Why Ugandans should worry about cyber threat in 2016

By Leonah Mbonimpba

As we begin the New Year, we must pay particular attention to the cyber threats facing our country. This is because the increased uptake of Information and Communications Technology (ICT) has greatly impacted the way we live, work and interact.

This trend is driven by advancements in technology and innovation. As a result, digital networks render time and distance irrelevant resulting into an always connected society. There is, therefore, need to protect our digital assets against increasing cyber threats.

Below are the critical areas for consideration as per our cyber threat horizon in Uganda for 2016.

Cyber risk is going to get more challenging to understand. Executive management will need to increase their understanding of cyber security in relation to its impact on business processes to drive the cyber-security agenda at the highest level. The more cyber-security is left to IT management, the more businesses increase their risks and exposure to cyber-attacks.

Secondly, having the right team in place is key. The complex nature of cyber security demands presence of teams that clearly understand the risks organizations' face and how to effectively manage them. This requires proven track record of skills and knowledge of the ever changing threat landscape to be able to act proactively. The cyber-security role is cross cutting and requires placement at the highest level for positive impact.

Outsourcing the cyber-security role to a third party creates more risk to an organization since there is ceding of control over an organization's information assets. Concerns of assurance of confidentiality, integrity and availability arise in this set-up. The cyber-security perimeter becomes blurred and creates opportunities that threat actors can target causing damage to an organization.

Reputation is going to be the new target for cyber-attacks. The insider threat will continue to negatively impact organizations due to intentional or accidental malicious actions. This will require organizations to attach more focus on strategies and policies that manage the insider risk effectively. An increasing number of successful attacks have had an element of insider involvement.

Hacktivists will create fear, uncertainty and doubt. The trend of hacktivists has been increasing over the years and is likely to continue with focus on damaging reputation and hacking ICT systems of organizations or Governments they don't agree with. Governments and organizations need to plan effective response mechanisms against this ever increasing threat.

Also, cybercriminals have proven to be relentless and greatly improved the level of sophistication of their attack methods (advanced, stealth and persistent) with an increasing focus on obtaining sensitive information from organizations supported by the emergence of virtual currencies. This places a huge responsibility for organizations to ensure their cyber-security teams periodically improve their skills in order to protect sensitive and critical information infrastructure.

Organizations and businesses continuously amass a lot of sensitive information that provides them with competitive business advantage and is continuously targeted by cyber criminals for malicious intent and fraud. Organizations will need to build security in ICT systems as well as implement improved tested and audited controls to avoid data leaks that otherwise damage reputation and put both the organization and customers at risk.

Changing pace of technology is going to get more complex. Corporate data is going to move to the cloud bringing unmanaged risk. The allure of cloud computing in providing scalability and flexibility is increasingly attracting usage from organizations. In the same breath, insiders are as well increasingly storing corporate data on personal cloud-based applications which both result into unmanaged risk. Organizations will have to exercise more vigilance in ensuring the cloud providers provide consummate level of protection to the information or service being hosted with constant monitoring. Organizations will also need to implement stringent policies to discourage insiders from hosting corporate data on personal cloud-based applications.

Increased use of personal devices for official work will increase information exposure. The emergence of affordable computing devices (laptops & smart phones) has led to an increased uptake by insiders at a personal level. Insiders are increasingly using their personal devices for work purposes which presents a new risk angle for cyber-security teams since most focus is attached to official systems and equipment. Cybercriminals are increasingly targeting such devices as an entry point into corporate networks. Organizations need to evaluate the use of personal devices within the workspace to reduce their exposure of information at both application and device level.

The writer works with  NITA-U