Businesses rank low in cybersecurity awareness

As cybercrime rises across the globe and new initiatives in Europe and the US aim at improving cybersecurity and enhancing data protection, Uganda still seems to be lagging behind.

Businesses in Uganda score very low on awareness of the threats posed by hackers and other bad actors and they do not seem prepared for attacks that might cost them a lot in damages and mitigation expenses.

Ugandan Businesses Unprepared for Cyber Attacks
Preparedness across sectors in Uganda is very low, according to a recent report compiled by the Global Cyber Security Capacity Centre at the Oxford Martin School at the University of Oxford.

What is most concerning is that, as the report underlines, most businesses and industries in Uganda have minimal awareness of their own needs when it comes to cybersecurity.

The corporate culture in the country is not focused on digital security and even though the private sector is trying to catch up, there are usually only a few people within each business that are really aware of the issues. By contrast, financial institutions like banks are often more up to speed.

They are trying to raise awareness within the work environment, have a grasp of the risks that might put them in danger, and are actively trying to increase their capabilities. SMEs also seem more or less aware of threats, but they do not have the expertise and skills required to know how to respond to them appropriately.

Outdated Operating Systems and Internet Browsers a Major Security Risk
The trend is in line with the reality within the government infrastructure as well, as the report points out that most government employees are not trained on cybersecurity issues and efforts for raising social awareness are scarce and insufficient.

It also coincides with a worldwide trend of businesses neglecting their cybersecurity needs - although Ugandan enterprises rank surprisingly low. According to the findings of a survey published in 2017 by BitSight, most companies run outdated operating systems and browsers.

This leaves them open to flaws that are usually addressed with patches for said program and OS. Unpatched flaws, along with default account settings and unprotected directories, were associated with security misconfiguration, one of the top 10 security threats identified in the 2017 OWASP Top 10 The OWASP, which stands for Open Web Application Security Project, is a non-profit that aims to offer impartial information on application security.

Most Companies Run Outdated Versions of OS and Browsers

The BitSight report on outdated OS and browsers studied over 35,000 companies across the world and focused on over 1.5 billion cases in 8 months, researching users of Apple and Microsoft OS and of popular browsers ranging from Google Chrome and Mozilla Firefox to Safari and Internet Explorer.

It found that more than 2,000 companies run an outdated OS version on over 50% of their computers, which means the possibility of them experiencing a data breach triples.

Over 8,500 organizations employ a non-updated browser version on 50% of their computers, which raises the odds of being hit by a publicly disclosed data breach twofold. Moreover, 25% of government computers were found to run an out-of-date OS, with 80% of that being a MacOS.

Even though things do not look so well globally, Ugandan businesses still have a long road ahead in terms of not only catching up but also reaching a place where they are actually meeting their cybersecurity needs properly.