Implentation of Critical Information Infrastructure Protection Techniques against Cyber Attacks

Contents

ABSTRACT

CHAPTER ONE INTRODUCTION
1.0 Introduction
1.1 Background of the study
1.2 Problem Statement
1.3 Aims and Objectives of the study
1.4 Research Questions
1.5 Research hypotheses
1.6 Significance of the study
1.7 Scope of the study
1.8 Limitation of the study

CHAPTER TWO LITERATURE REVIEW
2.1 INTRODUCTION
2.2 REVIEW/EXPLANATION OF IMPORTANT/RELEVANT TERMS AND TECHNOLOGIES
2.2.1 Concept of Critical Information Structure
2.2.2 Concept of Big Data
2.2.3 Concept of Big Data Analytics
2.2.4 Overview of Cyber-Crime and Cybersecurity
2.2.5 Goals of Cyber Security
2.2.6 E-crimes that are Peculiar to Nigeria
2.2.7 Concept of Cyber-Attack
2.2.8 Big Data Technologies
2.2.9 Threat detection with Big Data Analytics
2.2.10 Security Analytics With Big Data Analytics
2.2.11 Big Data Mechanism In Analytics Cybercrime
2.2.12 Challenges To Security From The Production, Storage, And Use Of Big Data
2.2.13 Best Practices For Managing Big Data In An Organization, From a Security Perspective
2.2.14 Technological Solutions Available To Secure Big Data And Ensure It’s Gathered And Used Properly
2.2.15 Strategic And Tactical Policy Approaches Exist To Do The Same
2.2.16 How The Use Of Big Data Different To The Use Of Large Datasets In The Past
2.2.17 How Companies Can Ensure And Prove Compliance While Using Big Data
2.2.18 How Traditional Notions Of Information Lifecycle Management Relate To Big Data
2.2.19 How Governance Frameworks Can Be Adapted To Handle Big Data Security Issues And Risk
2.3 REVIEW OF SIMILAR EXISTING SYSTEMS/PREVIOUS RELATED WORKS
2.3.1 SUMMARY OF RELATED WORK
2.4 IDENTIFICATION OF GAP FROM REVIEWED LITERATURE

CHAPTER THREE METHODOLOGY/SYSTEM ANALYSIS AND DESIGN
3.1 Introduction
3.2 Research Design
3.3 Population of the Study
3.4 Sample and Sampling Techniques
3.4.1 Sample Size
3.4.2 Sample Technique
3.5 Method of Data Collection Result
3.5.1 Primary
3.5.2 Instrument of Data Collection.
3.5.3 Administration of Instrument
3.5.4 Description Questionnaire
3.5.5 Secondary Data
3.6 Variables and Measurement
3.7 Method of Data Analysis
3.7.1 Non-inferential Techniques
3.7.2 Inferential Techniques
3.8 Ethical Consideration
3.9 Summary

CHAPTER FOUR DATA PRESENTATION, ANALYSIS AND DISCUSSION
4.1 Introduction

CHAPTER FIVE SUMMARY OF FINDINGS, CONCLUSION AND RECOMMENDATION
5.1 Summary of findings
5.2 Conclusion and Recommendation

REFERENCES

QUESTIONNAIRE

ABSTRACT

Big Data analytics is the act of analysing data to discover hidden patterns, trends, preferences, and other important information in order to detect infiltration, prevent fraud, and possibly make the right judgements.This study was carried out to investigate the implementation of big data analytics as a technique for information protection against cyber attacks. This study specifically examined the extent of big data analytics implementation and the challenges militating the adoption and full implementation. The survey research design was employed and a total of one hundred and twenty-one staff members of the Joint Admission and Matriculation Board (JAMB) and the Independent National Electoral Commission (INEC) were enrolled in the study. The instrumentation of questionnaire was used to elicit information from the study participants. The data collected were analysed using the binary logistic regression. Findings from the study revealed that big data analytics provides better advantage to information protection against cyber attacks. Also, the findings showed that to a significant extent, big data analytics has not been full adopted and implemented by institution and organizations in Nigeria. This gap was detected in this study to be a result of high cost of hiring expert personnel, time and large quantity of silos. These factors indirectly affects the decision of top management regarding the adoption and implementation of big data analytics. This study recommends the adoption and implementation of big data analytics by organizations and institutions in Nigeria. Adequate training should be provided for staff members whose job description involves interacting with big data.

CHAPTER ONE INTRODUCTION

1.0 Introduction

In 2016, BT, the telecoms company that owns and maintains the physical infrastructure that makes up the UK's broadband network, experienced an outage of a portion of its broadband services, causing hundreds of thousands of customers (including businesses) to lose Internet and phone connections for approximately two hours (Williams, 2016). This was the largest and most extensive network breakdown in years, according to the news item. Despite the fact that the corporation denies it and blames the network outage on a malfunctioning router, it has been speculated that the outage was caused by a cyber-attack. Whether BT's explanation for the outage (a malfunctioning router) is correct, the point is that it is definitely feasible to conduct a cyber-attack that may bring an organization's infrastructure down. What if this was a cyber-attack that affected more routers and lasted days rather than hours? For instance, the devastating effects on the country's economy, not to mention the lives lost when emergency services lost communication? On October 19, 2020, IBM researchers discovered vizom, a new type of stealthy malware that targets Brazilian account holders using remote overlay assaults according to Guillermo (2014) as cited in Brewer (2021). It is currently being used in a campaign in Brazil that aims to compromise bank accounts through online financial services. Due to the coronavirus pandemic, Vizom poses as a popular video conferencing software, which is now critical to businesses and social life (Brewer, 2021). The problem with such attacks is that they can eventually lead to a cascading failure of inter-bank funding, triggering a tipping point for a broader systemic liquidity crisis. In both of these scenarios, the organizations' operations are so intertwined with other organizations in their respective countries that their failure will inevitably trigger a domino effect, causing these other or related organizations to fail. As a result, the safeguarding of such infrastructures, also known as critical information infrastructures, is seen as a national security issue.

1.1 Background of the study

Cyber-attacks are constantly making headlines, putting countries, industries, and businesses at danger of security breaches. With society's reliance on technology and the introduction of the internet of things, things could get even worse. Cyber criminals are growing more smart and knowledgeable, as seen by the fatal software they use to attack businesses. In the year 2020, hackers used stealthy malware to infiltrate Solar breezes (a United States-based firm that provides network monitoring and other technical services to thousands of companies, including government agencies), and injected malicious code to the firm's software system. Companies utilize the Orion system to manage their information technology resources. The code provided a backdoor into the customer information technology system, which hackers used to spy on businesses, organizations, and government agencies. Because critical information is exposed to the hackers, a hack of this magnitude has a global impact.

Information on healthcare, the electricity grid, disease management, and military operations that might be used to destroy a country. How does one protect against such assaults? Is big data analytics the way to go? We've seen a significant rise in data volume over the previous few years. Global IP traffic reached an estimated 1.2 zettabytes in 2016, according to Cisco Systems. Global IP traffic refers to all digital data that travels over an IP network; it is expected to exceed 20 zettabytes by the end of 2021. Data is collected from a variety of sources, including contracts, call centers, social media, and phones. Interactions between faxes, for example. This data could be very useful in detecting fraud. Large corporations are increasingly using big data analytics for cyber-security and defense because it allows them to see bigger and clearer pictures when detecting threats. As a result, a study of the effectiveness of big data analytics – for cyber-attack detection will be conducted in this research. This would be done by looking at the success rate of employing the technology to detect sophisticated and stealthy cyber-attacks like Advance Persistent Threats (through a survey By questionnaire).

Given that stealthy malware is designed to go undetected and that an attack can compromise a computer system in seconds (Brewer, 2015), the term "effectiveness" is defined as: having a detection speed of seconds, minutes, or hours, but no more than a day, as a day may be too late; being able to detect stealth attacks significantly more often than not - at least 75%

1.2 Problem Statement

The internet is a global network of interconnected systems which serves billions of users worldwide. Its popularity and rapid growth have come at an expensive cost, i.e., loss of information and resources due to cyber threats and attacks. The first cyber crime was reported in 2000 and infected almost 45 million internet users (Message Labs Intelligence, 2010).

Over the few past years cybercrimes have increased rapidly with cyber criminals continuously exploring new ways to circumvent security solutions to get illegal access to computer systems and networks. Some important cyber attacks includes spamming, Search Poisoning, Botnets, Denial of Service (DoS), Phishing, Malware, hacking, etc

The Importance of protecting Critical Information Infrastructure cannot be overemphasized due to the catastrophic nature of such attacks to governments, attacks of such manner can be devastating and lead to a domino effect of disaster. This cyber-attacks often disguises in form of stealthy malware in attacking critical information sectors such as defense, food and agriculture, financial services, oil and gas, public health care, transportation etc. either to steal information or disrupt the normal operations of a government.

The extensive damage caused by these cyber attacks has lead to the design and implementation of cybersecurity systems. Cybersecurity refers to the techniques, processes and methodologies that are concerned with thwarting illegal or dishonest cyber attacks such as hacking, spamming, SQL injection, etc in order to protect one or more computers on any type of network from any type of damage.

This research proposes to address how critical information infrastructure can be protected against cyber-attacks using big data analytics.

1.3 Aims and Objectives of the study

Main aim of this study is to investigate the implementation of critical information infrastructure protection techniques against cyber attacks using big data analytics. Specifically, the study seeks to:

Investigate the efficacy of big data analytics as a protection technique.
Examine the extent of big data analytics implementation in government agencies in Abuja.
Elucidate on the challenges in implementing big data analytics as a protection technique.

1.4 Research Questions

The following questions guide this research:

How effective is big data analytics as a protection technique?
What is the level of big data analytics implementation in government agencies in Abuja?
What are the challenges militating the implementation of big data analytics protection technique?

1.5 Research hypotheses

Hypothesis refers to an experimental statement, tentative in nature, showing the relationship between two or more variables. It is open to test and can be accepted or rejected depending on whether it agrees or disagrees with the statistical test.

The study will test the validity of the following null hypothesis:

H01: Big data analytics is not effective as an information protection technique.
H02:There is no significant implementation of big data analytics in government agencies.
H03:There are no significant challenges impeding the implementation of big data analytics.

1.6 Significance of the study

Big data analytics as a cyber attack information prevention technique is a tool capable of curbing cybercrime due to the fact that it focuses on studying trends or patterns in which this attacks occur which in turn give organizations how to protect critical information and data. The greatest threat to network security procedures is that everyday hackers develop new malicious software and hacking techniques and no single software can practically keep up with the amount of threat. The aftermath of an initial breach in a system’s network is often not helped by modern cyber security measures because of the way this cybersecurity measures are designed.

This study will be of immense benefit to both private and public agencies to first come to the understanding of the height of havoc cyber threats could cause to their databases. This study will also help organizations to identify the various information protection techniques to apply in other to combat and secure their data from cyber theft.

This study will further introduce to organizations under different sectors in Nigeria such as the banking sector, educational sector, insurance etc the benefit that comes with the adoption and implementation big data analytics as a prevention technique against cyber attacks such as helping organizations in providing the path in revolutionary transformations in several fields like inventions, marketing statistical status, etc. Helping big organizations in analyzing big data to achieve good raw data from it. It makes work easy and examines all the information available and provides only the required data needed by the organization.

This study will further add to existing literature on this study topic and as well serve as a reference material to students, scholars and researchers who may which to carryout further study on this topic or related domain.

1.7 Scope of the study

This study focuses on investigating the efficacy of big data as a protection technique. Also, this study will look into the extent big data is being implemented in government agencies. The study will further examine the challenges countered in implementing big data analytics as a protection technique.

Furthermore, the findings of this study will be restricted to the government agencies due to their high need of information protection against cyber theft. Joint Admission and Matriculation Board (JAMB) and Independent National Electoral Commission (INEC), Abuja serve as the enrolled participants for this study.

1.8 Limitation of the study

This study focused mainly on studying Big Data Analytics (BDA) as a major information infrastructure protection techniques against cyber attacks instead of exploring and evaluating other information infrastructure protection techniques that could as well serve same purpose as that of Big Data Analytics (BDA).

Also, this study focused mainly on the theoretical aspect of Big Data Analytics (BDA) as a protection technique against cyber attacks instead of carrying out its practical by designing a database, try any of the cyberattacks on the developed database, and test-run it using BDA to confirm if it will protect the database from the attacks.

Furthermore, the respondents of this study was another limitation to this work because the study was not carried out in many or all sectors of the Nigeria economy in order to generate more valid facts for better conclusion for this study.

CHAPTER TWO LITERATURE REVIEW

2.1 INTRODUCTION

Finding dynamic or proactive security measures from data analytics is what cyber security analysis is all about. When network traffic is monitored in order to detect compromise before a real danger arises, this is one example of this. When it comes to assaults and threats, no infrastructure or organization can predict the future, but with the correct security analytic tools in place to monitor security events, it is possible to detect a danger before it arises or has a chance to create havoc.

Literature review refers to the critical examination of state of knowledge including substantive findings as well as theoretical and methodological contribution to a particular topic. In line with this definition, the literature reviewed revolved around the exploration of the intrinsic meaning of variables under study.

Our focus in this chapter is to critically examine relevant literature that would assist in explaining the research problem and furthermore recognize the efforts of scholars who had previously contributed immensely to similar research. The chapter intends to deepen the understanding of the study and close the perceived gaps.

Precisely, the chapter will be considered in three sub-headings:

- Review/Explanation of important/relevant terms and technologies
- Review of Similar existing systems/previous related works
- Identification of gap from existing systems reviewed and solution to be proffered by this project

2.2 REVIEW/EXPLANATION OF IMPORTANT/RELEVANT TERMS AND TECHNOLOGIES

2.2.1 Concept of Critical Information Structure

Critical information infrastructure is described by Aladenusi (2015) in his presentation at the Nigeria Computer Society's 12th international conference as those ICT infrastructures that are dependent on core assets that are important for the running of the organization. He went on to say that if such assets are compromised, it has a disastrous effect on national security, government, the economy, and the country's overall status.

Food and agriculture, dams, financial services, oil and gas, commercial facilities, communication, defense, emergency services, power and energy, government and facilities, information technology, healthcare, transportation systems, and water and sanitation are among the 15 industry sectors defined as critical information infrastructure in Nigeria, according to Aladenusi (2015).

The importance of critical infrastructure in nation-building is demonstrated by the fact that critical information infrastructures are interdependent on a large number of services and infrastructure, and the failure of any of these CII infrastructures causes a catastrophic domino effect that negatively impacts other services.

2.2.2 Concept of Big Data

Big data is data that is too complicated to be managed, searched, or analyzed using typical data storage systems, algorithms, or query techniques (MessageLabs Intelligence, 2010). The three V's define the "complexity" of big data:

1) volume - refers to the information of data held in terabytes, petabytes, or even exabytes (10006 bytes).
2) variety – this refers to the coexistence of unstructured, semi-structured, and structured data, as well as
3) velocity — the rate at which big data is created. The fourth V, veracity, has been introduced by some academics to emphasize the necessity of keeping high-quality data within an organization.

Data from computer networks, telecommunication networks, banking, healthcare, social media networks, bioinformatics, E-Commerce, surveillance, and other sources are some of the most common sources of big data transactions.

According to Cisco, global IP traffic will surpass 1000 Exabytes (1 zettabyte) by 2016. (Cisco, 2015). To put the size of the data being discussed in context, one zettabyte is the same size as the Great Wall of China (Arthur, 2011). Big data is the term for this avalanche of data. Big data, on the other hand, is about more than simply volume. It's also about velocity and variety. Variety refers to a wide range of data forms and forms, including video, audio, photos, text messages, and email, as well as data created by sensors and machines. The speed (including real time) at which these data are created, processed, and transferred is referred to as velocity. Despite the fact that there are additional qualities, big data is primarily defined by the "three Vs" - volume, variety, and velocity (Gartner, 2012).

Big data may be characterized using the 5 Vs: volume, velocity, variety, veracity, and value, according to Ishwarapa and Amerada (2015), who used the healthcare business as an example. Every year, hospitals and clinics all over the globe create vast amounts of data in the form of patient records, test results, illness analyses, and other types of information. The Velocity of big data refers to the rate at which this data is created. The term "variety of data" refers to the numerous forms of data (structured, Semi structured and unstructured). The validity of this data refers to its correctness and consistency, and the value of big data refers to the analysis of all of this data to help the medical industry (faster disease detection, better treatment and reduced cost).

Hashem et al. provide a more detailed description of the nature of big data (2015). Big data is classified into five areas, according to them: data sources, content format, data storage, data staging, and data processing.

Abbildung in dieser Leseprobe nicht enthalten

Fig 1: Diagram Showing Big Data (Everett, 2015)

2.2.3 Concept of Big Data Analytics

Big Data Analytics (BDA) is focused with extracting value from big data, i.e. nontrivial, previously unknown, implicit, and possibly beneficial insights. The "From Data to Decision" initiative [http://data-to-decisions.com] is driven by these insights, which have a direct influence on determining or altering existing corporate strategy. The notion is that big data contains patterns of usage, occurrences, or behaviors. BDA uses data mining techniques including Predictive Analytics, Cluster Analysis, Association Rule Mining, and Prescriptive Analytics to try to fit mathematical models on these patterns (Sathi, 2013). These approaches' insights are generally exhibited on interactive dashboards, which help businesses retain a competitive advantage, raise earnings, and improve their CRM.

It's vital to remember that the term "big" in big data is relative; even gigabytes of data might be considered "big" if it's not handled or queried properly. In this case, Apache's Hadoop framework, which is an open-source, entirely fault-tolerant, and highly scalable distributed computing paradigm, is a big help. The MapReduce algorithm (of Google) allows Hadoop to spread BDA jobs among commodity hardware nodes [Sathi, 2013]. At a high level, data is "mapped" in a domain-specific format before being processed at various nodes; the outputs from each node are then "reduced" to obtain the final output. Big firms like Yahoo!, Facebook, Twitter, eBay, and Amazon employ Hadoop, while IBM, Microsoft, Oracle, Talend, Cloudera, Greenplum, Hortonworks, and Datameer are now offering Hadoop-based BDA solutions. Teradata, HP (Vertica), Infobright, Aster Data, and ParAccel are among the companies that provide big data hardware designs (Curry, Kirda, Schwartz, Stewart, and Yoran, 2013).

In our increasingly digitized culture, big data analytics is gradually becoming a vital tool. It is utilized in a variety of fields, including artificial intelligence (AI), health-related research, and information security, as well as by big organizations to improve decision-making.

McAfee and Brnjolfsson (2012) utilize an example of real-time location data from users' smartphones to identify how many consumers were in the Macy's parking lot on Black Friday, the start of the Christmas shopping season in the United States, to demonstrate the relevance of Big data analytics. Analysts were able to estimate the retailer's sales based on this data even before the actual sales were recorded.

Big data has also been utilized to construct artificial intelligence (AI) systems that are better at doing jobs that previously could only be done by people when paired with machine-learning algorithms. IBM's Watson, for example, beat the finest wits in the game of Jeopardy in 2012. (Ferrucci, 2012). Driverless automobiles are another example of machine learning; though these automobiles have not yet overtaken humans, testing (on certain roads) suggest that they have learned the complicated skill of driving (Gibbs, 2014).

The argument is that big data analytics may be a great tool for businesses to make wiser and better decisions since it can provide a more accurate picture of any event even before it occurs. As a result, big data analytics is an ideal and effective technique for detecting cyber-attacks. When discussing the benefits of big data, Tankard (2012) indicated how this application - of employing big data analytics to identify cyber-attacks - may be done. He argues that businesses may use the massive volumes of data they've been gathering to look for cyber security threats like malware and phishing efforts.

There are a variety of technologies that are utilized to do big data analytics. Most specialists in this sector agree that the big data phenomena is still in its early stages, and this appears to be backed by the slew of new technologies – such as storage applications, machine-learning algorithms for analytics, and user interfaces – that are hitting the market today.

Big data analytics, according to Gillette (2016), is the act of studying enormous data sets encompassing a variety of data types in order to find patterns, market trends, and consumer behavior. Companies are embracing big data analytics solutions because the information gleaned from market trends and customer behavior is extremely beneficial in defending against cyber-attacks and driving overall corporate success. If this data is used well, it has the potential to make a significant difference.

In the football business, for example, teams utilize big data to collect information on player performance, such as peak speed, passes completed, shoots on target, and possession, to name a few. This data is now examined, which is where data analytics comes in. Data analytics gives useful information to the club by making sense of the data and providing valuable insights that can be utilized in game strategy, training programs, and player scouting.

Overall, the usage of big data technology aids in prediction and provides a clearer picture of events before they occur, allowing businesses to make better decisions in terms of threat detection and cybercrime prevention.

As a result, big data analytics is an ideal and effective technique for detecting cyber-attacks. When Kumar (2017) outlined the benefits of big data, she stated that firms may mine the massive volumes of data they have been gathering for possible cyber security incidents such as malware and phishing attempts.

Abbildung in dieser Leseprobe nicht enthalten

Fig 2: Diagram Showing Big Data Analytics (Brewer, 2015)

2.2.4 Overview of Cyber-Crime and Cybersecurity

The meanings of cyberspace, cyber security, and cybercrime have evolved in tandem with technological advancements. It has been suggested that because computer crime may encompass all types of criminal behavior, a definition must stress the uniqueness, expertise, or use of computer technology. The internet's limitless expanse is referred to as cyber-space. It refers to the interconnected network of information technology components that support many of today's communication technologies (Ibikunle, 2013). Cyber security refers to a set of tools, policies, security concepts, security protections, guidelines, risk management techniques, activities, training, best practices, assurance, and technology that may be used to secure the cyber environment, as well as an organization's and users' assets. Connected computer devices, staff, infrastructure, applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyber environment are all assets of organizations and users (Ibikunle, 2013). Cyber security [www.whatis.com] aims to assure the accomplishment and maintenance of the organization's and users' security properties in the cyber environment [www.whatis.com]. The corpus of regulations put in place to defend the cyber realm is known as cybersecurity. However, as we become more reliant on the internet, we will surely confront new threats. The term "cybercrime" refers to a group of organized criminals who target both cyberspace and cyber security. Cyber criminals and nation-states, for example, pose a threat to our economic and national security. Nigeria's economic viability and national security are reliant on a broad network of interconnected and critical cyberspace networks, systems, services, and resources. The way we communicate, travel, power our houses, manage our economy, and access government services has all been revolutionized by cyberspace. Cyber-security refers to a set of technologies, techniques, and procedures for defending networks, computers, programs, and data from assaults, damage, and unauthorized access. The term "security" in the context of computer or cyberspace simply means "cybersecurity" [www.bbc.co.uk]. Ensuring cyber-security necessitates concerted efforts on the part of both people and the country's information infrastructure. The threat presented by cyber-security breaches is evolving quicker than we can keep up with it. It is impossible to focus attention just on one part of the breach since this would imply neglect and enable other components of the breach to proliferate. As a result, we've come to the conclusion that we need to tackle cyber security breaches as a whole. So, what exactly are these breeches?

Criminal action involving computers and the Internet is referred to as cyber-crime. This might range from stealing millions of dollars from internet bank accounts to downloading illicit music downloads. Non-monetary offenses like as generating and distributing viruses on other computers or publishing secret company information on the Internet are included in cybercrime. Identity theft is perhaps the most well-known type of cybercrime, in which criminals exploit the Internet to steal personal information from other people [http://www.itu.int/en]. “A criminal activity involving an information technology infrastructure, including illegal access (unauthorized access), illegal interception (by technical means of non-public transmissions of computer data to, from, or within a computer system), data interference (unauthorized damaging, deletion, deterioration, or alteration,” according to [Laura, 1995].

Cyber security, according to the International Telecommunication Union (ITU), is a collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance, and technologies that can be used to protect the cyber environment, organization, and users' assets. Connected computer devices, staff, infrastructure, applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyber environment are all assets of organizations and users. Cyber security aims to ensure the accomplishment and maintenance of the organization's and users' security properties in the cyber environment - the internet - against relevant security dangers (ITU, 2011).

Cyber security is a collection of technologies, procedures, and practices aimed at preventing attacks, damage, and illegal access to networks, computers, programs, and data. Availability, Integrity (which may include authenticity and non-repudiation), and Confidentiality are the general objectives of Cyber Security, according to the ITU (Ravi, 2012).

Abbildung in dieser Leseprobe nicht enthalten

Fig 3: Diagram Showing Cyber Security (Abdullah, 2019)

Abbildung in dieser Leseprobe nicht enthalten

Fig 4: Diagram Showing Cyber Security Process (Everett, 2015)

2.2.5 Goals of Cyber Security

The following are the objectives of Cyber-security according to (Ibikunle, 2013).

- To help people reduce the vulnerability of their Information and Communication Technology (ICT) systems and networks. 
- To help individuals and institutions develop and nurture a culture of cyber security. 
- To help understand the current trends in IT/cybercrime, and develop effective solutions. 
- Availability. 
- Integrity, which may include authenticity and non-repudiation.
- Confidentiality.

2.2.6 E-crimes that are Peculiar to Nigeria

E-crime is without a doubt a public relations nightmare for Nigeria. Cybercrime is a cause of national anxiety and disgrace (Ibikunle, 2013). The Internet provides limitless economic, social, and educational options. However, as we can see with cyber-crime, the Internet comes with its own set of perils. The examples given here vary from bogus lotteries to the most sophisticated online frauds. Elekwe, a chubby-faced 28-year-old guy who had been jobless for two years despite holding a diploma in computer technology, acquired a fortune via the fraud. The leader of a fraud group in a business area persuaded him to Lagos from Umuahia. As a result of his activities, he now has three stylish automobiles and two homes. Security officials in Ghana apprehended four Nigerians suspected of running a "419" scam on the internet to defraud unwary overseas investors in July 2001. Prospective investors are said to have lost several millions of dollars as a result of their actions. Two young lads were recently detained after purchasing two computers listed on a woman's website under false pretenses. Government officers apprehended them at the moment of delivery. Mike Amadi received a 16-year sentence for creating a website that advertised lucrative but bogus procurement contracts. An undercover agent acting as an Italian businessman nabbed the man impersonating the EFCC Chairman. Amaka Anajemba, who was sentenced to 212 years in jail, perpetrated the largest international con of all. She was also sentenced to refund $25.5 million of the $242 million stolen from a Brazilian bank with her cooperation.

A recent internet scam case involving a 24-year-old Yekini Labaika of Osun State origin in Nigeria and a 42-year-old nurse of American origin, Thumbelina Hinshaw, was reported in the Sunday PUNCH newspaper on July 16, 2006, involving a 24-year-old Yekini Labaika of Osun State origin in Nigeria and a 42-year-old nurse of American origin, Thumbelina Hinshaw, in search of a Muslim lover to marry was The young guy fooled the victim by pretending to be Phillip Williams, an American Muslim working for an oil business in Nigeria, and promising to marry her. He invented questionable methods to defraud the victim of $16,200 and several expensive goods. After being found guilty of eight crimes against him, the fraudster was sentenced to a total of 1912 years in prison. These kind of incidents are becoming more common. Several young males continue to effectively carry out these illicit activities, robbing unsuspecting persons and organizations (Longe & Chiemeke, 2008). According to a recent research, Nigeria loses roughly $80 million each year due to software piracy. The findings of a study done on behalf of the Business Software Alliance of South Africa by Institute of Digital Communication, a market research and forecasting organization located in South Africa. Nigerian money promises were the fastest growing Internet hoax in 2001, according to the American National Fraud Information Centre, with a growth rate of up to 90%. Nigerian cybercrime effect per capita was likewise considered extremely high by the Center, according to “The Economic Times” news broadcast in, September 11, 2004.

The majority of those participating are between the ages of 18 and 25, and they live in metropolitan areas. The internet has aided in the modernization of deceptive behaviors among youngsters. The teenagers engaged regard online scamming as a widely recognized technique of obtaining financial support. The emergence of the online criminal subculture has been aided by the governmental leadership's corruption. [Adebusuyi,2008] The priority placed on money gain has been a prominent element in the engagement of youngsters in online fraud.

2.2.7 Concept of Cyber-Attack

A cyber-attack, according to Farhat et al. (2011), is an attack launched from a computer against a website, computer system, or individual computer (collectively, a single computer) that compromises the computer's or information stored on it's confidentiality, integrity, or availability. They went on to say that cyber-attacks can take a variety of forms, including:

1. Spamming:Spamming is sending unsolicited bulk messages to multiple recipients [Banday and Qadri, 2006]. By 2015, the spam volume is forecasted to be 95% of all email traffic [Abdullah, 2019]. Munging, access filtering and content filtering are important anti-spam techniques. Munging makes email addresses unusable for spammers, e.g., abc@gmail.com munges as “abc at gmail dot com”. Access filtering detects spam based on IP and email addresses while content filtering recognizes predefined text patters in emails to detect spam.
2. Search Poisoning:Search poisoning is the dishonest use of Search Engine Optimization techniques to falsely improving the ranking of a webpage [Perdisci and Lee, 2011]. Typically, frequent search keywords are used to illegally direct users towards short-lived websites. The first poisoning case was reported in 2007 [Vaas, 2007], followed by many others.
3. Botnets:Botnets are networks of malware-infected compromised computers managed by an adversary, according to Stone-Grass, Cova, Cavallaro, Gilbert and Szydlowski, [2009]. Attackers use bot software equipped with integrated command and control system to control these zombies (bots) and group them into a network called the bot net [Bailey, Cooke, Jahanian,Xu and Karir,2009].
4. Denial of Service (DoS):A DoS attack makes a system or any other network resource inaccessible to its intended users. It is launched by a large number of distributed hosts, e.g., bot net. Many defensive techniques such as intrusion detection systems, puzzle solution, firewalls etc. have been developed to prevent DoS attacks [Stone-Grass, Cova, Cavallaro, Gilbert and Szydlowski, 2009].
5. Phishing:Phishing fraudulently acquires confidential user data by mimicking e-communication [Jakobsson and Myers, 2007], mainly through email and web spoofing [Shi and Saleem, 2012]. In email spoofing, fraudulent emails direct users to fraudulent web pages which lure to enter confidential data. In web spoofing, fraudulent websites imitate legitimate web pages to deceive users into entering data. Many anti-phishing solutions are in corporate use to counteract this threat.
6. Malware:Malware is software programmed to perform and propagate malicious activities, e.g., viruses, worms and Trojans. Viruses require human intervention for propagation, worms are selfpropagating, while Trojans are non-self-replicating. Damage from malware includes corruption of data or operating system, installation of spyware, stealing personal credentials or hard disk space etc [Shi and Saleem, 2012].
7. Website Threats:Website threats refer to attackers exploiting vulnerabilities in legitimate website, infecting them and indirectly attacking visitors of these sites. SQL injections, malicious ads, search result redirection are the few techniques which are used to infect the legitimate sites (Abdullah, 2019).
8. Hacking:Silver-Greenberg, Goldstein, and Perlroth (2016) stated that Hackers make use of the weaknesses and loop holes in operating systems to destroy data and steal important information from victim's computer. It is normally done through the use of a backdoor program installed on your machine. A lot of hackers also try to gain access to resources through the use of password hacking software. Hackers can also monitor what u do on your computer and can also import files on your computer. A hacker could install several programs on to your system without your knowledge. Such programs could also be used to steal personal information such as passwords and credit card information. Important data of a company can also be hacked to get the secret information of the future plans of the company.

The extensive damage caused by these cyber attacks has lead to the design and implementation of cybersecurity systems. Cybersecurity refers to the techniques, processes and methodologies concerned with thwarting illegal or dishonest cyber attacks in order to protect one or more computers on any type of network from any type of damage [wikipedia, 2021]. The important goals of cybersecurity are:

1) securely obtain and share information for accurate decision-making, 2) find and deal with vulnerabilities within applications,
3) prevent unauthorized access and
4) protect confidential information. Some of the well-known cybersecurity solutions are being provided by Accenture, HP, Invensys, IBM, EADS, CISCO, Unisys etc.

[...]