No firm without licence will operate cybersecurity service from 2023 – Bawumia
From January 2023, no firm in Ghana without a licence granted by the Cyber Security Authority (CSA) will be allowed to operate cybersecurity service, Vice President, Dr Mahamudu Bawumia has hinted.
He said this was to ensure that only firms and individuals that met the fit-for-purpose test were allowed to provide cybersecurity services in the country.
“We can no longer take chances to allow access to sensitive and critical data without the necessary legal and technical due process,” he said.
“There must be a way to ensure that the institutions and the people we engage to provide cybersecurity services meet the fit-for-purpose tests and can be held accountable for the services they provide.”
The Vice President said this in a speech read on his behalf by Mr Joseph Cudjoe, Minister of Public Enterprises, at the launch of the 2022 National Cyber Security Awareness Month (NCSAM) on the theme: “Regulating Cybersecurity: A Public-Private Sector Collaborative Approach.”
The NCSAM aimed at promoting capacity building and awareness creation to ultimately improve cybersecurity and strengthen our national cyber resilience.
Dr Bawumia said enhancing understanding of the provisions of the Cybersecurity Act, 2020 (Act 1038) and building synergies among all relevant stakeholders to ensure compliance was critical.
Creating greater awareness of the law and the relevance of cybersecurity regulations among children, the public, businesses and Government, whilst highlighting the need for public-private sector cooperation must be paramount, he explained.
“This awareness month is therefore important to ensure that everyone is involved in cybersecurity activities to ensure a safer digital Ghana,” the Vice President said.
Dr Bawumia added that Government was keenly aware that the dependence on digitalisation to transform the economy brought with it increased risk of cyber threats and attacks.
Data from the World Economic Forum indicates that cybercrime cost the world at least $6 trillion in 2021 and project that this could lead to over $10 trillion in annual damages by 2025.
Research by IBM also indicates that, it takes 280 days to find and contain the average cyberattack, while the average attack costs $3.86 million.
He said from January 2023, all Critical Information Infrastructure Owners, whether in the private sector or public institutions, would be required to undergo mandatory compliance checks and audits to ensure the protection of Ghana’s critical systems.
This, he explained, would help protect critical systems from rising malicious cyber activities in the global landscape. “They are also important to assess the adequacy and effectiveness of controls/measures put in place to meet the requirements of the law,” he added.
Dr Albert Anwti-Boasiako, Acting Director-General, indicated that, as at the end of the third quarter of 2022, the Authority had received a total of 9,769 contacts through its various points of contact such as the Cybercrime/Cybersecurity Incident Reporting Points of Contact.
Out of this, 431 were recorded as actual cybersecurity incidents and 5,389 as direct advisories, indicating that over 5,000 incidents which could have caused various degrees of losses to victims were prevented, and several amounts of money saved.
Top among these incidents included online fraud, unauthorised access to protected systems, online blackmail, online impersonation and publication of non-consensual intimate images.
“Most of these attacks are perpetrated through social media using social engineering and phishing techniques. Lack of awareness of cyber risks as well as inadequate cybersecurity control measures are the main vulnerabilities being exploited by perpetrators,” he said.
Mrs Ursula Owusu-Ekuful, Minister of Communications and Digitalisation, in a speech read on her behalf said, the CSA was collaborating with stakeholders to provide a framework for the licensing of cybersecurity service providers, accreditation of cybersecurity establishments and accreditation of cybersecurity professionals and practitioners.
She urged the Ministry of Finance to assist the Ministry of Communications and Digitalisation to operationalise the Cybersecurity Fund to secure quick resource needed to forestall any eventuality in the sector.
The initiative forms part of a five-year National Cyber Security Awareness Programme of the government dubbed: “A safer digital Ghana.”