•NCC challenged on cyber security standards for telcos
•Commission sets up Computer Incident Response Team
•Tips to avoid cyber attack
By Prince Osuagwu, Hi-Tech Editor
Cybercrime is assuming an alarming dimension. The menace is gradually moving from banks, governments and other large institutions with huge databases, into mobile networks.
The risk increases every day as more data-driven innovations emerge.
This poses great danger for everybody considering pervasive mobile connections and penetration of mobile phones.
The onslaught of cybercrime has made the International Telecommunications Union, ITU to mandate countries to farm out means of tackling the scourge at the national level.
In response to the ITU mandate, the Nigerian Communications Commission, NCC, last week, organised the 87th Telecom Consumer Parliament , with discussions centred on how to protect telecommunications networks from cyber attacks.
Discussing the theme: Challenges of Cybercrime: The Role of the Telecoms Service Providers, the regulator and the telecom companies brainstormed on how to collaborate to avert cyber-attacks.
While NCC was tasked on developing a standard for cyber security management system for telcos, the telcos were advised to copy banks’ Know Your Customer, KYC template in order to maintain a clearer database of their customers.
Presenting the lead paper which touched on the sociology of cybercriminality, policy and legal framework required to deal with the challenges, as well as the role of the regulator and the service providers, a certified ethical hacker and information security expert, Dr. Greg Ezeilo, said that the growing trend of cybercriminality calls for active policy frameworks and collaborative efforts between the regulator and the operators.
Responding to the call, the NCC, revealed it has established a Computer Incident Response Team, CIRT, to ensure that telecommunication networks are secured.
CIRT is a networked computer systems designed to checkmate incidences of cyber attacks on the telecommunications networks.
Executive Vice-Chairman of the commission, Prof. Umar Danbatta who made the disclosure, said: “The intention is to ensure that the telecommunications networks are secured because, in addition to the benefits of digital revolution which is referred to as the fourth industrial revolution, there is a risk dimension that results in the erosion of privacy and security.
“Therefore, NCC must be in the forefront on ensuring that our telecommunications networks are secured enough to ensure that Nigerians who want to subscribe to telecom services will do so without any fear of their security/privacy being violated.”
Danbatta also said that having done that, which fulfils the primary responsibility of the government to protect its cyberspace, there should also be a sectoral cyber security protection system to shake hands with the efforts of the government. He said the results would be the strengthening of individual and organisational cyber protection measures.
He said: “For us in Nigeria, as it is the case in other countries where demand for broadband is increasing, we must be cognizant of the reality that access to broadband Internet has also brought unintended consequences of cybercrimes.
“Different criminal activities such as spamming, Subscriber Identity Module, SIM card frauds, credit card frauds, Automated Teller Machine, ATM frauds, phishing, identity theft, unauthorised access, distribution of obscene and indecent contents, cyber bullying, among several other forms of sophisticated cyber-criminal activities are being perpetrated within the cyberspace.
“We also believe that the time has come for organisations and telecoms service providers alike, to begin to use next-generation authentication as against the hitherto username-password authentication system because the Fourth Industrial Revolution, which offers opportunities for innovation, diversification, agility and cost optimisation, also carries with it an increased exposure to a new and jeopardising risk of cyberattacks.”
Categories of Cyber attacks
There are three major categories that cybercrime falls into: individual, property and government.
Property; is similar to a real-life instance of a criminal illegally possessing an individual’s bank or credit card details. The hacker steals a person’s bank details to gain access to funds and make purchases online
Individual: This category of cybercrime involves one individual distributing malicious or illegal information online, like pornography and trafficking.
Government: This is the least common cybercrime, but is the most serious offence. A crime against the government is also known as cyber terrorism. Government cybercrime includes hacking government websites, military websites or distributing propaganda.
Identity Theft: This cybercrime occurs when a criminal gains access to a user’s personal information to steal funds, access confidential information, or participate in tax or health insurance fraud. They can also open a phone/internet account in your name, use your name to plan a criminal activity and claim government benefits in your name. They may do this by finding out user’s passwords through hacking, retrieving personal information from social media, or sending phishing emails.
Cyberstalking: This kind of cybercrime involves online harassment where the user is subjected to a plethora of online messages and emails. Typically, cyberstalkers use social media, websites and search engines to intimidate a user and instil fear.
Social Engineering: Social engineering involves criminals making direct contact with the victim, usually by phone or email, trying to gain his confidence and usually pose as a customer service agent so as to gain necessary information needed.
Phishing: This type of attack involves hackers sending malicious email attachments or URLs to users to gain access to their accounts or computer. Users are tricked into emails claiming they need to change their password or update their billing information, giving criminals access.
Online Scams: These are usually in the form of ads or spam emails that include promises of rewards or offers of unrealistic amounts of money. Online scams include enticing offers that are too good to be true and when clicked on, can cause malware to interfere and compromise information.