- New law expected to be passed this year
- Cybersecurity Authority to be established for strict compliance
COVID-19 is not only fast-tracking electronic transactions but also cybersecurity regulations to ensure that as more businesses serve their clients digitally, the cyber space is kept secure and safe from any breech, Dr. Albert Antwi-Boasiako, National Cybersecurity Advisor, has noted.
In this regard, the Ministry of Communications through the National Cyber Security Centre has expedited work on the remodelled Cyber Security bill, which cabinet is expected to deliberate on this month – then move it to parliament for consideration and approval so the president can sign it into law by end of the year.
In an exclusive interview with the B&FT, Dr. Antwi-Boasiako noted that the country is very much aware of the growing digital attention which comes with some potential risks; and government, through the Ministry of Communications, is working assiduously to build a robust cybersecurity ecosystem.
This system, when complete, will protect Internet-connected systems such as hardware, software and data from cyber-threats; thereby guarding against unauthorised access to data centres and other computerised systems which harbor sensitive private and national information.
“There is a real risk for the nation. Beyond the increase in phishing attacks, targetting online bankers, increase in number of mobile money fraud cases – because everybody is using mobile money in these times, we have also recorded ab increase in cases of fake-news being circulated on social media,” he said.
The bill, which will see the establishment of a Cyber Security Authority when passed, first and foremost protects critical national information infrastructures. “We are talking about the banking applications which allow us to transact banking even at night; the IT infrastructure propelling the mobile money interoperability system; and the telecommunications sector infrastructure that allows us to have access to telecom services, especially data.
“We are talking of the databases and networks which run the paperless port, the national ID system, the Electoral Commission’s database and the digital birth and death registry system; these are critical, and if any of such systems are compromised the effect will be devastating,” Dr. Antwi-Boasiako said.
The regulatory body
The regulator, he said, will have oversight for implementation of the law by all businesses in the country. “The law will be strong on risk management and insist that all businesses put in place mechanisms to secure their digital system from potential cyber-attacks, as well as train and employ qualified personnel to manage cyber security. Businesses will also be required to draft policies and embark on routine audits of their IT infrastructure,” he added.
The law will also provide incentives and support businesses to properly set-up and meet cybersecurity compliance.
The Cyber Security Law also stipulates clear administrative charges that businesses will face if they fail to comply. “One area that is clear is businesses will pay penalties for non-compliance,” he added.
Dr. Antwi-Boasiako explained that once the draft bill is passed into law and businesses with critical national information that can meaningfully impact the economy – such as banks, telcos and public sector institutions – fail to meet guidelines, the authority will investigate; and if found culpable, the institution will pay fines that go to support the cybersecurity fight,” he added.
“The regulatory body will ensure standardisation and accreditation of cybersecurity services, with cybersecurity service providers set to be licenced before they get access to any national data. The law, he added, will also facilitate international cooperation in the fight against cybercrime – i.e. the Malabo and Budapest Conventions which need to be operationalised by the country to meet our international commitments.
“Another critical element to be enshrined in the law will be awareness creation about the cybersecurity guidelines. “If our citizens were aware of the basic cyber-hygienic practices, about 75 percent of mobile money fraud would have been prevented. So, the ministry is placing premium on education. Globally, it is difficult to prosecute cybercrime cases; less than 25 percent of cybercrime cases are successfully investigated and prosecuted even by developed countries; therefore, more work is needed to empower our people,” Dr. Antwi-Boasiako added.
Data from the Ministry of Communications and the Cyber Crime Unit of the Criminal Investigations Department (CID) of the Ghana Police Service show that businesses and individuals in Ghana lost US$105 million in 2018 to cybercrime.
In 2016 and 2017, US$35 million and US$69 million were respectively lost. This indicates that the country has lost over US$200 million in three years to cyber fraud. But this is just a fraction of the loss as the figure pertains to reported cases; there are many other cases that go under the raider due to fear of regulatory sanctions, avoidance of customer panic as well as confidence from some victims to report.