expert if you are known to CPN, but is CPN doing what they are supposed to do. If they did not register what they are suppose to register, who summons them or whose over sight is that. Also in the usage of IT services which is given to Nigerian Information Technology Development Association (NITDA); are they collaborating with CPN and NCS. These are the major bodies known to the law of Nigeria; What are they doing to increase our expertise in cyber crime or cyber crime act and its related issues? ‘’ he asked.

He said within NCS there is the Information Security Group, among other groups. “What are they saying about Cyber Crime Act. The Cyber Crime Act is there, but there are other pre issues before cyber crime. We have electronic evidence which makes computer related reports and issues to be admissible in court. Now that we have Cyber Crime, have the stakeholders subject it to analysis.

“How much do the Judicial officers know, where are our computer experts, where are the Lawyers that have some prerequisite knowledge about Cyber Crime. Has there been effort to train these people. Is our training to generally create human resources?

“Cyber crime is not civil crime, it is a criminal matter and those to prosecute criminal matters are the police. Has there been any collaborative work between the police and the State prosecutor, judicial officers and the judge; do the judges have prerequisite knowledge about computer related issues and the Act; these are things that need to have deliberate effort to develop  human capacity along that line.”

He said there was the need to educate and train people more.

“In government we must have proper structure in place to develop those who will run Cyber Act issues.

“Today, the Cyber Crime Act has a lot of work to do because CPC should be discussing with NCS; they should form a working group because everybody is now on e-service. In Nigeria, most of the services that has to do with financial transactions are being run on e-platform; e-transaction, e-payment, e-book, e-money. When problems come on that line, what do we do? We should not be doing all these services and allow nonentities to take it over,” he said.

Views about Cyber

Crime Act

Chairman,Teledom Group, an indigenous ICT firm, Dr. Emmanuel Ekuwem, said the Act is a good starting point, though it is not yet perfect. He described the Act as a guide and movement from where we are to where we should be.

He said the Act is good, though it would  require amendments in future.

Ekuwen also noted that there was need to specify ICT infrastructure as typical national infrastructure, saying: “Until we realise as a nation that the ease and speed with which information, knowledge or data is accessed and translated into productivity is what gives the citizen, state and the nation a competitive advantage in any field of human endeavour.”

He said if there is a reliable broadband plan that connects those in the rural and urban areas,  expertise in all spheres, health, banking and academics, will be linked.

“Our Cyber Security Act must expressively specify that ICT infrastructure constitute an important and critical infrastructure of a nation,” he said.

Ekuwem said if cyber security is not given the appropriate attention, it will lead to disaster. He said if hackers were allowed into the customer data base of the bank , for instance, it would lead to a disaster which a nation may never be able to recover from because everybody will inflate their deposit in the bank. “You can also imagine what would happen to the credit of customers if the customer data base of the operators of the telecommunications companies are hacked into. Many people will also inflate their credit, claiming they have credit they never loaded. There are lots of consequences leaving our cyber space unprotected,” he said.

He noted that there are lots of security agencies working to ensure physical security but no one is there to secure the cyber space.

“All agencies must apply to the cyber space, because that is what the cyber security law of a nation is all about. The law is imperfect like all laws but we must give it some support, encourage it and inpute must be made as well as subsequent versions of amendment of the law.

“As we grow, gradually moving into broad band, a lot of information is flowing up and down, so also must our cyber space be protected.The public should know that cyber security law is important as all the laws that have being put in place to regulate and govern the behavior that has been put in place in the cyber space,’’  he said.

Effects of the Act

Ekuwem said the Act has reduced cyber crime.

He said: “In the absence of the law, there is no infraction, but when people get to know that there is an infraction when you invade somebody’s  privacy by having an unauthorised access into his cyber space, then the awareness has contributed in the existence of the Act.

“If we will follow due process in the world space then it is of a necessity to follow procedure into the cyber space; we should avoid unauthorised access in the cyber space just as we do not allow unauthorised access in the world space because you know that you will be breaking the law.”

He said people should to know that they are not to play around with other people’s or company’s password.

The way forward

Ekuwem said: “It is our duty as ICT practitioners to make sure that hackers don’t invade our privacy. The law is a deterrent as people get to know that those laws are there. It is also as deterrent as its enforcement. Who enforces and regulates the Act is very important and this is an issue that is not very clearly stated. Is it Economic and Financial Crimes Commission (EFCC)? The Independent Corrupt Practices and other related offences Commission (ICPC), Nigerian Communications Commission (NCC), or Nigerian Information Technology Development Association (NITDA).”

He said the Act must be followed by enforcement and penalty. “There should be a cyber security agency that handles the Cyber Crime Act so that when a crime is committed in the cyber space that agency apprehends and there must be penalty for the infraction of the law, which must be very high.

“There must be an institution to regulate and monitor the cyber space, to enforce the law so enacted, prosecute offenders, culprits and there must be jailing and punishment,” he said.

He asked: “Who is that government institution that enforces, regulates, monitors and apprehends, punishes and prosecutes infractions to the cyber security act; there is none to take that responsibility.

“There should be a specified government institution to do this, if not all these regulatory bodies will expect the other to do it and at the end of the day, the job does not get done.’’

 

Education/awareness

Adeoye said the only prevention is continuous education. “We have to continuously enlighten our people on the need to take some pre cautionary measures. We have to secure the platform we are running as government, private entities, and business organisations as well as individuals.

“Data privacy is a big issue, exposure of the junior ones to the Internet is a big issue but, the greatest of it all is identity management. Government must ensure the effectiveness of the institutions in charge of the cyber crime act. Some people will complain of funding but, funding is not the main issue, but harnessing technical expertise for effective performance of specified assignment,” he said.

Effects of cyber crimes

Ekuwen said Cyber crimes are destructive. “Hackers can impersonate you by sending emails you are not aware of once they hack into your email password and you may never detect that someone is sniffing.  Cyber crime can also affect the medical report. If a hacker hacks into doctors’ report, the hacker that wants to kill a patient can prescribe what ought not to have been prescribed and sends the mail by impersonating  within the cyber space of the doctor; the patient will be dead.

He said until Nigeria fully understands the dire economic, financial, social, health, academic and social implications, to mention a few, then we will sit up.

 

How to keep safe online

President, Nigeria Internet Registration Association (NIRA), Sunday Afolayan, said cyber security is a discipline, not just a switch that you fix and the internet is secured.

He said a lot of compromises happen that were not technical but social, adding that internet security is not just one activity; rather, it is a system of activates that assures security.

“There is need for education, equipment and most importantly for people to know that there is need for self discipline to ensure that you are safe online,” he said.

NO COMMENTS

LEAVE A REPLY