Neo-Institutionalization of Cyber Criminal Activities in Africa – A Treatise

Longe Olumide (PhD) University Academic

Department of Computer Science, University of Ibadan, Ibadan, Nigeria

Director, Institute for Cyber Security & Allied Research ICITD, Southern University, Baton Rouge, Louisiana, USA

Introduction Introduction

Despite the body of research devoted to cyber attacks, identifying and analyzing the motivation for cyber criminals activities as well as governments and organizational responses that facilitates or hinder these attacks remain a difficult challenge (Cox et al, 2010; Otis & Evans 2003; Econinfosec, 2007).

Technocrats and theorists are at odds as to the best way to comprehend the actions of cyber criminals and the symbiotic relationships they have with various players.

Institutions Explained Institutions Explained Institutions influencing cyber attacks

reside at different levels—global, national, local, social network, professional, industry, inter-organizational and intra-organizational

These institutions exerts political, legal, cultural and other environmental factors specific to a country that influence cybercrime. The state is arguably the most important external institutional actor and powerful drivers of institutional isomorphism since a violation of laws and regulations can have harsh economic and social sanctions

Neo Institutional Neo Institutional ConnectionsConnectionsMacro- and micro-level institutions provide

regulative, normative and cognitive legitimacy to cyber criminals, organizations’ and governments’ actions that facilitate or hinder cyber attacks

Based on institutional procedure, we can connect cyber attack patterns to norms, rules, laws and cognitive assessment of cyber activities. A previous research (Longe et al, 2009) linked institutional legitimacy with cyber conflict and investigated cost-benefit associated cyber criminal activities as well as strategic asymmetry faced by organizations.

There is need to understand the exact nature of institutional mechanisms involved in cyber infrastructure and cyber criminal activities.

Recent Trends Recent Trends Recent events gives credence to the fact

that institutional processes can influence and explain causation, depth and patterns of cyber attacks.

Institutional activities can fuel cyber crime on local, national, national and global perspective.

It is also possible to create opportunities for cyber attacks through social engineering networks, professional organization network, inter-organizational and intra-organizational infrastructures (Strang and Sine 2002; Longe et al, 2010).

Disorganization and Disorganization and Deinstitutionalization of Primary Deinstitutionalization of Primary Societies in Africa Societies in Africa

Some institutionalisms refer traditional institutions consisting of custom and limited social networks (intragroup networks) of the pre-industrial era as the true forms of institutions (Sjostrand 1992).

The disorganization of primary society through the internet and cyber activities has contributed to society’s increasing deinstitutionalization.

In Africa, informal networks are still more effective than formal laws and regulations in dealing with local problems (Mol and Van Den Burg 2004). An individual’s social network is related to the obligation to be trustworthy and follow the norms of equity (Granovetter 1985).

Institutional Pillars Institutional Pillars Institutions residing at different levels can be

described in terms of three institutional pillars: regulative, normative and cognitive:

Regulative institutions

Regulative institutions consist of "explicit regulative processes: rule setting, monitoring, and sanctioning activities“ These consist of regulatory bodies enforcing existing laws and rules that influence cyber criminals to behave in certain ways.

Normative Institutions Normative Institutions Normative components introduce "a

prescriptive, evaluative, and obligatory dimension into social life” Practices that are consistent with and take into account the different assumptions and value systems of the national cultures are likely to be successful (Schneider 1999).

For instance, informal sanctions applied by a social group such as exclusion of a cyber-criminal from one's circle of friends send negative social feedback to the criminal

Cognitive Institution Cognitive Institution Cognitive institutions are associated with culture (Jepperson

1991). These components represent culturally supported habits that influence the cyber criminals’ behaviors. Cognitive programs that are built on the mental maps of individual criminals and thus function primarily at the individual level.

They are carried by individuals but social in nature Compliance in the case of cognitive legitimacy concerns is due to habits. Political elites, organizational decision makers and cyber criminals may not even be aware that they are complying.

Cognitive feedback depending on the nature and motivation of the actor include enjoyment from cybercrime, monetary gains and less guilt in such crimes.

Cyber Criminal Ideologies Cyber Criminal Ideologies

Ideology is an important component of cognitive institutions energizing many cyber criminals’ behaviors. Some recent cyber criminal activities in Africa are linked with fights for ideology.

Ideological hackers attack websites to further political purposes. Such hackings can be mapped with obligation/community based intrinsic motivations (Lindenberg 2001).

Cyber Criminal Cyber Criminal Ideologies Ideologies

Repatriation Ideology is also another dimension which justifies cyber activities on pay-back from the Western World.

Legitimization of cyber criminal activities as a form of gainful employment is also becoming increasingly popular in parts of Africa.

Parental support for cyber criminal activities push these criminals to go as far as seeking diabolical means to defraud victims and escapeprosecution

Why Do Entrepreneurs Fall Why Do Entrepreneurs Fall for Cybercrime for Cybercrime

GreedGullibility Gratification Ignorance The long awaited miracle syndrome The Love TrianglePermanent SentimentThe Theory of Pseudo Ownership –

Cyber Crime ProfileCyber Crime Profile

Does Internet Entrepreneurs Does Internet Entrepreneurs Have Enough Information on Have Enough Information on Cybercrime ?Cybercrime ? Internet security has not become a

boardroom priority in many organizations For example:

◦ A Jupiter Executive Survey in South Africa found that 29% of security practitioners rate the risk of cyber-attacks as “low.”

◦ In Nigeria our recent research found that 5/7 of surveyed businesses does not have a well-defined security plan in place against cyber attacks.

◦ The Small Business Pipeline investigation in Uganda found that 73% of small businesses have no written security plan even though many estimate that any type of business interruption could cost the company upwards of $10,000 per day.

In Ghana, Internet security budgets – are generally lower than required

How to prevent Cyber How to prevent Cyber crime crime

How to prevent Cyber How to prevent Cyber crime crime Using the computer at workplace –

between efficiency and privacy - Include the Policy on how to use

Internet at workplace as a part of the labour contract

- Training the employees on usage of Internet and software

- Training the employees on how they should treat confidential information and the essential passwords

What to do with a cybercrime What to do with a cybercrime case ?case ?

What to do with a cybercrime What to do with a cybercrime case ?case ?

Where to report cyber crime Where to report cyber crime cases?cases?Internet Fraud Complaint Center

(IFCC)http://www1.ifccfbi.gov/index.aspIFCC is a partnership between

the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).

Thank you !Thank you !