CYBER SECURITY IN GHANA: TALK OR ACTION?

Cisco defines cyber security as “the practice of protecting systems, networks, and programs from digital attacks”. Cyber security has become an essential component of our daily digital and cyber life. In today’s world where our daily lives are hinged on connected devices, internet and digital systems, the need for cyber security awareness is paramount. In the cyber space, the damage that a cyber security breach can cause can be huge than the dropping of an atomic bomb into a city. Advanced cyber defense programs benefit everyone whether you are in a tech savvy person, a person who is always connected to the internet, government, policy makers or the ordinary man on the street.

According to the Cyber crime Unit of the Criminal Investigation Department of the Ghana Police Service, Ghana lost over USD 105 million to cyber crime at the end of 2018. These figures are the official records from the nation’s elite unit fighting cyber crime. In the previous year (2017), Ghana lost a little over USD 69 million to cyber crime. These figures could be double compared to what have been reported. This is because most firms do not report breaches due to cyber attack for fear of losing their clients. For some time now, Ghana has been fighting what I term the very low-level cyber crime known in our local palace as “Sakawa” or “yahooyahoo”. In this modern world, hackers are stealing data from countries, intellectual properties, secret codes nukes, etc.

In this part of the world, our governments see cyber security threats as secondary compared to gorilla warfare’s or terrorist attacks which are rear. Governments have invested hugely into buying arms, fighter jets, and forming huge armies to protect it land, sea and air. What about forming an army for the cyber space? The absence of cyber army could be attributed to the fact that the leaders or politicians do not see these threats with their physical eyes and the level of destruction it can cause. Not to fault them, it is in most cases, not visible to see the threats that is caused by cyber threats. But as we move towards more sophisticated networked cities with strong digital footprints, we should start to worry about the threats cyber security comes with. In these days, water systems, electricity grid systems, traffic control systems, Toll collection systems just to mention a few are being controlled through remote networked systems. Any breach in any of these systems could have a catastrophic impact on an entire nation.

Ghana is the 9^th ranked nation with highest social media presence by its citizens. This shows the extent of internet penetration and its usage in Ghana. Also, we ranked 89^th (2018) on the global cyber security index initiative of the International Telecommunication Union (ITU). On the African continent, Ghana ranks 11^th with Mauritius, Kenya and Rwanda picking the first three positions. On the global front, Ghana is categorized as a “medium” level of commitment. In this category, we are part of countries that have developed complex commitments and engaged in cyber security program and initiatives.

This categorization puts us at far with countries such as Iran, South Africa, Cyprus, Bahrain, United Arab Emirates, Greece, Malta, Czech Republic, Morocco, Iceland and Nigeria just to mention a few. A review of the indicators that goes into the categorization are the legal frameworks and institutions available in a country to deal with cyber security and cybercrimes, Technical institutions available in a country to deal with cyber crime, Organizational capability and policy coordination’s, Capacity building of professionals dealing directly with cyber security and their know-how, and finally cooperation with partners, countries and sharing information with networks.

A careful critique of these 5 pillars gives a hint about what could have accounted for Ghana’s good showing on the Cyber Security Global index. Firstly, Ghana recently launched an improved Ghana National Cyber Security Policy & Strategy which details of the institutions that would be created and the legal frameworks. This followed by the appointment of a national Cyber Security Advisor and the setting up of the National Cyber Security Council, National Cyber Security Center, National Computer Security Incidence Response Team (CSIRT) and the National Cyber Security Policy Working Group. The setting up of these institutions helped in boosting our ranking.

Ghana, being well-known for taking lead in ratifying UN/AU conventions, did not disappoint and became the 5th country on the African continent to have acceded to the convention on Cyber crime in December 2018 after Mauritius, Senegal, Cape Verde and Morocco. Ghana has also ratified the African Union Convention on Cyber Security & Personal Data Protection, also known as the Malabo Convention. Apart from ratifying conventions and setting up institutions, what are the measures being put in place to safeguard the government, public and private sector from data breaches, and loss of monies from cyber crime. As a cyber security enthusiast, I can see the need to create a cyber crime unit within the Ghana Armed Forces. 

This unit should be equipped and trained to protect the cyber space of Ghana. Recruitment into this unit should not be based on any physical looks (height and built) but rather on the intellect. The most brilliant computer science/engineering students from out nations universities should be poached and recruited into this unit, train them and keep them off the public eye. If the almighty USA can talk of Russian interference in their elections, then it would be very easy for a North Korean or even a Ghanaian hacker to hack into our elections and change results in favor of a candidate. We are developing a world class National ID system which is going to interlink other services, it is time to safeguard the huge data that is being collected by the NIA. Just recently Bulgaria had a breach of a national character where over 5 million personal data of tax payers’ details were stolen.

It is believed that cyber warfare’s and defenses are done in the quiet, but it is my hope that Ghana is not just creating the institutions, ratifying the protocols and going to sleep but rather putting in the hard work by developing the human resource, creating a strong cyber security army which can fight off any offensive from any country when the need arises.

Author: Samuel Hanson Hagan, Member of Institute of ICT Professionals Ghana, and a Telecommunications Consultant

Contact: +233507393640

African Continental Free Trade Area (AfCFTA) – An exposition of the proposed digital payment system

Africa and Ghanaians were thrilled with the news of the operationalization of the African Continental Free Trade Area (AfCFTA) agreement on the 7th of July 2019. AfCFTA as affectionately called, is a free trade area, outlined in the African Continental Free Trade Agreement among 54 of the 55 African Union nations. 

The free-trade area is the largest in the world in terms of participating countries since the formation of the World Trade Organization. For a bit of history, The agreement was brokered by the African Union (AU) and was initially signed on by 44 of its 55 member states in Kigali, Rwanda on March 21, 2018. The agreement initially requires members to remove tariffs from 90% of goods, allowing free access to commodities, goods, and services across the continent. AfCFTA as at July 7th becomes the biggest trade agreement signed since the World Trade Organisation (WTO) was established.

For the first time, Ghana was selected to host the an AU independent organization, even though Ghana through it first President (Dr. Kwame Nkrumah), Malcolm X and  Haile Selassie were the founders of the then OAU, it had not benefited from any OAU or AU infrastructure. The siting of AfCFTA secretariat in Ghana has been long overdue and politically expedient.

One of the AU’s affiliated financial institution, the Cairo based African Export-Import Bank (Afreximbank) on the 7th July 2019 in Niamey, Niger, formally launched The Pan-African Payment and Settlement System (PAPSS). According to Afreximbank’s President & Chairman Prof. Benedict Oramah, 

“The PAPSS is a platform that will domesticate intra-regional payments, save the continent more than US$5bn in payment transaction costs per annum, formalize a significant proportion of the estimated US$50bn of informal intra-African trade, and above all, contribute in boosting intra-African trade”. 

This is an effort to create the first continent-wide digital payment system which is expected to facilitate the payment of goods and services in local currencies.

As an ICT practitioner, I am very enthused, and I see PAPSS as a welcoming news. The lack of digital payment systems has been one of the setbacks in the free trade agreements in the current regional trade blocks. There are already free trade agreements for the members of Economic and Monetary Community of Central Africa, Southern African Development Community, Southern African Customs Union, East African Community and West African Economic and Monetary Union. 

ECOWAS as an example, already has free trade agreements amongst its member states, but due to myriad of issues including the lack of digital payment systems, member states are yet to see the benefits of joining such agreements. A typical example is transferring money from Ghana to someone in Benin through the normal banking system. In the first place, your transaction would take more than 48 hours to reflect in the recipients account. Secondly the chances of your transaction going through an intermediary bank in Europe or UK is high. After the transaction has been completed, the sender and receiver in most cases are burdened with transaction charges.

In Europe, the European Union (EU) as part of their integration process to make the whole of Europe to be seen as one unit, they implemented the Single Euro Payments Area (SEPA) to simplify bank transfers dominated in euro. The aim of SEPA, like PAPSS is to improve the efficiency of cross-border payments and turn the fragmented national markets for euro payments into a single domestic one. SEPA enables customers to make cashless euro payments to any account located anywhere in the European area. 

The best part of this payment system is that, SEPA guarantees that euro payments are received within a guaranteed time, and banks are not allowed to make any deductions of the amount transferred. SEPA enables customers to make cashless euro payments to any account located anywhere in the area, using a single bank account and a single set of payment instruments. People who have a bank account in a eurozone country, are able to use it to receive salaries and make payments all over the eurozone.

In the spirit of inclusion and working towards a unified AU, operationalizing AfCFTA is just the first step. We look forward for the day we shall have free mobile voice and data roaming (with local data charges for both voice and data)on the African continent. Free movement of persons across Africa by instituting visa free travels for all African passport holders to all African countries. 

Starting from Ghana, we should start looking at scraping charges on the use of ATM’s and point of sale (POS) devices if we are really interested in moving towards a digitalized and cash free Africa. The current charges that are imposed on an ATM card when one uses an ATM machine or POS device is a huge spate in the face on our campaign for moving towards a cashless and digitalized society.

I therefore call upon the implementers of PAPSS to as a matter of urgency,ensure that all banks on the continent get integrated unto the PAPSS platform. Afreximbankas an institution is going to play a crucial role in AfCFTA’s ambition to create a single and biggest market for goods and services. It is also expected that other private entities would step up to deliver rival digital payment platforms for the entire African region. Competition is a good thing and it helps in bringing out the creativity and innovation.

Author: Samuel Hanson Hagan; Member of Institute of ICT Professionals Ghana; Telecommunication Consultant

Contact: +233507393640

Source: www.iipgh.org

DIGITAL SKILLS: AN IMPORTANT REQUIREMENT FOR EMPLOYMENT

The fourth industrial revolution is here with us and we must all be prepared to embrace it. One of its key requirements is digital skills that opens the door to participate and take advantage of this advanced technological era. 

The world is witnessing the fastest industrial revolution since the first revolution, thanks to the rapid technological advancement particularly in the 21st century. Artificial Intelligence (AI), Robotics, Software Engineering, Internet of Things (IoT), Virtual Reality (VR) and a host of new and emerging technologies are shaping our world and how we conduct our businesses. 

Another very important technological invention in the 20th century is the Internet. It is a connecting infrastructure on which most of these emerging technologies ride and has also been going through transformation with the introduction of Smart phones and other smart devices connected via broadband internet service. The real game changer is the much talked about 5G technology which promises high download and upload speed. 

It is expected that the high speed being offered by 5G will power driverless cars (autonomous vehicles) and big data processing for industries that would help in automation.

Conversations about these advanced technologies are fascinating but there is a huge skills gap globally when it comes to commercial deployment of some of these new technologies. Technology companies are constantly in search of people with expertise to innovate, develop and improve their products and services in their quest to commercialize some of these new technologies. 

According to a recent report by business insider, organizations such as Google, Apple and Netflix don’t require university degrees to hire engineers into their companies, all in an attempt to remove barriers that would prevent them from getting highly skilled individuals with the required digital skills.

Apart from high demand of experts with the technical know-how to develop these technologies, there is also a big gap in the digital skills required for users or consumers of these products and services. Technology is not useful if the intended market does not know how to apply it. This shortfall in digital skills is inhibiting the rapid deployment of technology for accelerated development according to a recent survey by International Finance Corporation (IFC) on sub-Saharan Africa. 

The report indicated that there is a limited access to digital talent although demand in digital skills is expected. Which means if there is no corresponding growth in digital skills workforce, Africa’s economies will weaken in the face of global push for digitization.

The government of Ghana (GoG) has been making effort in its digitization drive with initiatives such as; the launch of the National Property Addressing System to provide digital addresses for parcels of land and properties in the entire country, the implementation of the paperless system at the shipping harbor to improve efficiency, the implementation of the E-Justice system and the E-procurement all attest to the fact that GoG is committed to transforming the economy from an agrarian to a knowledge-based technologically driven one for rapid development. 

Communication sector has also been diversified which allows private sector participation and investment. There are at least five (5) privately owned fiber optics submarine cables terminating at the shores of Ghana which provides internet and connects Ghana to the rest of the world.

There are multinational telecommunication and internet service providers such as MTN, Vodafone, AirtelTigo, Busy etc. providing fixed/mobile telephony and internet services to consumers across the country with mobile phone penetration above 100% according to the National Communications Authority (NCA).

Despite the infrastructure deployment by both GoG and private sector investments, the digital skills gap is still a major concern to employers. According to IFC 2019 report; “Nearly 20 percent of Ghanaian companies surveyed recruit only internationally for digital skills, largely because they cannot find skilled local talent”. 

The report noted that people in Ghana and other sub-Saharan African countries would require digital skills training to bridge the demand-supply gap and ensure employers can hire locally, find suitable training for employees, and help workers keep pace with new technology in their industries.

There are three (3) major areas of Digital Skills acquisition programs that would help people to participate and benefit from the technologically advanced world and find decent jobs. They are; Basic Digital Skills, Intermediate Digital Skills and Advanced Digital Skills. 

The basic digital skill is required by everyone to be able to access and use all the services and digital devices available. This includes the ability to use the internet to search for information, operate your phone and use online portals and applications. Intermediate Digital Skills are generally considered the soft skills for employment which includes; ability to use office tools such as Microsoft word, excel, PowerPoint, emails etc. 

In addition, ability to use the internet for research and all other basic digital skills. Although most graduates include these computer skills in their resume while applying for jobs, most employers complain that even graduates struggle with intermediate digital skills which slows down their productivity.  

Advanced digital skills category is the skill required for specialists in ICT and it is considered their core occupation. For the advanced digital skills, the individual must be given specialized training with practical experience in a particular domain or field of ICT. Some of the domains are software engineering, cyber security, web development, big data analytics, cloud computing, and search engine optimization etc.

There are available jobs especially for the intermediate and advanced digital skills, however they require hands on experience to be eligible. The youth in particular should embrace Science, Technology, Engineering and Math (STEM) as most digital skills jobs are based on these foundational knowledge areas. 

David Gowu, Executive Director (Institute of ICT Professionals Ghana)

Email: david.gowu@iipgh.org

Mobile: +233242773762

SOCIAL NETWORKING, IN THE EYE OF THE HACKER, ATTACKER AND THE CYBER CRIMINAL

Sharing Online Content

It is great to share a link to a website and grab your friend’s & contact’s attention. But you never know that hackers are always with bated breath to such content, and you cannot think of what kind of reaction will they have? For example, if you share or like a website that does battle with some position taken by your government, for instance, agents of that government will immediately take an interest and target you for additional investigation or direct custody. 

So, if you want your contacts and obviously the administrators of the social networking platform you use to be the only ones who can view the things you share or mark as useful, then make sure you check your privacy settings.

Competitive Intelligence Gathering Through Company Advertising

Hackers hired by organizations are able to gather information about their competitors through social media platforms, websites, search engines, employment AD’s, social engineering employees, press releases and annual reports.

To wrap up with the discourse, it’s worth sharing the real-life happenings of how the cybercriminals and hackers have used the information gleaned from the social media sites to breach corporate organizations and individuals as described in the ensuing accounts.

One would recall that  social media sites or platforms  like LinkedIn encourage users to be comprehensive in the details they provide as that can help in job recruitment, but that can also lead hackers and cyber criminals to victims under the seeming pretext of offering employment. Such was the modus operandi of one hacker group, allegedly called Lazarus APT that infiltrated Redbanc, the ATM consortium for Chilean banks. 

A LinkedIn advertisement for a software developer turned out to be a front for the hacker group. They interviewed an employee of Redbanc over Skype and convinced him to open a malicious PDF that was supposedly an application form. The resulting breach in December 2018 went undisclosed until the following month. (Source: www.sentinelone.com)

Again, a study by the University of British Columbia analyzed how cybercriminals might use a few personal details to build an entire network designed specifically to steal Personal Identifiable Information (PII), and use it to surprisingly devastating ends. 

For this particular study, a team of students built a "socialbot" with 102 Facebook profiles to see how fast and how deeply the bot could penetrate a group of random Facebook users and capture sensitive information. Results of the eight-week campaign are as follows:

• The socialbot built an extended social network of one million people, successfully friending 3,055 individuals from a total of 8,570 invites sent - a mind-boggling 35% acceptance rate.
• Once the socialbot made some friends, it in turn targeted those friends' friends. As the bot's network grew, so did its friend-acceptance rate - that is, as its pool of friends expanded, the bot's robust circle of pals made it seem more trustworthy and therefore more "friendable."
• The bot collected 250GB of personal data, including 35% of all the personally identifiable information found on friend pages, and 24% from extended friend-of-friend networks.

These findings are both astonishing and daunting. It's particularly unnerving that even if you're discriminatory when accepting friend requests, all it takes is one of your friends to slip up-the afore-noted weakest link-and all of your information could be in the hands of cybercriminals.

If a dozen university students doing a side project can compile this much sensitive information, just think what sophisticated cybercriminals might accomplish. And, if one of the largest, most trusted social sites is this vulnerable to account hackings and personal data-mining, malicious infiltration of fraudulent accounts can happen to any site, on any scale, to anyone. (Source: www.socialmediatoday.com)

Recommendations

As a remedy, the writer would want to suggest the following to be used to address the breach of networks and leakage of information through social media.

• Organizations and employers should restrict access to social networking sites from organizations network. 
• Organizations and employers should consider restricting access to the use of personal emails on corporate networks since that can also be a conduit for attacks on corporate networks through phishing. 
• Educate employees to use pseudonyms on blogs, groups, forums and social media groups.
• Employees should not reveal critical information in press releases, annual reports, product catalogues etc. for marketing purposes or during information dissemination to the public. 
• Enforce security policies to regulate the information that employees can reveal to third (3rd) parties. 
• Educate employees about various social engineering tricks and risks. 
• Individuals and organizations should regularly review and update the privacy settings in their social media or networking accounts.
• Do not click on suspicious or untrusted links in emails, social media pages, groups and forums etc.
• Do not open suspicious mails or mails from untrusted sources.
• Do not open attachments in suspicious mails from untrusted sources. 
• IT security/Cybersecurity departments within organizations should have an oversight responsibility of reviewing and scrutinizing every information that the organizations intends to put in the public domain and ensure it pass compliance test before allowing it in the public domain. 
• Use strong passwords for all your accounts (Email, Social Media, and PC etc.) and do not use the same password across all social media sites.

To sum it up, remember that social media platforms are not just for chatting with friends or gaming, it is also a business hub for hackers to spread their malware and steal user information. Hackers are becoming more and more refined and are now looking to create a healthy and trusted relationship with their prey that helps them in gathering more details about their target before attacking them. 

Thus, be circumspect of what you share on social media, review and update your privacy settings on social media and make sure never to share your password with anyone on social media. Always ensure you use strong passwords on all your accounts and do not use same password across all social media sites and other services. So be aware of the cyber-crimes and hacks happening in the cyber world and smartly survive on the internet.

Author: John Dadzie, Member of Institute of ICT Professionals, Ghana, National Health Insurance Authority (Network Engineer)

Contact: johnny.dadzie@live.com; 0244503883