Cybercrime in Namibia

While Namibia is still not yet guaranteed protection against the act of cybercrime, leading bodies are doing what they can to keep on top of the game.

A recent study done by Deloitte finds that Namibia is one of the top most vulnerable countries in the world to cybercrime, due to the lack of security in place to protect the country against what has proven to be one of the strongest growing criminal acts on the planet.

Never mind the fact that there is no law in place to protect Namibians against cyberbullying or punish perpetrators of such acts – something that has led to depression and even suicide of countless teenagers across the globe, government is still putting in place legislation that speaks to the global concern of cybercrime.

A presentation by Melanie Harrison, associate director at Deloitte is clear on the importance of protection against cybercrime, which any organisation or individual, even including the most influential and powerful establishments can easily fall victim to.

One of the examples of big names that have recently fallen victim to cybercrime are the Panama Papers which saw 1,5 million documents and 2,6 terabytes of information released as a result of weak password security, in April 2016.

Just the next month, in May 2016, Standard Bank was hacked, which saw 1600 fake credit cards issued within two hours, at a cost of N$300 million. The root cause – phishing.

In October 2016, hackers sent out repeated phishing emails to various US institutions before John Podesta, the chairman of Hillary Clinton’s campaign clicked on one of the malicious mails allowing access to over 60 000 emails of the Clinton campaign.

And just the next month, it was reported that Facebook co-founder Mark Zuckerberg’s Twitter and Pinterest accounts were breached multiple times for the year because he re-used a weak password.

In September and December 2016, Yahoo! reported two major data thefts: The first in September which affected over 500 million Yahoo! user accounts and another in December which said one billion accounts were compromised. User names, email addresses, dates of birth, passwords, phone numbers and security questions were all leaked.The root cause – weak password security.

Locally we have also seen a couple of cases which involved cybercrime. And while its subsidiary Namibia Breweries Limited (NBL) could instantly react and rectify a hack to its website not too long ago, Namibia’s largest private employer, the Ohlthaver & List (O&L) Group of Companies – with at least 13 companies under its umbrella is probably one of the local bodies that has the most to lose, should it fall victim.

The O&L manager of group information systems Rainer Rusch emphasised the fact that in the current era the information technology (IT) environment faces many risks, and that IT organisations need to adopt a holistic approach to provide a reliable IT service.

“The IT environment consists of people, processes and procedures, and of course technology, and all of these play an integral part in providing a secure and reliable infrastructure. At O&L, we have the standard security infrastructure in place, such as firewalling, intrusion detection and prevention, malware protection, identity and access management, network segregation, backups, etc,” said Rusch.

For Namibia’s financial sector, the Bank of Namibia (BoN) requires that regulated entities are able to identify, measure and mitigate their exposure to the risk of losses attributed to cybercrime.

In this regard, the Bank of Namibia, according to the deputy director of corporate communications in the department of strategic communications and financial sector development Kazembire Zemburuka, is currently in the advanced stages of drafting the Determination on Information Security which would set the minimum standards for governing information security within a banking institution.

“Each banking institution is further required to ensure its staff and customers are aware of the risks and their responsibilities pertaining to cybercrime prevention and cyber security by way of relevant staff training interventions and customer awareness. The Bank of Namibia monitors and collects fraud data in the National Payment System (NPS), as provided by the industry. Reporting of fraud activity assists the industry in formulating strategies aimed at addressing fraud, including cybercrime in the NPS,” said Zemburuka.

Zemburuka further adds that the industry has embarked on a Payment Card Industry Data Security Standards (PCI DSS) compliance project that is concerned with protecting payment card information across all points in a transaction chain. Compliance with these standards remain one of the strongest ways to prevent data compromises that can lead to fraud, including cybercrime.

“As for the Bank of Namibia itself, the bank has adopted the Namcode corporate governance principles as well as technology governance principles outlined in the COBIT 5 framework, of which managing security is an important intervention and a process. While specific methods and technologies cannot be disclosed publicly, the Bank looks at security comprehensively from information security, physical security, data loss prevention and cybercrime prevention to name a few.”

The field of IT security is very broad and dynamic – evolving at a fast pace. Therefore, how organisations such as the Bank of Namibia deal with security, should be equally dynamic to continually align and defend against modern and evolving threats.

According to international reports, Namibia is vulnerable to cybercrime, as a result of a lack of security in place to avoid falling victim.

“The Bank of Namibia’s legal mandate only allows for prudential regulations of the banking sector and therefore cannot pronounce itself on the readiness of Namibia at large to deal with the risk posed by this emerging threat. However, the bank is aware of multi-sectoral interventions spearheaded by the Ministry of Information Communication Technologies and the Namibia Police (Nampol) in this regard.

While the Bank of Namibia provides guidance and reviews the risk management systems in the banking sector, the assessment of the vulnerability of each banking institution and the degree of the security measures in place to mitigate this risk, is the responsibility of each Bank,” said Zemburuka.

The Namibian Police’s public relations officer, chief inspector Kauna Shikwambi earlier this year confirmed that cases have been reported to the police involving people paying for services or goods from people they have never met in person. Many have lost hundreds of thousands of dollars to criminals masquerading as real estate agents, wedding planners, traders in hair and beauty products, as well as clothing, among many others. Shikwambi warned that people must always ensure they have confirmed that the business they are dealing with is legitimate and should always meet service providers in person.

While an Electronic Transactions and Cybercrime Bill to ensure the promotion of the use of electronic transactions and protection of consumers against cybercrime has already been drafted by the Ministry of Information and Communication Technology (ICT), it still is not in effect says Linda Aipinge, director of ICT development at the ministry.

“This Bill which was passed by the Cabinet Committee on Legislation (CCL), certified by the Office of the Attorney general and submitted to Parliament, was withdrawn from Parliament by the Minister of ICT for further public consultation based on the concerns by some sections of society. The ministry is devising a strategy on consulting stakeholders, “ said Aipinge.

Aipinge adds that Namibia commenced with the process of establishing a National Computer Incident Response Team (CIRT) which will serve as a national focus point for coordinating cyber security incidents responding to cyber-attacks in the country. “This ministry, the Namibia University of Science and Technology (NUST) and law enforcement agencies are in the process of establishing a Cyber Security Laboratory to provide practical training to law enforcement officials on dealing with cybercrimes and security.

Our institutions of higher learning introduced qualifications in Cyber Security which aim at building the critical cyber security skills for the country.”

• If an email seems odd or too good to be true, it is most likely an attack. Don’t click on it or respond to it.

• Do not plug memory sticks found lying around into your computer.

• Do not open attachments to emails from unknown sources.

In an age of information overload, Sunrise is The Namibian’s morning briefing, delivered at 6h00 from Monday to Friday. It offers a curated rundown of the most important stories from the past 24 hours – occasionally with a light, witty touch. It’s an essential way to stay informed. Subscribe and join our newsletter community.