Why should we be concerned?
In January 2015, there were reports about Ghana government websites targeted by hackers; bank software hacked with amounts of money stolen; banks in Cameroon, Congo (DR), Equatorial Guinea, and Ghana, hit by multiple hacking waves. There have also been a series of Mobile Money (MoMo) fraud cases over the years, and now bank accounts linked to MoMo accounts are high fraud targets.
The energy, transportation, telecommunication, and financial industries are critical infrastructure at risk. Academia and Research Institutes are not left out of cyberattacks, just as the Government and its agencies. As Ghana moves towards a fast-growing digital economy, it becomes very necessary to have structures and policies in place to safeguard the digital space and to have a trusted digital society. Hence, these questions must be answered to strengthen policies, people, and processes as technology evolves.
To what extent do we have the foundational capabilities and practices in place to protect our critical assets?
How effective are we at monitoring and detecting cyber incidents? Can we effectively respond to and recover from a cyber incident?
The National Cybersecurity strategy hinges on Governance, Risk Management in National Cybersecurity, Preparedness and resilience, Critical Infrastructure and services, Capability and Capacity building and awareness-raising, Legislation and Regulation, International cooperation. Ghana’s cybersecurity Act 2020 is to regulate cybersecurity activities in the country; promote the development of cybersecurity and provide for related matters. It further seeks to require or authorize the taking of measures to prevent, manage and respond to cybersecurity threats and incidents, to regulate owners of critical information infrastructure, to regulate cybersecurity service providers, and to make consequential or related amendments to certain other written laws.
Also, Ghana’s Data Protection Act came into force in 2012 to protect the privacy of individual and personal data. Data protection is about safeguarding our fundamental right to privacy by regulating the processing of personal data: providing the individual with rights over their data and setting up systems of accountability and clear obligations for those who control or undertake the processing of the data.
Cyber Directive for Critical Infrastructure
Cybersecurity is a collaborative effort. Staying safe digitally requires safeguarding all categories of data not only from theft and damage but also from exploitation and abuse. This includes sensitive data, personally identifiable information, protected health information, personal information, intellectual property, data, and governmental and industry information systems. Your Personally Identifiable Information (PII) [phone number, email address, date of birth] is valuable – It can be used for identity theft to commit crimes in your name; Ask questions, be angry enough about what and how your PII is used; Let’s demand our service providers to protect our information; Practice personal cyber hygiene.
Ghana is not immune to cyberattacks and the effects could be devastating. Ghana is on the right track, but a lot more needs to be done.
Source:iipgh.org