ABSTRACT

It cannot be denied that nowadays information is a very important asset for any

modern organization. Therefore protecting its security is very important and

becoming a top priority for many organizations. Unfortunately, there is no

single formula that can guarantee 100% of information security. Therefore

there is a need for a set of benchmarks or standards to ensure the best

security practices are adopted and an adequate level of security is

attained. During the research the menace caused by cyber security was

identified and highlighted.

Keywords: Cyber, Security, system and information

1
1.0 INTRODUCTION

In recent times, our society is increasingly relying on the internet and other

information technology tools to engage in personal communication and conduct

business activities among other several benefits. While these developments

allow for enormous gain in productivity, efficiency and communication they

also create a loophole which may totally destroy an organization. The term

Cyber Security is the basis of information dissemination in the internet age.

Although cyber security is not merely about the Internet; our dependence on

multiple, complex, interacting digital systems grows day by day. So there is a

vital need to ascertain a proper and secured means of securing our data over the

internet. It is important to note that cyber security cannot be well articulated

without firstly understanding the meaning and concept of cybercrime – since it

is cybercrime that brings the need for cyber security (Chun Lee, 2000).

Cyber Crime is a crime which involves the use of digital technologies in

commission of offence, directed to computing and communication technologies.

The modern techniques that are proliferating towards the use of internet activity

results in creating exploitation, vulnerability making a suitable way for

transferring confidential data to commit an offence through illegal activity

(Macki, 2009).

The activity involves like attacking on Information center Data System, theft,

child pornography built images, online transaction fraud, internet sale fraud and

2
also deployment in internet malicious activities such as virus, worm and third

party abuse like phishing, email scams etc. The universal approach of network

like internet at all levels of network needs to recover from committing illegal

activity in all over the world and to stop the criminal nature by protecting

unlawful activity by enforcing different level of firewall setting within its

offline control for every nation in order to monitor and prevent crimes carried

out in cyberspace. Network security controls are used to prevent the access of

hackers in networks which includes firewall, virtual private networks and

encryption algorithms. Out of these, the virtual private network plays a vital role

in preventing hackers from accessing the networks. Virtual Private Network

(VPN) provides end users with a way to privately access information on their

network over a public network infrastructure such as the internet (Baure, 2001).

It is believed the first recorded cybercrime took place in the year 1820.This can

be true with the fact that, computer did exist since 3500 BC in India, China and

Japan. The modern computer began with the analytical engine of Charles

Babbage (Gerstein, 2011).

Although the history of cybercrime cannot be ascertained in Nigeria but it effect

is visual. Cybercrime has gradually crippled our economy. It has hindered the

nation from progressing; many youth in Nigeria are now into cyber bullying and

cybercrime. This has motivated us to embark on this research in order identify

the possible security measures of eliminating or reducing cybercrime in Nigeria.

3
2.0 LITERATURE REVIEW

THE EVOLUTION OF CYBER SECURITY

Cyber security practices continue to evolve as the internet and digitally

dependent operations develop and change. According to Secure works, people

who study cyber security are turning more of their attention to the two areas in

the following sections.

i. The Internet of Things: Individual devices that connect to the internet

or other networks offer an access point for hackers. Cytelligence reports

that in 2019, hackers increasingly targeted smart home and internet of

things (IoT) devices, such as smart TVs, voice assistants, connected baby

monitors and cell phones. Hackers who successfully compromise a

connected home not only gain access to users’ Wi-Fi credentials, but may

also gain access to their data, such as medical records, bank statements

and website login information.

ii. The Explosion of Data: Data storage on devices such as laptops and cell

phones makes it easier for cyber attackers to find an entry point into a

network through a personal device. For example, in the May 2019 book

Exploding Data: Reclaiming Our Cyber Security in the Digital Age,

former U.S. Secretary of Homeland Security Michael Chertoff warns of a

pervasive exposure of individuals’ personal information, which has

become increasingly vulnerable to cyber-attacks.

4
Consequently, companies and government agencies need maximum cyber

security to protect their data and operations. Understanding how to address the

latest evolving cyber threats is essential for cyber security professionals.

FORMS OF CYBER SECURITY

Cyber security professionals should have an in-depth understanding of the

following types of cyber security threats.

i. Malware: Malware is malicious software such as spyware, ransom ware,

viruses and worms. Malware is activated when a user clicks on a

malicious link or attachment, which leads to installing dangerous

software. Cisco reports that malware, once activated, can;

 Block access to key network components (ransomware)

 Install additional harmful software

 Covertly obtain information by transmitting data from the hard

drive (spyware)

 Disrupt individual parts, making the system inoperable

ii. Emotet: The Cyber security and Infrastructure Security Agency (CISA)

describes Emotet as “an advanced, modular banking Trojan that primarily

functions as a downloader or dropper of other banking Trojans. Emotet

continues to be among the most costly and destructive malware.”

iii. Denial of Service: A denial of service (DoS) is a type of cyber-attack

that floods a computer or network so it can’t respond to requests. A

5
 distributed DoS (DDoS) does the same thing, but the attack originates

from a computer network. Cyber attackers often use a flood attack to

disrupt the “handshake” process and carry out a DoS. Several other

techniques may be used, and some cyber attackers use the time that a

network is disabled to launch other attacks. A botnet is a type of DDoS in

which millions of systems can be infected with malware and controlled

by a hacker, according to Jeff Melnick of Netwrix, an information

technology security software company. Botnets, sometimes called zombie

systems, target and overwhelm a target’s processing capabilities. Botnets

are in different geographic locations and hard to trace.

iv. Man in the Middle: A man-in-the-middle (MITM) attack occurs when

hackers insert themselves into a two-party transaction. After interrupting

the traffic, they can filter and steal data, according to Cisco. MITM

attacks often occur when a visitor uses an unsecured public Wi-Fi

network. Attackers insert themselves between the visitor and the network,

and then use malware to install software and use data maliciously.

v. Phishing: Phishing attacks use fake communication, such as an email, to

trick the receiver into opening it and carrying out the instructions inside,

such as providing a credit card number. “The goal is to steal sensitive

data like credit card and login information or to install malware on the

victim’s machine,” Cisco reports.

6
vi. SQL Injection: A Structured Query Language (SQL) injection is a type

of cyber-attack that results from inserting malicious code into a server

that uses SQL. When infected, the server releases information.

Submitting the malicious code can be as simple as entering it into a

vulnerable website search box.

vii. Password Attacks: With the right password, a cyber-attacker has access

to a wealth of information. Social engineering is a type of password

attack that Data Insider defines as “a strategy cyber attacker’s use that

relies heavily on human interaction and often involves tricking people

into breaking standard security practices.” Other types of password

attacks include accessing a password database or outright guessing.

SECURITY MANAGEMENT STRATEGY

1) Educate Staff: Human error was the cause of 90% of data breaches in

2019. This concerning statistic, however, has a silver lining. If staffs are

taught how to identify and correctly respond to cyber threats, the majority

of data breach incidents could be avoided. Such educational programs

could also increase the value of all cyber security solution investments

because it would prevent staff from unknowingly bypassing expensive

security controls to facilitate cybercrime.

2) Protect Your Sensitive Data: Invest in tools that limit information loss,

monitor your third-party risk and fourth-party vendor risk and

continuously scan for data exposure and leaked credentials. Data leaks, if

7
 left unattended, could help cybercriminals gain access to internal

networks and breach sensitive resources. It's important to implement a

data leak discovery solution capable of also monitoring leaks throughout

the third-party network.

3) Implement a Third-Party Risk Management (TPRM) Solution: Use

technology to reduce costs like automatically sending out vendor

assessment questionnaires as part of an overall cyber security risk

assessment strategy. Companies should no longer be asking why is cyber

security important, but how can I ensure my organization's cyber security

practices are sufficient to comply with GDPR and other regulation and to

protect my business against sophisticated cyber-attacks.

8
3.0 METHODOLOGY

Cyber Security Management focuses on the strategic deployment and

implementation of cyber security within an organisation. Hence, the

methodology is focused on building up strategic thinkers who can understand

the threat, manage resources and implement solutions. The study will therefore

take the following into consideration;

i. The evolution of Cyber security

ii. Forms and Types of Cyber Security

iii. Security management strategy

iv. Importance of Cyber Security awareness

The above listed will be explored using various existing literatures, articles and

journals in order to save time and resources. This procedure involves the use of

secondary method of data collection.

9
4.0 RESULT AND DISCUSSION

Dealing with the adversary is one of the most challenging, yet intriguing and

important aspects of cyber security research. We would encourage readers not

to worry about understanding or designing the perfect representation for the

adversary for your research or development. Instead, make sure that

consideration for adversal perspective is included in all aspects of your work.

Perfection is never required, but diligence is. This would include

acknowledgments where your research might deviate from adversarial behavior,

or limitations in modeling, or your own understanding. The more information

that we can share about our own limitations, assumptions, and conditions, the

better for other researchers to pick up the mantle and move the research

forward.

This is not a call to give up on adversarial research in and of itself, either.

Indeed quite the contrary, far too often, much research is done in the absence of

adversarial awareness, modeling, or consideration. Designing more secure

computers, or networks, without understanding how the adversary operates (or

your own users) is doomed to fail. Cyber security research and development can

leverage the body of work that has gone before in other domains that study

conflict and human agency. Furthermore, substantial current work is available

to characterize adversarial intent, methods, abilities, resources, and so on.

Models of various techniques also exist to describe adversarial behavior in

10
context. In the end, this field is fraught with limitations and challenges, but as

researchers continue to answer questions about adversary-cyber-defender

interactions, the entire field is advanced and development can continue its

frenzied pace on a more solid foundation of knowledge.

11
12
 CONCLUSION

Cybercrime is a menace that should be eradicated or reduced to a very minimal

level for our great nation to break even. Several prominent cybercrimes and

causes have been discussed in this paper. Numerous ways have been proposed

on how to detect and prevent cybercrime, however much can still be done by

government and individuals to reduce it. This can greatly be achieved by

investing on cyber security measures.

13