Nigeria Lacks a 2017 Cybersecurity Strategy but Faces the Most Cybercrime Ever Seen

According to the Cyber Security Experts Association of Nigeria (CSEAN), the Nigerian government is ill-prepared for cybercrime in 2017. Cybercrime changed drastically during 2016; threat actors grew in number and capability. The Nigerian government lacked a cybersecurity budget and overlooked the creation of a realistic strategy. For these reasons alone, CSEAN announced a fearfulness for the cybersecurity landscape in 2017.

The Nigerian cybercrime gangs, CSEAN said, started using advanced tools and programs—the types typically used by “sophisticated criminals and espionage groups.” In August 2016 Interpol arrested the ringleader of a massive, international, email fraud organization. The group hacked the customer email accounts of large corporations and then used the accounts to scam the supplier or company. Interpol announced that the group stole $60-million worldwide.

Leadership.ng, “Nigeria’s most influential newspaper,” reported that the country loses nearly half-a-billion dollars to cybercrime annually. The author predicted that in 2017, five categories of cybercrime will dominate the country. The current CEO email scam made the list, along with ransomware, assisted online kidnapping, cyber bullying, and impersonation.

CEO email scams needed no explanation—contrary to the relatively new term: “assisted online kidnapping.” Remi Afon, the CSEAN president, described the increase in ransomware attacks came from the more user-friendly malware deployment kits. He continued to explain the ease in which a ransomware package can be purchased and used by those with “little or no cyber know-how from the darkweb.”

Assisted online kidnapping, he said, is an aspect of the crime that the public is unaware of. Afon explained that social media identifies a person, often via geolocation on their smartphone:

Kidnappers have started using geolocation and geotagging to target their victims. Geotagging are pieces of information that can be attached to a tweet, status or photo on a social networking site that show the physical location of where something had been posted. Social media that have location geotagging implemented include Twitter, Facebook, Instagram and even Google+, amongst many others (Remi Afon via Leadership.ng).

Cyberbullying, he said, “made some Nigerians go berserk in 2016.” With internet and smartphone access on the rise, people have nearly unlimited network connectivity. This uptick in online-time by both the victims and perpetrators made cyberbullying an easy crime to commit. Often, in Nigeria, fake news about people or companies spreads quickly; the false claims usually consist of abusive or harassing content.

Online impersonation falls into two different categories, the CSEAN president explained. The first form of impersonation involved politicians or corporations in 2016. Threat actors took over social media accounts—or created imitations—and used them to exploit followers and customers. The second impersonation category CSEAN noticed in 2016 consisted of falsified online dating accounts. Criminals set up accounts with “attractive profiles” to lure their victims—usually foreigners, he said. Fake online personas then developed an artificial romantic relationship and used it to exploit the victim.

Afon concluded that 2017 promised a game of catch up between the government and cybercriminals. Security researchers reported that many governments, in 2016, fell behind in the cybercrime sector. The gap between law enforcement and said criminals widens on a daily basis. Nigeria requires more work than many countries, however. With no currently established cybercrime strategy, full cooperation between law enforcement agencies, government branches, and the private sector will prove necessary.