Friday, October 07, 2022

Cybersecurity service providers, professionals to be licensed

 


The Cyber Security Authority says it has commenced processes to start licensing cybersecurity providers, cybersecurity establishments and the accreditation of cybersecurity professionals.

This move according to the acting Director General-CSA, Dr. Albert Antwi-Boasiako, forms part of efforts to collaborate with government to enhance Ghana’s cyber resilience amid the increasing rate of cybercrimes worldwide.

Speaking at a public consultation on the licensing and accreditation framework, Dr. Albert Antwi-Boasiako, explained that the move is necessary to ensure cybersecurity service providers offer their services in accordance with approved standards and procedures in line with industry best practices.

He went on to say that the engagement is meant to solicit inputs from industry players before the framework is submitted to the o CSA board for approval, which is expected to happen before end of the year for full implementation in January 2023.

This, Dr. Antwi-Boasiako believes would build confidence in this emerging profession and create more opportunities for skills acquisition, training and development in this critical sector “for our use and to meet the critical skills-shortage in this sector globally”.

Presenting the draft framework during the public engagement that saw about 100 cybersecurity professionals in attendance, Functional Lead-Legal and Compliance at the CSA, Madam Jennifer Mensah, said despite digital transformation generating a lot of prosperity and wealth for the world economy, cybercrime has increased at a greater rate.

“The work of cybersecurity establishments, cybersecurity service providers and cybersecurity professionals has been very, very important in securing our digital critical infrastructure and digital services. However, there are some concerns that there may be certain cybersecurity service providers, cybersecurity establishments and professionals who may be less credible and less competent, adopting substandard processes in rendering services to the detriment of Ghana’s digital economy. Hence the need for licencing and accreditation to regulate the industry’s intrusive nature,” she stated.

“National security considerations are driving regulations in the sector, demanding that all these stakeholders are in good standing. Therefore, there is a need for government to regulate the sector through the Cyber Security Authority to ensure compliance,” she added

Meanwhile, a directive for the Protection of Critical Information Infrastructures (CIIs) was launched by the Authority on October 1, 2021 to assist CII owners in registering with the Authority and guide them to protect their critical systems.

And, according to Deputy Communications and Digitalisation Minister Ama Pomaa Boateng during her address at the National Cyber Security Awareness Month launched earlier this week, from January 2023 all Critical Information Infrastructure Owners, whether in the private sector or public institutions, will be required to undergo mandatory compliance checks and audits to ensure the protection of Ghana’s critical systems.

“This audit and compliance action will be in line with regulations aimed at reinforcing the resilience and response capacities of these institutions against cyber-threats and incidents, as well as to ensuring a resilient, secure economy. This will help protect our critical systems from rising malicious cyber activities in the global landscape. They are also important to assess the adequacy and effectiveness of controls/measures put in place to meet requirements of the law,” she said.

Designated CII owners who fail to comply with the regulatory measures to protect the country ‘s critical databases and systems will be sanctioned in accordance with the Cybersecurity Act, she added

The Cyber Security Authority says it has commenced processes to start licensing cybersecurity providers, cybersecurity establishments and the accreditation of cybersecurity professionals.

This move according to the acting Director General-CSA, Dr. Albert Antwi-Boasiako, forms part of efforts to collaborate with government to enhance Ghana’s cyber resilience amid the increasing rate of cybercrimes worldwide.

Speaking at a public consultation on the licensing and accreditation framework, Dr. Albert Antwi-Boasiako, explained that the move is necessary to ensure cybersecurity service providers offer their services in accordance with approved standards and procedures in line with industry best practices.

He went on to say that the engagement is meant to solicit inputs from industry players before the framework is submitted to the o CSA board for approval, which is expected to happen before end of the year for full implementation in January 2023.

This, Dr. Antwi-Boasiako believes would build confidence in this emerging profession and create more opportunities for skills acquisition, training and development in this critical sector “for our use and to meet the critical skills-shortage in this sector globally”.

Presenting the draft framework during the public engagement that saw about 100 cybersecurity professionals in attendance, Functional Lead-Legal and Compliance at the CSA, Madam Jennifer Mensah, said despite digital transformation generating a lot of prosperity and wealth for the world economy, cybercrime has increased at a greater rate.

“The work of cybersecurity establishments, cybersecurity service providers and cybersecurity professionals has been very, very important in securing our digital critical infrastructure and digital services. However, there are some concerns that there may be certain cybersecurity service providers, cybersecurity establishments and professionals who may be less credible and less competent, adopting substandard processes in rendering services to the detriment of Ghana’s digital economy. Hence the need for licencing and accreditation to regulate the industry’s intrusive nature,” she stated.

“National security considerations are driving regulations in the sector, demanding that all these stakeholders are in good standing. Therefore, there is a need for government to regulate the sector through the Cyber Security Authority to ensure compliance,” she added

Meanwhile, a directive for the Protection of Critical Information Infrastructures (CIIs) was launched by the Authority on October 1, 2021 to assist CII owners in registering with the Authority and guide them to protect their critical systems.

And, according to Deputy Communications and Digitalisation Minister Ama Pomaa Boateng during her address at the National Cyber Security Awareness Month launched earlier this week, from January 2023 all Critical Information Infrastructure Owners, whether in the private sector or public institutions, will be required to undergo mandatory compliance checks and audits to ensure the protection of Ghana’s critical systems.

“This audit and compliance action will be in line with regulations aimed at reinforcing the resilience and response capacities of these institutions against cyber-threats and incidents, as well as to ensuring a resilient, secure economy. This will help protect our critical systems from rising malicious cyber activities in the global landscape. They are also important to assess the adequacy and effectiveness of controls/measures put in place to meet requirements of the law,” she said.

Designated CII owners who fail to comply with the regulatory measures to protect the country ‘s critical databases and systems will be sanctioned in accordance with the Cybersecurity Act, she added.


Wednesday, October 05, 2022

431 cyber security incidents in third quarter of 2022

 


The acting Director General of the Cyber Security Authority (CSA), Dr. Albert Antwi-Bosaiako says Ghana recorded 431 cybersecurity incidents out of a total of 9,769 contacts at the end of the third-quarter of 2022. 

Dr. Antwi-Boasiako made this statement at the launch of the National Cyber Security Awareness Month (NCSAM) on Monday, 3 October 2022 in Accra, and further said the top-five most reported incidents include online fraud, unauthorized access to protected systems, online blackmail, online impersonation and publication of non-consensual intimate images.

“Most of these attacks are perpetrated through social media using social engineering and phishing techniques. Lack of awareness on cyber risks as well as inadequate cybersecurity control measures are the main vulnerabilities being exploited by perpetrators,” he stated.

He added that, of the total number, 5,389 of the attacks are classified as direct advisories, a situation Dr. Antwi-Boasiako explains: “It means that over 5,000 incidents which could have caused various degrees of loss to victims were prevented and various amounts of money saved”.

Touching on collaborations, Dr. Antwi-Boasiako acknowledged that cybercrimes and cybersecurity-related matters are borderless and thus local and international collaborations are paramount in tackling them.

He added that, heightening collaborations with various stakeholders will play a significant role in ensuring the CSA executes its mandate successfully.

And it is for this reason that the Authority is committed to working closely with the Joint Cybersecurity Committee (JCC), which was inaugurated in July this year in accordance with sections 13 and 14 of Act 1038 for the implementation of effective cybersecurity measures, he stated.

Touching on this year’s NCSAM on the theme ‘Regulating Cybersecurity: A Public-Private Sector Collaborative Approach’, he said the multifaceted nature of cybersecurity requires collaborative efforts to ensure security of the country’s cyberspace.

“The nature of cyberspace and associated technologies, including the internet, requires international collaboration for effective responses to cybersecurity incidents. Consequently, this year’s celebration is to highlight the need for such collaborations and encourage the needed partnerships as we implement Act 1038,” he stated.

He, therefore, implored stakeholders to honour their obligation to invest in cybersecurity, saying: “It is my expectation that organisations will dedicate a minimum of between 15 percent and 25 percent of their ICT budget to cybersecurity if we are to make any meaningful and sustainable progress in addressing our cybersecurity challenges”.

According to the World Economic Forum, cybercrime cost the world at least US$6trillion in 2021 and could lead to over US$10trillion in annual damages by 2025. Research by IBM also indicates that it takes 280 days to find and contain the average cyberattack, while the average attack costs US$3.86million.

On her part, the Deputy Communications and Digitalisation Minister, Ama Pomaa Boateng who represented sector minister Ursula Owusu-Ekuful, expressed the ministry’s commitment to full enforcement of the Cybersecurity Act.

The ministry, she further noted, is committed to NCSAM and urges the public-private sector institutions and Civil Society Organisations to participate fully in the activities this October by organising awareness programmes for their stakeholders and constituents.