West African Cybercrime: Startup Culture and the African Youth

A study focused on the state of youth in Africa, especially their well-being and their participation in the economy, suggests that there needs to be more data that hinder the measurement of the well-being of African youth. The available data indicate that the youth population is growing and has high educational attainment and unemployment rates. The youth population in Africa is 200 million. Africa's relatively young people and the continent's high fertility rate will likely magnify the so-called youth bulge. This trend could positively affect Africa's development if properly channeled.

Although the youth population is large, almost half of the 10 million graduates from more than 668 African universities each year still need employment. According to the INTERPOL and Law Enforcement survey in West Africa, about 50% of the cyber criminals identified in the region are unemployed.

Research on West African Cybercriminal culture has highlighted the operational and behavioral observations about Cybercriminals. These cybercriminals usually use social engineering tactics to gather information. Keyloggers, Malware files, and Phishing emails are all a part of the tactic used by cybercriminals. Moreover, many West African countries have a cybercrime startup culture, where cybercriminals help each other in fraudulent tasks. Therefore, the challenge is using the "Startup Culture" not for cybercrime but for cybersecurity.

One of the most significant hindrances and fear in skilling the youth with cybersecurity knowledge is that they will use it for malicious purposes. However, it must be understood that without formally skilling youth with cybersecurity skills, they will resort to learning 'cybercrime skills' from the open online community offering a how-to guide and troubleshooting help.

In West Africa, the underground market is emerging. More vigorous law enforcement action is needed to stop the evolution of the sophisticated market. However, skills development and cybersecurity startup culture must appear besides law enforcement action.

The Law Enforcement and Legal Landscape

In a report issued by INTERPOL, it is estimated that an average of 30% of the total cybercrime reported to West African law enforcement agencies each year resulted in arrests. There are challenges in investigating cybercrime cited in the report. Other possible reasons for these challenges include:

• A lack of logistical resources.

• Cybercrime training for law enforcement agents.

• The need for cybercrime laws in the region.

Cameroon, which is among the countries worst affected by cybercrime in Africa, was reportedly facing a dilemma in taking measures to address the problem. It was reported in 2016 that policymakers in the country were in the process of launching cybersecurity skill development programs. Policymakers, however, feared that the trainees could use the skills gained to commit cybercrimes after completing the training program. This fear could be the cause of inaction. Policymakers must understand that if the training programs are not implemented, the youth will find other ways to get into cybercrime.

Weak legislation is also a cause of cybercrimes. Most African economies are characterized by the permissiveness of regulatory regimes that provide a fertile ground for cybercrime activities. According to a November 2016 report of the African Union Commission (AUC) and Symantec, out of the 54 countries of Africa, 30 lacked specific legal provisions to fight cybercrime and deal with electronic evidence. Law enforcement officials in some states do not take significant action against hackers attacking international websites. For instance, it was reported that government officials in Nigeria claimed that they were ignorant of cybercrimes originated in the country, and some labeled it as Western propaganda.

Also, cybercriminals benefit from inter-jurisdictional and intra-jurisdictional arbitrage. Following raids on cyber cafés in major cities in Nigeria, cybercriminals were reported to move to remote areas to carry out their operations. The porous national borders and a lack of state controls on their territories mean that cybercriminals can easily migrate from one jurisdiction to another with a weaker rule of law and enforcement. A Barrister of Nigeria's Economic and Financial Crimes Commission (EFCC) noted that when Nigeria strengthened its anti-cybercrime measures, cybercriminals left the country and moved to other West African countries. Therefore uniformity in the law and legal action is needed to enhance the fight against cybercrime.

Currently, 11 countries in the continent have specific laws and provisions in place to deal with cybercrime and electronic evidence: Botswana, Cameroon, Côte d'Ivoire, Ghana, Mauritania, Mauritius, Nigeria, Senegal, Tanzania, Uganda, and Zambia. Additional 12 countries had taken at least some legislative measures. Draft cybercrime laws had been prepared in many other countries, and bills had already been presented to national Parliaments in some nations. There are also sector-specific regulations. For instance, banking and financial institutions are the most affected sector. In October 2018, the Bank of Ghana issued a Cyber Security Directive for Financial Institutions. The Directive requires the active involvement of senior executives and the board to strengthen cybersecurity. All banks in the country are expected to appoint a Cyber and Information Security Officer (CISO) to advise senior management and the committee on cybersecurity issues and formulate adequate measures to manage cyber and information security risks.

The Central Bank of Nigeria (CBN) announced it was developing a risk-based cybersecurity framework for banks and financial institutions. The idea in this framework is to identify the existing gaps and address them. In August 2018, the Central Bank of Kenya asked the country's payment service providers to submit their cybersecurity policies to the government.