Exploratory study of the internet and business operations in Nigeria

¹Ikegbunam, Uchenna Lilian

Department of Educational Foundations and Administration, 

Nwafor Orizu College of Education, Nsugbe, Anambra State

Email: ucikegbunam1@gmail.com

²Chijioke A. C. Okoye

Department of History and International Studies,

Odumegwu Ojukwu University, Igbariam Campus, Anambra State

Email: ca.okoye@coou.edu.ng  

^3*Chukwuemeka Dominic Onyejegbu*

Social Sciences Unit, School of General Studies, University of Nigeria, Enugu Campus, Enugu State

Email: onyejegbudominic@gmail.com

Corresponding author*

⁴Kingsley Obumunaeme Ilo

Department of Political Science, University of Nigeria, Nsukka, Enugu State

Email: kingsley.ilo@unn.edu.ng

Abstract 

Recent cybersecurity reports suggest that cyber-attacks are on the increase, especially as they are mostly deployed innovatively by cyber-criminals to steal personal data, conduct espionage, harm business operations, or deny user access to information and services. In Nigeria, cyber-attacks remain the most notable strategies employed by highly sophisticated cybercrime syndicates in attacking and stealing information from large corporations and Internet users. This study explores how cyber-attacks impinge business operations in Nigeria. Data for the study were gathered from newspapers, e-books, magazines, journals, textbooks and online articles. At the end, the study calls for businesses to strengthen their network of security, engage in aggressive cyber-security awareness training for staff, leverage advanced detection and response technologies, and use mobile protection solutions or corporate internet traffic protection to avoid the damaging effects of malware on their finances and reputation.  It is equally recommended by the study for corporate organisations to spread their data across smaller sub-networks to help contain attacks to only a few endpoints instead of the entire ICT infrastructure.

Keyword: Cybercrime, Cyber-attack, Internet, Business operations, Corporate organizations.

Introduction

In 2017, African economies lost US$3.5 billion to cyber-attacks with Nigeria holding the biggest loss of US$649 million (Eze, Okpa, Onyejegbu & Ajah, 2022; Africa’s Pulse, 2019; Abdi, 2018). This is seconded by Kenya with a loss of US$210 million. For Nigeria, the US$649 million was about 3.3% of its total national budget for that year 2017 which is bigger than 3.1% of the budget that was allocated to Defense and 1.9% of the budget that was allocated to Health (Punch, 2016).  Despite popular metrics, Nigeria is not particularly a wealthy country as it houses a good percentage of the poorest population in the world (Okpa, Ajah, Eze & Enweonwu, 2022; Kazeem, 2018; Saharareporters, 2018). With 3.2% of the national economic activities lost to cybercrime in 2017, a great number of people and businesses were affected and pushed below poverty line (Ukwayi & Okpa, 2018).   Prince (2019) and Jumoke (2019) affirmed that 60% of Nigerian firms experienced cyber-attacks in 2018 and 43% of these attacks went to small and medium scale enterprises. These financial losses meant that some businesses were shut down while others outrightly downsized their workforce to maintain viability, hence causing more unemployment, poverty and hunger across the country (Eze, Ajah, Okpa & Ngwu, 2022). Approximately one in every eleven Nigerians is unemployed and about 50% of the 180million population live in extreme poverty (Yomi, 2018; Timothy, 2018). These metrics raise more concern with the fact that cybercrime steals about 3.3% of national economic activities per year and is responsible for many businesses shutting down and downsizing, resulting to the tremendous unemployment and poverty that troubles the nation.

            These threats are perpetrated by employing the most intelligent methods by either stealing from people without their knowing or deliberately ensnaring people into parting with their resources . In using deliberate methods, cybercriminals tell cascades of stories to their prospective victims either to win their sympathies or interests. Once this step is achieved, they proceed to lure their victims into parting with their savings (Frank, 2019). This use of deliberate method is the popularly known ‘Yahoo-Yahoo’ in Nigeria. Their deliberate methods can come in the forms of love and romance like the case of Jan Marshall who was defrauded $350,000 by a fake Nigerian lover or in the forms of business opportunities like the case of Emmanuel Nwude who sold a nonexistent airport to Brazilian bankers for $242 million (Ajah, Ajah, Ajah, Onwe, Ozumba, Iyoke & Nwankwo, 2022; Frank, 2019; Farida, 2018). In using deliberate methods, they cajole, ensnare and deceive victims into willingly parting with their resources. This does not only happen from Nigerian fraudsters to foreign victims but also from Nigerian fraudsters to Nigerian victims – but Nigerian victims have continuously failed to tell their stories, likely because of shame, stigma or fear of being condemned as weak or stupid. 

Cybercrime in Nigeria

            In earlier Nigeria as well as earlier Africa, crimes existed but they were highly unsophisticated. Stealing was almost horizontal and people simply walked into crimes. There were no fixed definitions of what comprised crime and what did not; people were merely guided by indigenous laws and definitions of crime. Ani (2019) and Solanke (2011) described indigenous legal system as local elders and chiefs sitting under an Iroko tree to discuss a peculiar behavior and determine whether it is right or wrong. The legal system at the time was both not structurally formed and unsophisticated. Sophistication came with the foreigners when people saw different ways to live – and different ways to also commit diverse crimes. By the time of independence, a few Nigerians had acquired education and sharpened their skills in thinking and sophistication. Fraud and embezzlement among educated public officials kicked-in.  Officials were silently stealing from the people without public’s knowledge. People gradually gained consciousness on the crimes of officials; others also discovered criminal patterns of their own. Cybercrime came with the internet. As the world developed technologically for businesses and social interactions, criminal minded individuals also saw opportunities to expand their methods and reach more people. 

Cybercrime connotes crimes committed on the internet. This may exist in different forms like cyber-fraud, cyber espionage, cyber stalking, hacking, etc. The most common among Nigerian cybercriminals is cyber fraud. Cyber fraud, unlike hacking, requires less technological skills but much social skills. It is the act of relating with other people on the internet with the sole purpose of defrauding them. It usually involves other sub-criminal activities like impersonation and forgery and is more emotionally exhausting than hacking  (Bentina & Ajah, 2017). In cyber-fraud, the perpetrators usually approach their victims with business opportunities, romance gestures or unfortunate stories to win their victims’ pity. Once a prospective victim listens and accepts the gestures of the cybercriminal, the victim is made to part with his/her monies to the cybercriminal  (Bentina & Ajah, 2017). These monies are usually victims’ life-savings or borrowed funds. In some cases, the romance method is used and victims also get emotionally affected as well.

            Whether it is cyber-stalking, espionage, cybersquatting, cyber-bullying, identity theft, cyber child pornography or cyber fraud, Nigerian constitution abhors them and finds perpetrators guilty with jail terms and/or fines (Das & Nayak, 2013). An example of identity theft is the imposter of Bola Tinubu on Facebook who was later discovered and arrested (Lawpadi, 2019). Such Identity theft crime on the internet is punishable with no less than 3years imprisonment or ₦7 million fine or both (Cybercrime Act, 2015). 

Cybercrime and Businesses

The cyberspace is driving business innovations and growths globally, and at the same time, exposing corporate organisations to new and emerging internet-assisted crimes (Makeri, 2017; Longe, Ngwa, Wada, Mbarika, & Kvasny, 2009; Quarshie and Martin-Odoom, 2012). Today, the negative frontiers of the cyberspace that corporate organisations are contending with include: hacking, malware attacks, cyber-terrorism, spoofing, phishing, spam, virus attacks, child pornography, cyber vandalism, cyberstalking, data modification, email bombing and cybersquatting (Fanawopo, 2004). The alarming increase in “incidents of cyber-attacks and the resultant economic implications have made the management and security of the cyberspace a paramount concern to multi-stakeholders, driving the process, from the public to the private corporate institutions” (Agugoesi, 2014:8).

Hacking is a complicated technical activity aimed at exploiting systems’ vulnerabilities to subvert security checks, geared towards compromising digital devices such as computers, smartphones, tablets, and networks of organisations for financial gains, corporate espionage and for fun. Hackers are broadly classified into the Black Hat, White Hat and Gray Hat hackers. The Black-hatters are the malicious hackers who hack for economic reasons. The White hatters are the ‘good guys’ in the cyberspace who hack for ethical reasons, while, the Gray hatters hack for ideological reasons (Manne, 2020). The Black-hat hackers sometimes known as crackers are criminals, who use their skills to modify computer hardware or software for malicious intents. These group of individuals use their programming skills, to exploit target systems’ weaknesses and invade the networks of organisations, steal personal and corporate data for personal aggrandisement. Black-hat hacking is committed by a diverse spectrum of actors (lone actors and organized crime syndicate), with different motivations and affiliations (Peters & Jordan, 2019).

 Their motivation ranges from economic gains to stealing and damaging sensitive data, disabling networks, establishing a command and control server, or using the system as a base to wreak future havoc. “Attacks can be active such as a brute-force attack that determines a user’s password, or passive, such as a web-based attack that waits for a user to visit a malicious webpage in an attempt to infect the user’s computer with malicious codes through which they gain access into the target organisations’ networks” (Peters & Jordan, 2019:6). These group of digital opportunists usually cause mayhem in organisations by engaging in DDoS, identity theft, vandalizing networks and creating worms to damage institutional and personal files. Studies have shown that fraudulent emails remain the most widely used strategy by black hatters to attack corporate organisations. Most of such attacks begin with phishing emails, which exploit staff vulnerabilities in order to infect computers with malware. Once the malware is downloaded into the network, black-hat hackers through this medium gain access to the user’s database to forge personal data with which they exploit an organisation. The malware ignorantly downloaded into the network by staff could maliciously delete or transfer information, download destructive programs, providing hackers with unauthorized access to the computer, and more. Black-hat hackers also use psychology to trick staff into clicking on a malicious attachment or providing personal data. Despite differences in hackers’ profile and drive, majority of the attacks by these group of cybercriminals have been found to be trans-national in nature (Peters & Jordan, 2019). This suggests that a single hacking attack can hit countless victims in different countries independent of the location of the attack.

Estimating the global economic impact of black-hat hacking is difficult since most organisations do not report or publish their financial losses. However, The Council of Economic Advisers (2018:8) estimated that “malicious cyber activities cost the U.S. economy between $57 billion and $109 billion in 2016”. “In Kenya, several government websites came under hackers’ attacks, putting huge amounts of citizens’ data and even government revenue collection systems at risk. In 2012, over one hundred (100) Kenyan government websites were defaced by an Indonesian hacker with an estimated loss of $22.4 million. In South Africa, ATMs were massively compromised and huge sums of funds lost to the activities of the hackers in South Africa” (Tobiko, 2014:7).  

Similarly, every successful attack, no matter how insignificant, attracts disastrous consequences for corporate organisations. The abuses of the cyberspace by black hatters portend danger and have stalled the developmental contributions accruable from a well-harnessed ICT adoption, diffusion and utilisation by corporate organisations in Nigeria. This development has widened the digital divide, crumbled the information infrastructure and affected consumer’s confidence in online transactions in Nigeria.

Reporting on the dynamic nature of malware attacks, Jennings, Johnson and Sood (2019) state that malicious actors leverage on automated software and other ICT tools to target small businesses and large corporations. This shows that no organisation whether big or small, production companies or service providers are immune to malware attacks. More recently, scholars such as Lévesque, Chiasson, Somayaji and Fernandez (2018) have employed quantitative approach to explore the interactions between users, antivirus (AV) software, and malware as they occur on deployed systems. Another form of malware known as ransomware in a bid to avoid being traced, it demands that its ransom be paid through bitcoin, this makes their in-put low and their profit very high in addition to their operational anonymity (Jennings, Johnson & Sood, 2019).  

Literature from both developed and developing nations have highlighted operational methods deplored by malware writers to include “code obfuscation and modification as well as inclusion of new behaviour in the malware to improve strength and viability” (Gounder & Farik, 2017). For example, Gounder and Farik’s (2017) research on new ways to fight malware suggests “code obfuscation makes malware code obscure and unintelligible by malware detectors, reduces the size of codes making malware download time and deployment shorter and easier”. This technique can be grouped into “polymorphic or metamorphic”. “Polymorphic virus hides its decryption loops using code insertion and transposition to bypass detection while metamorphic virus evades detection by hiding itself from detectors” (Shah, 2014). 

The corporate organisations ICT components are often the major victims of malware attacks due to failure to secure their operating system designs and other related software vulnerabilities (OECD, 2008). Software vulnerabilities according to OECD (2008) is a function of faulty coding, software not properly configured, or used in a manner not compatible with the suggested uses or improperly configured with other software. These factors allow for loopholes that exposes corporate entities to malware attacks. In the event that internet fraudsters find these flaws, malicious software is created to take advantage of them (Oyelere & Oyelere, 2015). Non-technological factors, such as bad user behaviours and ineffective security policies and processes, may put a company at risk of malware infection. Malwares such as viruses or trojans must be triggered by some kind of user activity, such as clicking on a seemingly trustworthy file or link, opening a phishing e-mail or visiting a compromised website as well as through physical media such as external drives. According to Danchev (2006) “once the system security has been compromised by the initial infection, some forms of malware automatically install additional functionality such as spyware (e.g. keylogger), backdoor, rootkit or any other type of malware, known as the payload”.

Conclusion and recommendations

In Nigeria today, different forms of cybercrimes are committed on a daily basis ranging from phishing, Business Email Compromise, hacking, cyber vandalism, cyber espionage and malware attacks. These cybercrimes are increasing in frequency, dimension and sophistication, thus posing  serious threats to the socio-economic development of businesses, internet users, and national security. The destructive intention of these cybercrimes are to overwhelm, manipulate and damage computers whether personal or corporate without the knowledge of the users. For this reason, countries like “Kenya, Angola, Nigeria, Rwanda, Botswana, Uganda, Tanzania, and South Africa” lost billions of dollars annually to cyber related offences. However, to stem the tide of cyber-attacks, the study calls for businesses to strengthen their network of security, engage in aggressive cyber-security awareness training for staff, leverage advanced detection and response technologies, and use mobile protection solutions or corporate internet traffic protection to avoid the damaging effects of malware on their finances and reputation.  It is equally recommended by the study for corporate organisations tospread their data across smaller sub-networks to help contain attacks to only a few endpoints instead of the entire ICT infrastructure. 

Reference

Abdi L, D. (2018). Cybercrime is costing Africa’s businesses billions. Quartz News. Retrieved from: https://qz.com/africa/1303532/cybercrime-costs-businesses-in-kenya-south-africa-nigeria-billions/

Ajah, L.O., Ajah, M. I., Ajah, B.O., Onwe, E. O., Ozumba, B.C.,  Iyoke, C.A., & Nwankwo, T.C. (2022). A 20 Year Retrospective Review of Rape Pattern in Ebonyi State, South-East Nigeria. Heliyon, 8, e08894. https://doi.org/10.1016/j.heliyon.2022.e08894

Abdul-Rasheed Ishowo, S. L., Muhammed, L. A. & Abdullateef, Y. R. (2016). Cybercrime and Nigeria’s external image: A critical assessment. Africology: The Journal of Pan African Studies, 9(6), 119-132.

Ajah, B. O. & Chukwuemeka, O. D. (2019). Neo-economy and militating effects of Africa’s profile on cybercrime. International Journal of Cyber Criminology 13(2), 326-342.

Ani, C, C. (2015). Crime and punishment in African indigenous law. Retrieved from: https://www.academia.edu/31440754/CRIME_AND_PUNISHMENT_IN_AFRICAN_INDIGENOUS_LAW

Beck, U. (2006). Living in the world risk. Society Economy and Society, 35(3), 329-345

Brendler, B. (2007). Spyware/Malware Impact on Consumers; APEC-OECD Malware Workshop; April 2007 (Source: StopBadware Project); available online at: http://www.oecd.org/dataoecd/33/55/38652920.pdf.

Chen, Q. & Bridges, R. A. (2017).  Automated Behavioral Analysis of MalwareA Case Study of WannaCry Ransomware. in Intelligence and Security Informat-ics (ISI), 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA).

Bentina, A. M. & Ajah, B. O. (2017). Understanding gender dimension of cyber bullying among undergraduates in Nigeria. Ahmadu Bello University Press Limited.

Chinweze, U. C., Chukwuemeka, O. D., Egbegi, F. R. (2019). An exploratory study of cybercrime in the contemporary Nigeria value system. European Journal of Social Sciences Studies. 4 (3), 131-141

Cybercrime Act. (2015). Cybercrimes (prohibition, prevention, etc) act, 2015. Retrieve from: https://www.cert.gov.ng/file/docs/CyberCrime__Prohibition_Prevention_etc__Act__2015.pdf

Das, S.,  & Nayak, T. (2013). Impact of cybercrime: Issues and challenges. International Journal            of         Engineering Sciences & Emerging Technologies, 6 (2), 142-153.

Eze, O.J., Ajah, B.O.*, Okpa, J.T., Ngwu, G. E. (2023). Ethnic-based violence: Nigeria   perspectives. In: Martin, C., V. R. Preedy and V. B. Patel (Eds), Handbook of anger,     aggression, and violence. Springer, Cham. https://doi.org/10.1007/978-3-030-98711-        4_182-2

Eze, J.O., Okpa, J.T., Onyejegbu, C.D., & Ajah, B. O. (2022). Cybercrime: victims’ shock           absorption mechanisms. UK: IntechOpen. doi: 10.5772/intechopen.106818.

Farida, D. (2018). How Nigerian Fraudsters sold a nonexistent airport for $242 million to a Brazilian bank in 1995. Face2Face Africa. Retrieved from: https://face2faceafrica.com/article/how-nigerian-fraudsters-sold-a-non-existent-airport-for-242-million-to-a-brazilian-bank-in-1995

Frank, C. (2019). Lonely heart, 61, gave her $350,000 life savings to a man she met on dating site Plenty Of Fish – only to find out her urbane Englishman ‘Eamon Donegal Dubhlainn’ was a Nigerian fraudster. Retrieved from: https://www.dailymail.co.uk/news/article-3085724/I-groomed-way-child-abuse-victims-Woman-loses-life-savings-350-000-falling-love-British-man-dating-site-sending-money-discover-Nigerian-fraudster.html

Jumoke, A. L. (2015, March 5). SMEs hardest hit by cybercrime, as 60% of Nigerian businesses suffer attacks. Business Day Report, P3.

Lawpadi. (2019). 10 things to know about Nigeria’s cybercrime act 2015. Retrieved from: https://lawpadi.com/10-things-to-know-about-nigerias-cybercrime-act-2015/

Okpa, J. T., Ajah, B. O., Eze, O. J., & Enweonwu, O. A. (2022). Communal conflict and violence: Causes and impact. In C. Martin, V. R. Preedy and V. B. Patel (eds) Handbook         of Anger, Aggression, and Violence. Springer, Cham. https://doi.org/10.1007/978-3-030- 98711-4_184-1