COMBATING CYBERCRIME: THE CONCEPT OF CYBERSECURITY

The ideas for combating cybercrime, such as laws (Substantive law, procedural law, and preventive law), investigation, creating awareness, capacity building and training, establishing cyber security authority, and building cyber security culture, among others, collectively sum up cyber security. The general conversation surrounding cyber security in the world is necessitated by cybercrime and its effects on economies worldwide. For instance, statistics from the Cybercrime Unit of the Criminal Investigation Department of the Ghana Police Service indicate that Ghana lost $273.5 million to cybercrime activities from 2016 to 2022. Also, the massive cyberattack on Georgia in 2019, which is argued to have knocked out up to 15,000 state, private, and media websites as well as the national television station and even court websites containing case materials and personal data affected, raises a huge concern about the urgent need to prioritize cyber security as not just an individual or personal problem but a national security issue. The fact that technological advancement is not ceasing, cybercriminals will continue to exploit the loopholes, which has prompted academia to introduce a full program of study on cyber security. The issue of cyber security has become incumbent on every nation and, by extension, businesses and individuals since cybercrime has become an existential threat to the world. Wilczek (2020) justified the urgent need for cyber security to be prioritized with the argument that cybercrime is surpassing world-established multinational firms and companies in revenue generation.

De Groot (2022) posits that cyber security is a body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. De Groot further states that cyber security can be referred to as information technology security. According to Kelley (2022), the field of cyber security deals with ways to protect systems and services from malicious online actors, including hackers, spammers, and cybercriminals.

Given the above, cyber security can be argued to mean the continuous process, mechanism, strategies, and techniques constantly designed to protect, detect, and retrieve computer systems, information, networks, devices, and programs from attacks, damage, and unauthorized access. This means cyber security is not only about protecting computer systems, information, networks, devices, etc. from cyber threats and cybercriminals, but also about building mechanisms for backups in the unlikely event that the unfortunate happens, as well as sensitizing people, businesses, and institutions to be able to identify threats and act accordingly in order not to fall victims. Cybersecurity is a continuous process because cyberattacks are increasingly sophisticated and evolving, hence the need to constantly upgrade the strategies, systems, and techniques aimed at protecting cyberspace to meet prevailing conditions.

Cybersecurity plays a critical role in developing the global economy at a time when the digital economy is undergoing a paradigm shift. This development has awakened stakeholders in cyberspace to secure space from threats and attacks to maximize the full potential of information and communication technology to develop their economies. Preventing cybercrime is not only an individual responsibility but also a national security issue. Here are some steps a country can take to prevent cybercrime:

1. Create a national cybersecurity strategy outlining goals and objectives.
2. Create a national cybersecurity agency for strategy implementation.
3. Increase cybersecurity awareness through campaigns to protect citizens.
4. Enhance cybersecurity education to train future experts.
5. Develop robust cybersecurity policies and standards for government agencies, critical infrastructure providers, and other organizations.
6. Promote international cooperation to share information and collaborate on cybersecurity initiatives.
7. Increase investment in cybersecurity research and development to stay ahead of evolving cyber threats.
8. Develop incident response plans to respond effectively to cyber incidents and reduce the damage caused by them.
9. Enact laws and regulations to ensure compliance with cybersecurity standards and punish cybercriminals.
10. Conduct regular cybersecurity audits to identify vulnerabilities and enhance the cybersecurity posture of critical infrastructure and government agencies.

Also, preventing cybercrime is a responsibility that falls on individuals as well as organizations and governments. The fight against cybercrime cannot be left to only the government and institutions, there is a need for individuals to get actively involved to complement the efforts of the government. This is because the negligence and security unconsciousness of individuals can render government intervention in protecting cyberspace fruitless, hence the need for a collaborative effort between the government and the general populace, who are the end users.

 Ramachandran (2019) outlined the following as ways in which cyberspace can be secured worldwide:

1. Enterprises must implement secure practices to produce products and services, and educate employees on safety.
2. Governments should educate citizens on cyber security, align risk management and IT activities, and regulate private and public enterprises for compliance.
3. Countries must voluntarily adhere to acceptable cyber norms and international law for responsible state behavior to enhance predictability and stability in cyberspace, as outlined in the US National Cyber Strategy of 2018.
4. Countries should cooperate to have a secure cyberspace and allow legitimate requests for the extradition of criminals located abroad.
5. Companies, academia, and industry associations like ISACA must develop and maintain skilled cyber security personnel.
6. Countries should build strong detective and deterrence capabilities in cyberspace, in addition to having a robust incident response mechanism.
7. Enterprises should follow the National Institute of Standards and Technology Cybersecurity Framework and ISACA guidelines for benchmarking best practices.
8. Countries should promote internet freedom, a multi-stakeholder governance model, and interoperable communication infrastructure for a robust information and knowledge economy, ultimately leading to a prosperous global economy.

Baylon and Antwi-Boasiako (2016) admonished that electronic waste is destroyed or data on devices is wiped out before they are exported. They argued that to tackle cybercrime stemming from electronic waste, there must be greater efforts to destroy, wipe, or clean the memories of devices before they are exported, or better yet, physically destroy the hard drives with a hammer or other blunt instruments. Additional software that erases the hard disks can be employed. According to Baylon and Antwi-Boasiako (2016), to successfully secure cyberspace from cybercriminals with regards to cybercrime that stems from electronic waste, it is incumbent on governments of countries that export electronic waste to launch a public education campaign since most people are ignorant that the data remaining on their used devices could end up in the hands of cybercriminals. They strongly maintained that firms that recycle electronic waste for export and those that manufacture devices should be encouraged, if possible, to recycle used devices instead of exporting them, as this is the most assured way of preventing cybercriminals from obtaining data on these devices to exploit them.

Because cyberattacks and data breaches may be expensive, cyber security strategies are crucial. Employees, however, are frequently the weak points in a company’s security. Employees fail to encrypt important data, exchange passwords, click on harmful URLs and attachments, utilize unauthorized cloud services, and share passwords. Public businesses or organizations that operate in regulated sectors like healthcare, banking, or insurance should pay particular attention to these sorts of regulations.

To put cyber security in a proper perspective, to secure cyberspace or to fight cybercrime in Ghana, strict measures in the form of laws, awareness creation, security culture, investigations, capacity building and training on cybercrime, as well as the establishment of cyber security authority, should be of utmost importance to serve the purpose of protecting the cyberspace;

Laws: To defeat cybercrime in any environment and protect cyberspace, strict laws should be passed to deal with activities that pose a threat to cyberspace. Regulations to lower the risk and/or mitigate the harm done to people, organizations, and infrastructure due to cybercrime should be included in the law. These regulations should also cover the use of the internet, computers, and related digital technologies, as well as the actions of the general public, the government, and private organizations. Accordingly, the law must include substantive, procedural, and preventive laws (United Nations Office on Drugs and Crime, 2019). Substantive law here means the law must spell out specific acts that are deemed illegal and, as a result, warrant punishment. This is because a person cannot be punished for an act that was not prescribed by law at the time the person committed the act; procedural law is the process and procedures to be followed in the application of the law and the rules to enable the enforcement of the law. Preventive law focuses on preventing cybercrime or mitigating the damages resulting from the commission of the crime. The law ought to be tough and punitive enough for payment providers found negligent about cybercrime. For instance, the United Kingdom Home Office launched consultation to ban all cold calls advertising financial services, enhanced support for victims, and passed a law making payment providers to reimburse victims all as a strong action to fight scammers. Therefore, laws with strict enforcement are a prerequisite for cyber security; the nature and type of laws are country-specific and dependent on the problem at hand.

Investigations: Once laws are made in the bid to protect cyberspace, institutions responsible for the implementation and enforcement of the laws must be fully equipped with logistics and training and be motivated to be able to investigate and apprehend perpetrators of cybercrime. There should be specialized cybercrime investigators to act proactively in investigating and analyzing potential threats in order to prevent or mitigate the damages that are caused by cybercriminals. Investigations should not only be conducted in a reactive manner when harm has already been done. The best way to use investigation to secure cyberspace is for it to be largely proactive to prevent damages while putting in a strenuous effort to also investigate, apprehend, and prosecute perpetrators to deter potential offenders from engaging in the cybercrime trade.

Awareness creation: To effectively fight cybercrime, there must be a serious awareness creation among the citizens to make them well informed on cybercrime and get them equipped on cyber security. There is a need to educate the general populace because they are the users of these technological and digital devices and are prone to cyber-attacks when ignorant because the people are those who make institutions secure, not technology. No one is immune to a cyber incident or one “bad click.” We must increase awareness at all ages and levels, regardless of industry. It is crucial to start educating kids about cybersecurity in particular. In this era of rapid technological advancement, children need to immerse themselves in technology at a young age to learn the skills they will need throughout their lives. To fully take advantage of this chance, they must be given the necessary tools, protection, and knowledge of the hazards. Governments and the private sector should collaborate to work toward unified awareness campaigns. Furthermore, users should never be the last line of defense in cybersecurity, as they need to play a role in educating each other and amplifying the reach of awareness campaigns (World Economic Forum, 2020).

As part of cyber security awareness, it is suggested that institutions, businesses, and organizations maintain the most recent version of their software, use anti-virus software and a firewall, make use of strong passwords and a password management tool, use two-factor or multi-factor authentication, and make staff understand phishing scams. Pamphlets, phone calls, and emails all need to be handled with caution.  Whether you are concerned about ransomware, remote working, insider threats, or any other risk, you must review your security measures and determine whether they are fit for the current environment. That could mean testing your infrastructure to identify possible vulnerabilities, updating documentation to bolster general data protection regulation compliance, and improving employees’ security and data awareness through training.

Cyber capacity building and training: Creating cyber security awareness among the people can be maximized when the people and institutions operating in cyberspace, as well as the regulatory institutions’ abilities to detect, investigate, and respond to threats, are built. Cyber capacity building and training can be actualized to secure cyberspace through programs, including training on cyber attribution and the framework of responsible state behavior, strengthening international partnerships, and encouraging excellent practices that uphold rights while defending the security of cyberspace. Also, cyber capacity building and training can be achieved by establishing and strengthening cybersecurity incident response teams, developing and implementing national cyber strategies and policies, and raising awareness of cyber security (Naylor, Painter, & Hakmeh, 2022).

Critical infrastructure needs to be strengthened. With these elements in place, people can utilize the Internet, with the danger of malware and similar threats reduced. Awareness creation through education and information sharing is vital for good cyber hygiene and sustainable cyber capacity. This must be done on all levels, from the grassroots to the top echelons, in all departments and sectors, from legislation to the creation of new departments and infrastructure. The ability to communicate this information is a central factor. Educators, means, and funds are needed to achieve this goal. Being able to locate the right partners to create awareness of the importance, willingness, and political stability of cyberspace is a key factor in building cybercapabilities. Education, learning, sharing, and cooperation are central to success (Muller, 2015).

Establishing cybersecurity authority: To secure cyberspace, it is a necessity to establish a body that will be responsible to regulate cybersecurity activities; preventing, managing, and responding to cybersecurity threats and regulating owners of critical information infrastructure about cybersecurity operations, service providers, and practitioners; fostering the growth of cybersecurity in the nation to maintain a secure and resilient digital ecosystem; establish a platform for cross-sector engagements, on matters of cybersecurity for effective coordination and cooperation between key public institutions and the private sector; create awareness of cybersecurity matters; and collaborate with international agencies to promote cybersecurity of the country. Without establishing a cybersecurity authority that will spearhead the campaign, securing cyberspace will face tremendous setbacks and failure.

Cybersecurity Culture: All measures aimed at securing cyberspace can be implemented, but without the right or good cybersecurity culture, all the efforts will not yield any positive results because people make an organization secure, not technology. A strong cybersecurity culture starts with building awareness and encouraging best practices in cyber-hygiene, normalizing these behaviors so they become second nature to people. Building a culture of awareness, trust, and knowledge in an organization means incidents are less likely to occur, and if they do, the people will be much more prepared to deal with the fallout quickly and effectively to minimize any financial, technical, or reputational damage. The cybersecurity culture of an organization encompasses the knowledge, awareness, attitudes, and behaviors of employees regarding the threat landscape, cybersecurity, and information technologies (Duggal, 2022). A strong cyber security culture is one in which the organization’s approach to cyber security is supported by both the organizational determinants of culture (policy, process, leadership, social norms, etc.) and the individual determinants of culture (attitudes, knowledge, assumptions, etc.) and is reflected in cyber security conscious behaviors (Everard, 2021).

Politics in the context of Ghana should not play a role in the debate of cyber security as is customary given how crucial this topic is to advancement on all fronts given the current trajectory of events on a global scale. Every nation’s course is affected by the countermeasures it takes against cybercrime. The process of making the most of the opportunities it gives in order to push the nation to fully utilize the enormous potential it holds. Or we might only give lip service and invent phrases to fool ourselves while doing nothing useful. As long as cybercrime continues to develop, there will always be a need for ongoing and renewed efforts to address the issue of cybersecurity. Ghana should put more effort into safeguarding the internet.

Author’s Profile: He is an investigator and Cybersecurity Practitioner. The author’s research interests are in IT, Cybersecurity, Law, Artificial Intelligence, Security, and Criminal Psychology.

Recommended Citation: Abdul-Salam, S. (2023). Combating Cybercrime: The Concept Of Cybersecurity.

Please address all correspondence to: Abdul-Salam Shaibu by Phone: at (+233) 026 530 8783 and by email on shaibubaba80@gmail.com