Ghana is ranked 78th most attacked country in the world, this was revealed at the maiden Industry-Academia symposium organized by the Institute of ICT Professionals Ghana (IIPGH) in partnership with DigiCAP.gh on Cybersecurity at the University of Cape Coast (UCC) on August 5, 2021. The objective was to bring together industry players: educators, students, policymakers among others for an industry-academia dialogue on ICT development to create opportunities for the youth. This dialogue dubbed INDAC-TED (INDUSTRY-ACADEMIA TECH DIALOGUE) shall run quarterly.
The DigiCAP project targets students and facilitators in public tertiary institutions and provides capacity building in practice-oriented ICT qualification programs as add-on measures to promote employment of young people after completion of their tertiary education programs. The University of Cape Coast is the first beneficiary of this program, and as part of its objectives, the project designed a quarterly symposium to create a platform that fosters closer collaboration between industry and academia. This quarterly symposium (QS) brings together ICT private sector, industry, and education providers, exchanging information and discussing mutual activities. The QS has been established as a knowledge-sharing event for people at a decision-making level in the field of ICT in Ghana.
This maiden symposium discussed the state of Ghana’s cybersecurity, and why we should be concerned. The 2-hour blended (physical and virtual via Zoom webinar) program had experts in the domain from various sectors sharing knowledge and engaging the participants in relatable discussions. The Executive Director of the Institute of ICT Professionals Ghana, Mr David Gowu, gave a brief welcome address and pointed out why the need for such program – bringing academia and industry together, which is in line with the organization’s objective.
The guest speaker, Albert Yirenchi Danquah, Chief Information Security Officer (CISO), Stanbic Bank delivered a full presentation on the topic, and Madam Audrey Mireku a representative from the National Cybersecurity Center joined via Zoom on behalf of the National Cybersecurity Advisor, Dr. Albert Antwi-Boasiako, to deliver a short statement on the new Cybersecurity Act, 2020 (Act 1038).
The guest speaker addressed the difference between Information Security and Cybersecurity, Cyber Fraud and Cyber Crime. He looked at data breaches, cyberwarfare, Malware, and its variants. He also gave an overview of Ghana’s cyberspace, noting 15 million total Internet users in Ghana currently, with over 8 million active social media users.
Why should we be concerned?
In January 2015, there were reports about Ghana government websites targeted by hackers; bank software hacked with amounts of money stolen; banks in Cameroon, Congo (DR), Equatorial Guinea, and Ghana, hit by multiple hacking waves. There have also been a series of Mobile Money (MoMo) fraud cases over the years, and now bank accounts linked to MoMo accounts are high fraud targets.
The energy, transportation, telecommunication, and financial industries are critical infrastructure at risk. Academia and Research Institutes are not left out of cyberattacks, just as the Government and its agencies. As Ghana moves towards a fast-growing digital economy, it becomes very necessary to have structures and policies in place to safeguard the digital space and to have a trusted digital society. Hence, these questions must be answered to strengthen policies, people, and processes as technology evolves.
- To what extent do we have the foundational capabilities and practices in place to protect our critical assets?
- How effective are we at monitoring and detecting cyber incidents?
- Can we effectively respond to and recover from a cyber incident?
The National Cybersecurity strategy hinges on Governance, Risk Management in National Cybersecurity, Preparedness and resilience, Critical Infrastructure and services, Capability and Capacity building and awareness-raising, Legislation and Regulation, International cooperation. Ghana’s cybersecurity Act 2020 is to regulate cybersecurity activities in the country; promote the development of cybersecurity and provide for related matters. It further seeks to require or authorize the taking of measures to prevent, manage and respond to cybersecurity threats and incidents, to regulate owners of critical information infrastructure, to regulate cybersecurity service providers, and to make consequential or related amendments to certain other written laws.
Also, Ghana’s Data Protection Act came into force in 2012 to protect the privacy of individual and personal data. Data protection is about safeguarding our fundamental right to privacy by regulating the processing of personal data: providing the individual with rights over their data and setting up systems of accountability and clear obligations for those who control or undertake the processing of the data.
Cyber Directive for Critical Infrastructure
This image shows Ghana’s cybercrime/cybersecurity incident reporting points of contact
Cybersecurity is a collaborative effort. Staying safe digitally requires safeguarding all categories of data not only from theft and damage but also from exploitation and abuse. This includes sensitive data, personally identifiable information, protected health information, personal information, intellectual property, data, and governmental and industry information systems. Your Personally Identifiable Information (PII) [phone number, email address, date of birth] is valuable - It can be used for identity theft to commit crimes in your name; Ask questions, be angry enough about what and how your PII is used; Let's demand our service providers to protect our information; Practice personal cyber hygiene.
In his last remarks, the guest speaker stated Ghana is not immune to cyberattacks and the effects could be devastating. Ghana is on the right track, but a lot more needs to be done.
Other speakers were Jacqueline Hanson-Kotei, Enterprise Information Security & Governance, MTN Ghana; Paul K. Arhin Jnr, Computer Science Dept, University of Cape Coast; and Dr. Quist-Aphesti Kester, Head of Computer Science Department, Ghana Communication Technology University (GCTU). These experts addressed the issues at length and had a very interactive session, moderated by Mary Bawa, Broadcast Journalist, ATL FM.
Prof. Rosemond Boohene, University of Cape Coast (UCC), HoD, Centre for Entrepreneurship and Small Enterprise Development, was in attendance. She gave her brief statement on the need for such timely program to discuss issues around cybersecurity. Hanna Schlingmann, the Project Manager, AFOS Foundation, digiCAP.gh, reiterated the need for a personal cyber-hygiene and raising awareness. She clarified that digiCAP is an abbreviation for “Digital Capacity” which empowers individuals and institutions to thrive in the digital era. In the same vein, Mike Loose, AFOS Foundation, International Management Adviser, Germany, also pointed out the extent of havoc cyberattacks can cause, giving examples from Germany and around the world. He added, the topic was right and well delivered.
The Director of Operations, IIPGH, Kafui Amanfu, in his closing remarks urged private organizations and stakeholders to be much concerned about such symposiums and to take bold steps in supporting subsequent events to drive the conversation to larger and diverse groups. He encouraged participants to take the knowledge and information shared and learned from this event to their various organizations and locations to ensure a more secure and overall safer information society for all.
DigiCAP.gh is an Information and Communication Technology (ICT) project financed by the German Federal Ministry for Economic Cooperation and Development, and implemented by AFOS, a German Foundation for Entrepreneurial Development Cooperation. This quarterly symposium is a branded service product of IIPGH, supported by DigiCAP.gh in collaboration with UCC, and potentially at least one education provider in ICT in Ghana. Throughout implementing the DigiCAP.gh project, the QS shall develop and be positioned for enhancing networking among ICT stakeholders in Ghana and attract other stakeholders (education providers, private and public sector agencies, individuals, etc) to take an active role not only during the QS but a range of mutual activities.
With the University of Cape Coast being the first beneficiary of this quarterly symposium, we hope it would draw other educational institutions on board. Educational institutions must be interested in such initiatives to foster the needed discussions between industry and academia. As a capacity-building organization, IIPGH is always ready to engage stakeholders through such platforms to shape and impact policy.