200 likes | 323 Views
Neo-Institutionalization of Cyber Criminal Activities in Africa – A Treatise . Longe Olumide (PhD) University Academic Department of Computer Science, University of Ibadan, Ibadan, Nigeria
E N D
Neo-Institutionalization of Cyber Criminal Activities in Africa – A Treatise Longe Olumide (PhD) University Academic Department of Computer Science, University of Ibadan, Ibadan, Nigeria Director, Institute for Cyber Security & Allied Research ICITD, Southern University, Baton Rouge, Louisiana, USA
Introduction • Despite the body of research devoted to cyber attacks, identifying and analyzing the motivation for cyber criminals activities as well as governments and organizational responses that facilitates or hinder these attacks remain a difficult challenge (Cox et al, 2010; Otis & Evans 2003; Econinfosec, 2007). • Technocrats and theorists are at odds as to the best way to comprehend the actions of cyber criminals and the symbiotic relationships they have with various players.
Institutions Explained • Institutions influencing cyber attacks reside at different levels—global, national, local, social network, professional, industry, inter-organizational and intra-organizational • These institutions exerts political, legal, cultural and other environmental factors specific to a country that influence cybercrime. The state is arguably the most important external institutional actor and powerful drivers of institutional isomorphism since a violation of laws and regulations can have harsh economic and social sanctions
Neo Institutional Connections • Macro- and micro-level institutions provide regulative, normative and cognitive legitimacy to cyber criminals, organizations’ and governments’ actions that facilitate or hinder cyber attacks • Based on institutional procedure, we can connect cyber attack patterns to norms, rules, laws and cognitive assessment of cyber activities. A previous research (Longe et al, 2009) linked institutional legitimacy with cyber conflict and investigated cost-benefit associated cyber criminal activities as well as strategic asymmetry faced by organizations. • There is need to understand the exact nature of institutional mechanisms involved in cyber infrastructure and cyber criminal activities.
Recent Trends • Recent events gives credence to the fact that institutional processes can influence and explain causation, depth and patterns of cyber attacks. • Institutional activities can fuel cyber crime on local, national, national and global perspective. • It is also possible to create opportunities for cyber attacks through social engineering networks, professional organization network, inter-organizational and intra-organizational infrastructures (Strang and Sine 2002; Longe et al, 2010).
Disorganization and Deinstitutionalization of Primary Societies in Africa • Some institutionalisms refer traditional institutions consisting of custom and limited social networks (intragroup networks) of the pre-industrial era as the true forms of institutions (Sjostrand 1992). • The disorganization of primary society through the internet and cyber activities has contributed to society’s increasing deinstitutionalization. • In Africa, informal networks are still more effective than formal laws and regulations in dealing with local problems (Mol and Van Den Burg 2004). An individual’s social network is related to the obligation to be trustworthy and follow the norms of equity (Granovetter 1985).
Institutional Pillars • Institutions residing at different levels can be described in terms of three institutional pillars: regulative, normative and cognitive: • Regulative institutions • Regulative institutions consist of "explicit regulative processes: rule setting, monitoring, and sanctioning activities“ These consist of regulatory bodies enforcing existing laws and rules that influence cyber criminals to behave in certain ways.
Normative Institutions • Normative components introduce "a prescriptive, evaluative, and obligatory dimension into social life” Practices that are consistent with and take into account the different assumptions and value systems of the national cultures are likely to be successful (Schneider 1999). • For instance, informal sanctions applied by a social group such as exclusion of a cyber-criminal from one's circle of friends send negative social feedback to the criminal
Cognitive Institution • Cognitive institutions are associated with culture (Jepperson 1991). These components represent culturally supported habits that influence the cyber criminals’ behaviors. Cognitive programs that are built on the mental maps of individual criminals and thus function primarily at the individual level. • They are carried by individuals but social in nature Compliance in the case of cognitive legitimacy concerns is due to habits. Political elites, organizational decision makers and cyber criminals may not even be aware that they are complying. • Cognitive feedback depending on the nature and motivation of the actor include enjoyment from cybercrime, monetary gains and less guilt in such crimes.
Cyber Criminal Ideologies • Ideology is an important component of cognitive institutions energizing many cyber criminals’ behaviors. Some recent cyber criminal activities in Africa are linked with fights for ideology. • Ideological hackers attack websites to further political purposes. Such hackings can be mapped with obligation/community based intrinsic motivations (Lindenberg 2001).
Cyber Criminal Ideologies • Repatriation Ideology is also another dimension which justifies cyber activities on pay-back from the Western World. • Legitimization of cyber criminal activities as a form of gainful employment is also becoming increasingly popular in parts of Africa. Parental support for cyber criminal activities push these criminals to go as far as seeking diabolical means to defraud victims and escapeprosecution
Why Do Entrepreneurs Fall for Cybercrime • Greed • Gullibility • Gratification • Ignorance • The long awaited miracle syndrome • The Love Triangle • Permanent Sentiment • The Theory of Pseudo Ownership –
Does Internet Entrepreneurs Have Enough Information on Cybercrime ? • Internet security has not become a boardroom priority in many organizations • For example: • A Jupiter Executive Survey in South Africa found that 29% of security practitioners rate the risk of cyber-attacks as “low.” • In Nigeria our recent research found that 5/7 of surveyed businesses does not have a well-defined security plan in place against cyber attacks. • The Small Business Pipeline investigation in Uganda found that 73% of small businesses have no written security plan even though many estimate that any type of business interruption could cost the company upwards of $10,000 per day. • In Ghana, Internet security budgets – are generally lower than required
How to prevent Cyber crime Using the computer at workplace – between efficiency and privacy • Include the Policy on how to use Internet at workplace as a part of the labour contract • Training the employees on usage of Internet and software • Training the employees on how they should treat confidential information and the essential passwords
Where to report cyber crime cases? • Internet Fraud Complaint Center (IFCC) • http://www1.ifccfbi.gov/index.asp • IFCC is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).