The founder and Executive Director of CyberSafe Foundation, Confidence Staveley, speaks with Sami Olatunji on cybercrime and the way forward for Nigeria
How does cybercrime threaten Nigeria’s economy, particularly the development of the digital economy?
One of the strongest pillars on which the digital economy drives prosperity is trust. From e-commerce to digital service providers and all the new business models that have emerged to leverage the internet, trust is required for each and every transaction to be completed. Case in point, I want to use a ride-hailing service to move from point A to point B, I only use that app based on the trust that the drivers have been vetted and I won’t face physical harm. The trust that my payment details entered on the app will not be stolen by cybercriminals, that my location and destination will remain private during and after my journey. These are all decisions I will have to make as a consumer that require me to have trust in the app or any other digital product or service I am consuming. Considering that the consumer is one of many other key stakeholders in the ecosystem, your guess is as good as mine that the other players will also be accessing and making decisions based on their level of trust in the system. Cybercrime threatens the Nigerian economy, particularly by attacking and eroding trust across the borderless ecosystem that the digital economy now presents us.
Also, given how the world perceives Nigeria as the source of a huge chunk of cybercrime, Nigerians are increasingly finding it difficult to secure virtual work opportunities across the world. Those who are already working in sensitive job roles physically or virtually are constantly facing the consequences of this bad reputation. While this looks like a problem individuals face, it cumulatively gets the snowball into reduced abilities to earn in the digital economy and contribute higher to the national GDP. It impacts the ease with our tax-paying local companies playing in the digital space can secure strategic partnerships to unlock higher levels of profit or shore up value offerings of goods and services.
Almost every week, EFCC seems to arrest at least one person for cyber fraud and related offences. Why do you think this crime has remained persistent despite the risk of arrest and prosecution?
Without sounding like a cybercrime apologist, I’ll like to point to the high unemployment rate in our country as a core reason. The Nigerian Bureau of Statistics reported that the unemployment rate has made a leap from 27.1 per cent to 33 per cent. If you also put this in the context of our very young population, with our numbers showing that the majority of the population are young people, you can clearly draw the line between how unemployment impacts our teeming youth population. This is a ticking time bomb, already exploding as grenades with a spike in crime rates across the country, not just cybercrimes.
I believe, to a large extent, without the moral compass in place, we generally, as humans, just want to survive. So, the risk of arrest and other punitive measures, put side by side with the realities of extreme hardship and greed, leave a lot of Nigerians choosing the side of crime. Think of this as the choice between the deep blue sea and the shark. How many Nigerians will we arrest before we address the root cause of these problems such as the collapse of our educational, judiciary and many other key institutions that are driving the populace into the hardship. When will we address the harsh economic realities, some of which are policy driven, that small businesses face daily, causing the death of these businesses and rendering many jobless again? There is also the issue of glamourising and normalising cyber fraud. Our entertainment industry, for example, has gradually achieved this through horrible songs that should have no play time on our airwaves, if eradicating cyber crime is taken seriously. There are now children at primary school levels who aspire to become fraudsters – that’s the level of our decadence.
There is also the fact that the barrier of entry into crime is lower than the barrier of getting decent paying jobs in Nigeria. There is also the fact that cybercrime has a high reward, multiple times higher than what the average Nigerian will earn from decent work. The risk is also increasingly lower in terms of being caught. Our judiciary also isn’t yet equipped enough to quickly and effectively prosecute and sentence cyber criminals. We are also fast losing touch with our moral compass in our families and communities. How can it be okay for an 18 year old without an explicable job to gift his mother a car and she is dancing? How is it okay for us in our worship places to receive donations from proceeds of cybercrime and honour these people and think this evil will go away? We are only all fanning the flames.
In what ways can the government truly curb the rise of this crime?
Apart from heightened punitive measures, the government needs to aggressively drive digital skills acquisition programmes for youths, national image repair campaigns, make ease of business a reality and genuinely improve our economy to give our young people better options to earn decent and legitimate income. There is a need to invest in strengthening our institutions, especially the education institutions. As of today, our young people have been out of school for months because of a strike that is further weakening these institutions. Our schools are no longer leading innovation with its research and development. How are we then going to channel the advantage of our huge young population into producing bright talents and wealth in the digital economy? Our law enforcement agencies need adequate funding for training, investigations and prosecution of cybercrime. Until we make cybercrime continuously unattractive to young people, this will continuously be our epidemic.
Also, how can Nigerians ensure that they don’t fall victims to cyber fraud?
There are many ways Nigerians become victims of fraud, some of them include: deception to divulge sensitive/personal information (e.g debit card details, One Time Password, etc) over the phone or via email, making investments in rogue schemes, clicking on harmful links or attachments, using weak passwords, or downloading software and apps from untrusted websites. A major tip to help Nigerians reduce the likelihood of being victims of cybercrime is knowing that banks don’t ask. So, never share your full card number, PIN, password, BVN or One Time Password with anyone. Also, it’s a good idea to use a strong, unique password for each of your most important online accounts. Use two- or multi-factor authentication wherever possible. Use publicly available tools to verify everything you receive via email, scanning attachments or links to stay malware free. When using tools such as antivirus software, pay for the most up-to-date versions if possible and avoid free or cracked (unlocked) versions, which will likely offer inadequate protection. Seek professional advice before you invest, and if it looks too good to be true, it most likely is. I generally say, if the investment you are making is promising you a double digit return on that investment monthly, it is most likely a pyramid scheme that will surely crash or a scam investment. Do not click unsolicited links in emails, broadcast messages or even private messages on social media. Use freely available tools online, such as virus total, to vet if a link is secure or not. It is very pertinent to stay educated about online safety as an individual.
Many SMEs lack the ability or resources to protect themselves against cyber-attacks. For such SMEs, what would you recommend?
SMEs are generally very vulnerable to cyberattacks for a number of reasons. This is especially so because they lack the resources, in most cases, to have the people, processes and technology required to protect their businesses. It is for this reason that my organisation, Cybersafe Foundation, partnered with KPMG as a local implementing partner to launch the UK Digital Access Program funded Cybersecurity toolkit for SMEs in Nigeria. This tool contains a number of free vetted tools to increase these SMEs’ abilities to defend against prevalent cyber-attacks, as well as simple processes that SMEs can put in place to better protect their businesses online.
How would you describe the cybersecurity market in Nigeria?
I will say that the cybersecurity market in Nigeria is beginning to kick-off. With the accelerated digital transformation that COVID forced on companies in Nigeria, most organisations have pivoted their operations to have high dependence on technology. The heightened rate of cybercrimes across the world has also increased awareness of the importance of cybersecurity, causing boards of numerous organisations to seek education about cybersecurity and how they can protect their businesses. For a fact, cybersecurity has become a business enabler and the lack of it a major reason for businesses to fail or suddenly die. It is no longer a conversation about if a cyber attack will happen but when it will happen and how prepared an organisation is to defend, respond and recover from cyber-attacks. What I have just described is cyber resilience and should be the goal of all organisations in Nigeria. However, a lot of organisations are not making sufficient investments in cybersecurity in Nigeria, but I am hopeful that these changes and higher priority are placed on cybersecurity, especially kickstarting the journey to cyber resilience for most organisations.
What have been the major challenges in the Nigerian cybersecurity sector?
The major challenge is the lack of prioritisation for cybersecurity investments in most organizations in Nigeria. There’s also the challenge of talent flight. Information security professionals are leaving the country in droves, to seek greener pastures in developed countries. The cost of tools used by organisations to identify, protect , detect, respond and recover from cyber-attacks is high.
What would you advise the government to do to ensure proper cybersecurity awareness, especially for the most vulnerable citizens in the country?
My first recommendation is a multi-stakeholder continuous approach to cybersecurity awareness because only a collaborative effort will work, with the government playing the role of coordination. We need to have a campaign that is as strong as we did for COVID and Ebola. This can only happen with many stakeholders coming on board, including the media. There is also a need for localization of cybersecurity awareness content into a number of major local languages, targeting different demographics and also taking this to the grassroots. We also need to mainstream cyber security awareness, using media such as films and songs. There’s also the challenge of the widespread lack of digital literacy in Nigeria. Digital literacy is a core foundation upon which safe use of digital and cybersecurity awareness needs to build upon. The government needs to accelerate digital literacy through collaboration with private sector players, including civil society organisations, already doing brilliant work in that space.