ECOWAS Cybersecurity Strategy Workshop

Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
Workshop organised by:
By
Abdul-Hakeem Ajijola
info@consultancyss.com
@ the
Bon Hotel Grand Pela, located at Plot 649, Cadastral Zone, Durumi, Abuja.
15 June 2017

 Cybersecurity
 Protection of assets against
risks within, & from, the
electronic environment
 Risk Management
 An Economic Problem
CYBERSECURITY VS. CYBER-CRIME
 Cyber-Crime
 Conduct prohibited by law, with
prescribed punishment, carried out
using digital systems like
computers, electronic, ancillary
devices, processes and/ or
procedures
CYBERSECURITY VS. CYBER-CRIME

WHY DO PEOPLE COMMIT CYBER CRIMES
Source: http://it.toolbox.com/people/kevjudge/
Financial
Make money
fraudulently or steal
money outright
Political
Cyber War: one
nation attacking
another
Hacktivist
Personal
Enjoy the
challenge & risk
Disgruntled
current or former
employees

7 Principles
of
Cybercrime
• Don't get caught -- stay untraceable
• Don't Work too hard -- take the easy
path
• Follow the money
• If you can't take out the target, move
the attack to a coupled dependency of
the target -- cause confusion/
misdirection
• Always build cross jurisdictional attack
vectors
• Attack people who won't/ can't
prosecute you
• Stay below the pain threshold – e.g.
below insurance limits
UNDERSTAND BAD ACTORS TO KNOW HOW TO PUSH BACK
Source: Barry Greene www.senki.org

0.80% of Nigeria’s GDP is lost to cybercrime
Equivalent to Cement sector
USA Center for Strategic & International Studies & information security firm McAfee, a subsidiary of Intel, titled
“Net Losses: Estimating the Global Cost of Cybercrime; Economic impact of cybercrime II”
http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdf
Nigeria’s GDP estimated by “TradingEconomics.com” to be $568.51 billion in 2014.
$450 million, equivalent to N89.55 billion annual
direct losses to the Nigerian economy.
Trading Economics http://www.tradingeconomics.com/nigeria/gdp
97,984,736 used the internet on a daily basis in
November, 2015
•Nigerian Communications Commission Internet Subscriber Data
http://www.ncc.gov.ng/index.php?option=com_content&view=article&id=68&Itemid=70
45.3% of internet users in Nigeria suffered attack in
the third quarter of 2015.
•Kaspersky Lab, 2015 survey, for Third quarter 2015 IT Threat Evolution report http://bizwatchnigeria.ng/nigerias-cyber-
malware-attacks-reach-45-3-in-q3-2015/
09 Jan 2016, “Anonymous hacker collective has
started a cyber-campaign against the government of
Nigeria, accusing it of corruption, greed, & theft.”
•Catalin Cimpanu http://news.softpedia.com/news/anonymous-starts-cyberattacks-against-nigerian-government-498676.shtml
.NG STATISTICS

Draft 419 Letter/
e-mail
Communication Exchange
419
Perpetrator
Nigeria 419 Cyber-crime – Life Cycle
E-mail Harvester
Mass-mail
Solution
Targeted victim
Response
Fake Document
Transfer of Funds
Adapted from flowchart originally produced by Femi Oyesanya & Vesper Owei
Processing/
Storage
Discard

Source: INTERPOL Trend Micro survey “Cybercrime in West Africa: Poised for an Underground Market”
https://documents.trendmicro.com/assets/wp/wp-cybercrime-in-west-africa.pdf
Volume of cybercrime-related
complaints received in West
Africa from 2013 to 2015
Volume of cybercrime-related
complaints that led to arrests in West
Africa from 2013 to 2015
Cybercrime-related Complaints Received in West Africa

LOCATIONS OF BUSINESS EMAIL COMPROMISE (BEC) FRAUD TARGET COMPANIES IN 2016
Research on BEC fraud (that may involve next-
level cybercriminals from West Africa) showed
that the most-targeted country was the United
States, closely followed by China.

INDUSTRIES TARGETED BY BEC FRAUD CAMPAIGNS IN 2016
Manufacturing industry was the most
targeted by BEC fraudsters
Possibly due to the fact that manufacturing
companies typically supply resources to smaller
companies and so engage in a lot of email
conversations and transactions that may
contain invoice details.

CYBERCRIMINAL RELATIONSHIP BREAKDOWN
The INTERPOL survey also revealed that almost half of the West African
cybercriminals profiled only knew their peers online. This characteristic is
more applicable to next-level cybercriminals, however, than Yahoo boys.

TYPICAL ROLES SEEN IN A CYBERCRIMINAL OPERATION ACCORDING TO LAW ENFORCEMENT RESPONSES
 Leader,
 Fraud operator who actually engages
in social engineering activities,
 Financial operator who manages
monetary transactions,
 IT technician who takes care of the
operational infrastructure, and
 Money mule. The small number of
money mule arrests could be due to
the fact that many of the mules
reside outside West Africa (typically
where they are required), which
poses jurisdiction and proportionate
resource considerations for law
enforcement agencies.

WEST AFRICAN CYBERCRIMINAL TOOLS
Email-Automation and Phishing Tools which gather target email addresses using free and
readily available tools:
“Email Extractor Lite” an
online tool hosted at evil-
brain.org.
“Bulk Email Extractor” crawls
through web pages to gather
email addresses
GSA Email Spider, which
harvests email addresses
aided by search engines.
Automate spam sending
Hack legitimate servers then
use tools such as
PHPMailer—an open source,
full-featured email-creation
and transfer class tool
Using a compromised
mailbox to send out spam
with malicious attachments
to potential victims
Set up fake domains to set
up several mailboxes for
spamming, they also use
these to set up fake company
web pages
Banking Trojans to gather
victims’ credentials.
Ice IX,22
Remote Administrative Tools
(RATs) and keyloggers like
Predator Pain and Limitless.
Ready-made malware
supports the nontechnical
cybercriminals
Avaliable from global
underground markets.
Prices, ranging from US$20
to US$100, or sometime free
with how-to guides and
troubleshooting help.

CYBERCRIMINALS’ PREFERRED COMMUNICATION TOOLS
 Operate in tight-knit groups:
 Each group member constantly communicates with peers—
sharing targets, compromised email accounts, tools, and best
practices.
 Attack tools
are usually
restricted to
technical
communities
or only
underground
markets

PORTALS USED BY CYBERCRIMINALS TO TARGET VICTIMS
Portals used by cybercriminals to
target businesses
Portals used by cybercriminals to
target individuals

ARE WE BOUND TO SEE A WEST AFRICAN UNDERGROUND MARKET?
Yes
West African cybercriminals are clearly shifting to more
elaborate crimes, complex operations, and business
models—Business Email Compromise (BEC) and tax fraud
Armed with their social engineering expertise and
ingenuity, and augmented by tools and services
(keyloggers, RATs, crypters, counter-AV services, etc.),
West African cybercriminals are stealing large amounts of
money via crimes targeting individuals and companies
worldwide
Cybercrime in West Africa is real: Simplest attacks enabled
by very clever social engineering tactics have crippled all
types of companies, regardless of size.
A West African underground market is emerging
and stronger law enforcement actions are needed to
stop the evolution of a sophisticated market.

CHALLENGES: RECURRING INVESTIGATION ROADBLOCKS
Possible reasons for these challenges include:
Lack of logistical resources and cybercrime training for local
law enforcement agents
Lack of cybercrime laws in the country or region concerned

19-Dec-15 Federal Court of Appeal
www.courtofappeal.gov.ng Protest of to deaths of
Shiite members in Zaria during clash with Nigerian
Army
11 Jul 2014 Independent National Electoral
Commission by TeaM Nigerian Cyber Army,
https://www.facebook.com/naijacyberarmy
Support of Kidnapped Chibok Girls
6 August 2015 Fed Poly Idah
http://www.fepoda.edu.ng &
http://www.federalpolyidah.edu.ng by
Hackinthunder. Someone aggrieved with the
institution
01-Oct-14 Nigeria's House of Representatives The
warning, which has been on the page for much of
the day, ends saying "No hard feelings though this
is just a security reminder.
23-Apr-15 Globacom www.gloworld.com by The
Nigerian Cyber Hunters led by HYPER-DARK a.k.a
Brunolin The motive, & reason behind the hack is
unknown.
28-Oct-11 Economic Financial Crimes Commission
(EFCC) www.efccnigeria.org by Naija Cyber
Hacktivist “Operation: Say No To Internet
Censorship”
EXAMPLES OF DEFACED NIGERIAN WEBSITES
BETWEEN 13 APRIL 2015 & 01 FEB 2016, ZONE-H RECEIVED NOTIFICATIONS OF 3,599
BREACHES OF NIGERIA (.NG) DOMAINS OF WHICH 2,518 WEBSITES WERE DEFACED.
ZONE-H HTTP://WWW.ZONE-H.ORG/ARCHIVE/FILTER=1/FULLTEXT=1/DOMAIN=NIGERIA

http://ghana.gov.gh/ - http://zone-
h.org/mirror/id/23569401
http://www.mfa.gov.gh/ - http://zone-
http://moc.gov.gh/ - http://zone-
http://scholarships.gov.gh/ - http://turk-
h.org/defacement/view/560295/scholarships.gov.gh/
http://navy.mil.gh/ - http://turk-
h.org/defacement/view/560287/navy.mil.gh/
http://nss.gov.gh/ - http://zone-
http://nfed.gov.gh/ - http://zone-
http://www.motcca.gov.gh/ - http://zone-
http://schoolfeeding.gov.gh/ - http://turk-
h.org/defacement/view/560288/schoolfeeding.gov.gh/
http://mwrwh.gov.gh/ - http://turk-
h.org/defacement/view/560292/mwrwh.gov.gh/
http://www.gida.gov.gh/site/p_ongoing -
http://zone-h.org/mirror/id/23569660
GHANA IS NOT IMMUNE TO CYBERCRIME
National Computer Incident Response Team CIRT √ √ √
http://www.modernghana.com/news/523954/1/ghana-upbeat-against-cyber-attacks.html#

• Cybersecurity is Risk Management
• Strong passwords prevent most attacks
• A new device is not necessarily safe
• ALL software has security vulnerabilities
• Every website & app should use HTTPS
• Cloud is not safe: new security problems
• Software updates crucial for protection
• Hackers are not criminals per-se
• Cyberattacks & cyberterrorism are rare
• Darknet (illegal hidden) ≠ Deep web (not
indexed)
Facts About Computer Security
Source: http://gizmodo.com/9-facts-about-computer-security-that-experts-wish-you-k-1686817774

WHO ELSE IS USING CYBERSPACE?
– Daesh: Islamic State
– Boko Haram: Jama’atu
Ahlis-Sunnah Lid Da’awati
Wal Jihad [People involved
in Call to Islam & Jihad]
– MEND: Movement for the
Emancipation of the Niger
Delta
– FARC–EP & FARC:
Revolutionary Armed Forces
of Colombia—People's Army
– Aum Shinrikyo Japanese
doomsday cult
Values, Propaganda, Financing & Recruitment
Pentagon Manipulates Social Media for Propaganda Purposes
Source http://www.globalresearch.ca/pentagon-seeks-to-manipulate-social-media-for-propaganda-purposes/25719
Not all cyber-crimes are acts of cyber-terrorism

CYBER TERRORISM FRAMEWORK AS DEFINED BY YUNOS & AHMAD
Source: Reference: R. Ahmad, Z. Yunos, S. Sahib, & M. Yusoff, “Perception on Cyber Terrorism: A Focus Group Discussion Approach,” Journal of
Information Security, vol. 03, no. 03, pp. 231-237, 2012
Cyberspace
(includes the Internet,
telecommunications
networks, computer
systems, & embedded
processors & controllers)
• Borderless
 ICT/cyber
technology
 Cyber
media
 Political
 Ideological
 Social
 Economic
 Critical National Information
Infrastructure computer system
 Critical Infrastructure
 Civilian population`
 Mass
disruption
or seriously
interfere
critical
services
operation
 Cause fear,
death or
bodily injury
 Severe
economic
loss
 Unlawful
means
 Illegal acts
Cyber
Terrorism
Target
Impact
Method
of Action
Domain
Tools of
Attack
Motivation

Que
pouvons-
nous faire
O que
podemos
fazer
‫نستطيع‬ ‫ماذا‬
‫نفعل‬ ‫ان‬

CYBER “THREAT” SPACE
Cyberspace is an environment that
combines
• People, Processes & Technology
Cyberspace is not borderless:
• Perceived as borderless because its
borders are seamless to the end user.
• Every country has its own cyberspace
which is defined by its national
infrastructure.
Implications:
• Threat actors carry out their activities in
an apparently seamless environment,
• National Security & Military Operatives
are constrained by issues of jurisdiction.
Nigeria through the National Cybersecurity
Policy & the National Cybersecurity
Strategy recognizes cyberspace as the 5th
domain of warfare after Land, Sea, Air &
Outer-space.

Develop, nurture &
patronize a home
grown ICT economic
sector
Generate employment
(job creation)
Increase incomes &
Government revenue
Promote Knowledge
Generation &
empowered Human
Resources
Foster confidence in
our economies & our
Broadband as well as
related ICT
infrastructure
Enable the Region to
meet it’s national
development agenda
Enhance human safety
& national wellbeing
Foster broader
adaptation of
knowledge “info-
structure” for broader
& even socio-economic
development
Reduce the cost of ICT
services by ensuring
that they carry only
what they are
designated to carry
REGIONAL STRATEGIC INTEREST

Goals:Objectives
Critical Success
Factors
Barriers
Initiatives/ Quick wins
Priorities
Develop a Strategic Plan
 Factor and Harmonise ECOWAS Members Interests
 Consider Member States needs
 Build on ongoing initiatives in member states (Nigeria, Ghana,
Cote d’Ivoire)
 Activate ECOWAN E3C (Command, Control and Communication)
ECONOC (ECOWAS Network Operations Centre)
 Leverage Africa and South-South Resources (Tunisia, Malaysia)

Standards &
Regulations
Activities
Outcomes
Capacity
Building
Activities
Outcomes
Accreditation
and
Examinations
Activities
Outcomes
Cooperation
(Internal,
Domestic &
International)
Activities
Outcomes
Promotion &
Awareness
Activities
Outcomes
STRATEGIC PILLARS: ACTIVITIES & OUTCOMES FOR EACH THEMATIC AREA
 Activities with Timelines & Milestones
 Outcomes & Key Performance Indicators for Monitoring &
evaluation

2018-2023
Business Plan
2018-2023
planned Milestones
& Key Performance
Indicators (KPIs)
Strategy & Road
Map
ECOWAS KPIs
Member States
KPIs
Ministries
Departments
Agencies and
Private Sector
KPIs
Build Strategic
Relationships with
Partners
Partner on
Awareness and
Capacity Building
Events
Networking Events
for MDA
TO DO

Like most of the World, Nigeria is building an electronic future upon
capabilities, processes & infrastructure that we have not yet
understood how to protect.
July 2013, an Irish “Gay” Hacker took down the official website
of the Federal Republic of Nigeria www.nigeria.gov.ng in protest
an anti-gay bill that was passed by the Nigerian Senate.
05 February 2015, the President launched:
• National Cybersecurity Policy
• National Cybersecurity Strategy
On 16 May 2015, the President signed the Cybercrime
(Prohibition Prevention, etc.,) Act 2015 into law
• 50 things to know about the Nigeria Cybercrimes (Prohibition,
Prevention, Etc.,) Act, 2015
https://www.linkedin.com/pulse/article/6028503695673614336/edit?articleId=6028503695673614336&trk=pulse-art-edit_btn
“I also wish to assure the wider international community of our
readiness to cooperate & help to combat threats of ….. Cyber
crime…..” - President Muhammadu Buhari 29 May 2015
inauguration speech
NIGERIA CYBERSECURITY: THE STATE OF PLAY

CYBERSECURITY RESILIENCE MATURITY FRAMEWORK
Source: John Gilligan, President and Chief Operating Officer at Schafer Corporation
Maturity
Descriptor
Employment of
Security Controls
Security Tailored
to Mission
Participate in
Information
Sharing (Threat/
Vulnerability)
Response to
Cyber Threats
Resilience to
Cyber Attacks
Level 5:
Resilient
Augment CSC
Based on
Mission
Mission
Assurance
Focused
Real-time
Response to
Inputs
Anticipate
Threats
Operate
through
Sophisticated
Attacks
Level 4:
Dynamic
Augment CSC
Based on
Mission
Mission
Focused
Real-time
Response to
Inputs
Rapid Reaction
to Threats
Able to
Respond to
Sophisticated
Attacks
Level 3:
Managed
CSC Integrated
and
Continuously
Monitored
Partially
Mission
Focused
Respond to
Information
Inputs
Respond to
Attacks After
the Fact
Protection
Against
Unsophisticated
Attacks
Level 2:
Performed
Foundational
Critical Security
Controls (CSC)
Implemented
Mission
Agnostic
Inconsistent
Response to
Information
Inputs
Respond to
Attacks After
the Fact
Some
Protection
Against
Unsophisticated
Attacks
Level 1:
No
Resilience
Inconsistent
Deployment of
Security
Controls
None None No Response Susceptible to
Unsophisticated
Attacks
Step1:CriticalSecurity
Controls(CSC)
Step2:Address
Sophisticated
Attacks

CORE ORGANIZATIONAL STRATEGY
Source: UK Government Cyber Essentials Scheme https://www.itgovernance.co.uk/cyber-essentials-scheme
APPROACH
• Ensure your cyber security is as effective as
possible without compromising the usability
of your systems.
• Ensure you have robust business continuity
plans in place that cover your information
assets so that you can resume normal
operations as soon as possible if an attack
is successful.
Follow
International
Standards as
guides
• ISO27001: Implementation of an
Information Security Management System
(ISMS);
• ISO22301: Implementation of a Business
Continuity Management System (BCMS).
• ISO27031, Applies specifically to
information and communication technology
business continuity, and the requirements
of ISO27001 and ISO22301 are mutually
compatible.

20 CRITICAL CYBER SECURITY CONTROLS
Source: Centre for Internet Security https://www.cisecurity.org/controls/
Critical Cyber Security Controls
Eliminate majority of
organization's
vulnerabilities
Inventory of Authorized
and Unauthorized Devices
Inventory of Authorized
and Unauthorized
Software
Secure Configurations for
Hardware and Software
Continuous Vulnerability
Assessment and
Remediation
Controlled Use of
Administrative Privileges
Secure your entire
organization against most
pervasive threats
Maintenance, Monitoring, and Analysis of
Audit Logs
Email and Web Browser Protections
Malware Defenses
Limitation and Control of Network Ports
Data Recovery Capability
Secure Configurations for Network Devices
Boundary Defense
Data ProtectionControlled Access Based on the Need to Know
Wireless Access Control
Account Monitoring and Control
Security Skills Assessment and Appropriate
Training to Fill Gaps
Application Software Security
Incident Response and Management
Penetration Tests and Red Team Exercises

!THE FUTURE IS MOBILE & THE FUTURE IS NOW
Source: http://www.ncc.gov.ng/index.php?option=com_content&view=article&id=125:subscriber-statistics&catid=65:industry-
information&Itemid=73

Heather Adkins,
director, information
security, Google
Ann Barron-DiCamillo,
director of US-CERT,
U.S. Department of
Homeland Security
Lara Nwokedi, Head of
Information Security
management First Bank
Plc.
Kathy Fithen, Chief
Privacy Officer (CPO),
Coca-Cola
Roxane Divol, General
Manager (GM) of
Symantec’s Trust
Services
Rakiya Shuaibu-
Mohammed, DD IT and
oversees Cybersecurity
CBN
Melinda Rogers, CISO,
Department of Justice
Latha Maripuri, SVP &
global CISO, News Corp.
Funke Opeke, founded
Main Street
Technologies & C.E.O.
MainOne
Julie Cullivan, senior
vice president of
business operations &
chief information
officer, FireEye
Eva Chen, CEO, Trend
Micro
Zareefa Mustapha PhD, ,
Lecturer, Baze
University
WOMEN IN IT SECURITY: POWER PLAYERS
Source: http://www.scmagazine.com/women-in-it-security-10-power-players/printarticle/421364/
Source: https://www.csc.tntech.edu/wicys/

Antimalware:
•"Malware are malevolent software such as viruses, worms, spyware, &
others that are designed to cause harm to computer based systems
including stealing information
•Antivirus is a software that detects & destroys computer viruses"
Data loss prevention
(DLP):
•A strategy to ensure that users do not send unauthorised information
outside a given network
DDOS Mitigation:
•A set of practices for countering distributed denial-of-service (DDoS)
attacks on Internet facing networks by protecting the target &
intermediary networks.
Disaster Recovery &
Business Continuity:
•Processes that help organizations prepare for disruptive events including
backing up data & having alternate platforms & operational sites.
Encryption:
•A process of encoding messages or information so that only those
authorized can read it
Firewall:
•Like the wall around a building/ compound a Computer/ Network Firewall
blocks unauthorized access while permitting legitimate communication
Identity Management
Access (IAM):
•Framework for the management of electronic identities
Intrusion prevention
systems (IPS):
•Monitor network and/or system activities for malicious activity
Risk & Compliance
Management:
•Ways to approach IT Governance, risk management, & compliance with
standards
Security/ Vulnerability
Management:
•The cycle of identifying, classifying, prioritising, reporting, remediating, &
mitigating computer/ network vulnerabilities
Unified Threat Management
(UTM)/ Unified Security
Management (USM):
•Comprehensive & often cost-effective set of network gateway protection
solutions
Web Filtering:
•A filtering tool that screens incoming web pages to determine if all or part
of it should be displayed
AFRICA CYBER SECURITY MARKET WORTH $0.92 BILLION IN 2015 & $2.32 BILLION BY 2020
Source: http://www.marketsandmarkets.com/PressReleases/africa-cyber-security.asp

West Africa must get Ready to Counter growing cybersecurity and cyber
Crime Challenges
• Education:
• Primary, Secondary, Vocational and Tertiary
• Lay Digital Society’s foundation’s:
• Positive regulation,
• Tax Incentives and
• Some Government investment in specific areas
• Create Centers of Knowledge:
• Educational and/ or Research Institutes
Year 2020 an MSME based Cybersecurity Solutions economic sub-sector
that enables a Cyber Resilient Digital Society should be in place,
principally driven by suitably empowered young knowledge workers
• Highly skilled Cybersecurity knowledge workers will constitute a
cyber-guard that the nation will leverage, in times of national cyber
emergencies
• We can succeed by working together
CONCLUSION: PROPOSITION FOR ADOPTION

for
your
attention
Merci de
votre
attention
Obrigado
pela sua
atenção
‫على‬ ‫شكرا‬
‫االهتمام‬
info@consultancyss.com

ECOWAS Cybersecurity Strategy Workshop

More Related Content

What's hot (20)

Similar to ECOWAS Cybersecurity Strategy Workshop (20)

Recently uploaded (20)

ECOWAS Cybersecurity Strategy Workshop

Editor's Notes