Is Your Website Secured?

There has been a series of attacks on web based applications in Ghana in recent times. In the past three years, Ghanaian organizations and agencies, most especially government agencies have experienced severe cyber attacks. Most Organizations in the country operate their web based applications without protecting the HTML codes. HTML (Hypertext Markup Language) is the set of markup symbols or codes inserted in a file intended for display on a World Wide Web (www) browser page. The markup tells the Web browser how to display a Web page's words and images for the user.

On Friday, 12 May 2017, it was reported that over 250,000 computers were infected with WannaCry Ransomware attacks in over 150 countries. The private media houses in Ghana had earlier experienced a major cyber attack on their websites which rendered the sites inaccessible to readers. The media websites that were attacked included ghanaweb.com , peacefmonline.com , myjoyononline.com and adomonline.com according to www.pulse.com.gh (a report published on 1st May, 2017 by Abu Mubarik). This report indicated that Ghanaian organizations needed to embrace the global security threat against institutions. The global cyber threat against institutions like banks, schools, data storage agencies, health institutions, law firms etc are intended to steal data, money, erase data or permanently destroy sensitive data. Organizations must therefore be extremely cautious about how to protect its collected data, how to process, transmit and store information of its employees, suppliers, vendors, etc.

The Bank of Ghana, startled by the recent cybercrime activities in Ghana, has warned banks in the country to strengthen their cyber security systems to preempt attacks. In a statement issued by the Second Deputy Governor of the Bank of Ghana, Johnson Asiamah, he said "The growing threat of cyber attacks has never been more pressing…Recent instances of payment fraud demonstrate the necessity for industry-wide collaboration to fight against threats".

A typical example of the cyber attacks on Ghanaian web application has to do with Alsancak Tim who is a Turkish hacker, he has successfully hacked several websites belonging to agencies and ministries in Ghana. Tim unusually uses ransomware, denial of service, phishing and other cybercrime attacking techniques on his victims, especially his malware attack on Ghana government website ( www.ghana.gov.gh ) on 20th January, 2015. Several government agencies have suffered similar attacks on different occasions. Some of the websites Tim attacked included:

http://www.mfa.gov.gh/ - http://zone-h.org/mirror/id/23569429

http://moc.gov.gh/ - http://zone-h.org/mirror/id/23569666

http://scholarships.gov.gh/ - http://turk-h.org/defacement/view/560295/scholarships.gov.gh/

http://navy.mil.gh/ - http://turk-h.org/defacement/view/560287/navy.mil.gh/

http://nss.gov.gh/ - http://zone-h.org/mirror/id/23569393

http://nfed.gov.gh/ - http://zone-h.org/mirror/id/23569410

http://www.motcca.gov.gh/ - http://zone-h.org/mirror/id/23569549

http://schoolfeeding.gov.gh/-http://turkh.org/defacement/view/560288/schoolfeeding.gov.gh/

http://mwrwh.gov.gh/ - http://turk-h.org/defacement/view/560292/mwrwh.gov.gh/

http://www.gida.gov.gh/site/p_ongoing - http://zone-h.org/mirror/id/23569660

These cyber attacks have also been launched on organizations by cyber criminals globally. A search I conducted using google search engine indicates that several organizations across the globe operate their web applications without proper security measures. Globally, organizations that have not been hit severely by the impact of cyber attacks do not see the need to implement security technologies and proper cyber security policies.

There are a few institutions like banks, universities, health facilities have resilient web based applications which makes web penetration attacks extremely difficult for cyber criminals. These are few websites I visited and found out that their sites have been secured: Barclays Bank: https://www.home.barclays/ ; Kwame Nkrumah University of Science and Technology: https://www.knust.edu.gh/ ; https://www.dataprotection.org.gh/ . The technological advancement has necessitated the need to implement security measures when developing web applications. Malicious persons are always exploring the possible vulnerabilities and weak security patches in your organization’s networks to launch devastating attacks on your organization.

Government agencies and private organizations must deploy secured web based applications protocols such as SSL certificate and well-built database system. This advanced security technique may come with extra cost since one need to buy SSL certificate, Dedicated IP, Domain Privacy and Site Backup to ensure a tough website. Vulnerability assessment tests and penetration tests must be conducted on websites regularly to ensure websites are resilient against any known and unknown cyber attacks.

Before you make any payment for online transactions, ensure that the website has https protocol (locked padlock sign, eg https://www.dataprotection.org.gh/ ). Do not share your personal data or make any form of payment with your debit card if the website only has http but not https protocol. The best secured and trusted website must have https rather than the unsecured http.

Owusu Nyarko-Boateng
[email protected]
[email protected]