What’s the cost for Information Technology & Operational Technology Security?

Photo: Minister of Communications, Ursula Owusu-Ekuful

Over the past decade and in the wake of security and data breaches across the globe by cybercriminals, there have been over 300 data breaches involving the theft of 100,000 or more records (www.varonis.com data-breach-statistics) which exposed 4.1 billion records in the first six months of 2019.

It has therefore become apparent for a critical look and attention for the cybersecurity ecosystem and maturity among governments and the business community.

In lieu of this, the government of Ghana recognizes and has taken a bold step to confront the increasingly and the obvious risks that the state faces by enacting the cybersecurity act 2020, Act 1038.This Act is to regulate the cyber issues and also empower the Authority with the right framework and resources to regulate the cyberspace of Ghana in the face of cyber threats.

Measuring the cost of cybercrime:

According to cybersecurity ventures in an article dated Nov.13,2020 and titled” hacker apocalypse-cybercrime-report-2016”, it predicts global cybercrime costs to increase by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, a rise from US$3 trillion USD in 2015.

There are no clear statistics on the go for Ghana-related cybercrime but a calculated estimate reveals close to US$100 million dollars, a figure that’s more than some major businesses’ annual turnover as of the end of the year 2020. This clearly signals a concern for the cybersecurity development agenda. We look forward to the full operation and commissioning of the cybersecurity Authority to spearhead the cybersecurity policies and standards in Ghana.

The installation of a Point of Contact (POC) for the national cybersecurity center will help the nation gather more data on the frequency of cybercrimes such as ransomware attacks, denial of service attacks, among others.  A well-structured approach to incidence reporting and response procedures will help in calculating a more factual cost of cybercrimes to the state and business organization.

Digitization of the economy:

As the country is leading in the digital transformation agenda, with more and more service providers going online, the demand for cybersecurity measures have become paramount. Businesses and institutions need to provide a more secure digital infrastructure, data protection, and privacy, as well as protecting their assets from threats.

The delivery of a secure and congenial digital experience to customers online will not be a walk in the park, but will require a full risk analysis and structured technical controls to mitigate cyber-attacks as crimes shift to the digital environment as well.

Digital transformation is powered by technology and it comes with a cost. The reputational risk involved will compel corporate executives and boards to budget and equip information security managers to secure and maintain robust and reliable systems.

Although these digital investments will provide new strategic gains”” they also will introduce government institutions and businesses to cyber risks and attack vectors which requires more preparedness towards risk with; This would lead to the question that, are insurance companies ready to take on the cost of risk transfers from digitized businesses and institutions.

Data protection of customers’ confidential or sensitive information will fall under serious data regulations standards i.e. General data protection regulation(GDPR), Payment card industry data security standard (PCI DSS) and must be adhered to by businesses and institutions to avoid lawsuits after data breaches.

As cyber espionage grows rapidly within various sectors that have access to various confidential data, the handling of money electronically or the digitization of the financial sector “fin-tech” has revolutionized the way customers or people transact business or economic activities within the financial ecosystem. However, this has also cyber fraud and scam challenges that require critical looks such as vishing and smishing attacks and exploitation on customers of such service providers.

Cybersecurity Culture & Maturity:

According to “www.varonis.com cybersecurity-statistics” the world faces over 100,000 malicious websites and 10000 malicious files daily with; Phishing attacks involving the sending of malicious emails to trick users to take an action accounts for about 80 percent of reported incidents globally. In 2021 there has been a 27 percent increase in registered phishing sites which is an alarming security threat vector ready to exploit victims.

These statistics shows the high percentage of attacks happen due to human-related errors and behaviors. This calls for a cross-functional approach to build cyberculture in people or workers of various businesses and institutions as we strive to lead, transform and innovate with technology.

Corporate leaders such as CEOs, boards of directors, with Key stakeholders and decision-makers must champion the need for a cyberculture in the enterprise environment and drive the engagement of cross-functional management to build mature cyber ethics among its people. Management must create programs to identify cyber risk and have a bulletproof mitigating strategy to combat attacks on the cyber front.

In conclusion, the nation’s cyber ecosystem is maturing steadily and with so many potentials. Also, the demand for cybersecurity solutions requires highly skilled cybersecurity professionals to man the systems that are set to standardize procedures of operations in an IT or operational technology (OT) environment. The cost is enormous, but let me reiterate to top-level executives that cybersecurity demands an all-hands-on-deck approach to manage cyber risk.

The writer is the Co-Founder & Consultant Mavelo Technologies LLC

Leave a Reply