Gov't IT officers lack skills in cyber security

Information and Technology (IT) officers in most government institutions do not have sufficient capacity to implement appropriate security controls.

This is due to the fact that such specialized training is expensive and that government institutions have not been able to raise sufficient budgeting or the right resources for training.

The observation was made by Arnold Mangeni, director information security at the National Information Technology Authority (NITAU) at a three day conference on cyber defence at Statistics House.

The training was targeting IT officers and security experts to understand how to protect their institutions when incidences of cyber threats occur.

"And in the absence of personnel to ably manage security of various installations, any threat can easily come to pass because we don't have sufficient controls in all one of the places, which slows down productivity and efficiency in work" he said.

Mangeni said that challenge has further been magnified by the fact that the more organizations are getting connected on internet, the more the weakest links are exposed, making it easier for threats to penetrate systems.

"So it is not a matter of throwing technology anywhere in the name of putting security measures and controls until you employ personnel with the right skills to configure the security controls so that they can be able to stop the attacks," Mangeni added.

Participants were exposed to threats and emerging challenges of digitization through the internet and solutions on how to track, defend and protect their organizations' systems from external attacks, he added.

The training was conducted by NRD Company's security division, which participated in setting up the one stop centre at Uganda Investment Authority (UIA), Kampala Capital City Authority (KCCA) National Environment Management Authority (NEMA) and NITA-U.

The three day training was aimed at addressing cyber security issues by bringing together government, ICT experts, academia so as to find ways of creating a more secure digital environment for all people.

"Many organizations still rely on ad hoc, manual processes leading to failures by the executive management to recognize the impact of cyber security in business processes. Therefore damaging organizations' data, assets and reputation" said Dr. Vilus Benetis the chief executive officer NRD.

Benetis said since Uganda has embraced digitization through the internet to facilitate various processes for economic development, they must prepare for cyber threats since the internet has no boundaries.

One of the solutions is for governments to put in place cyber defence centres to help in the coordination of responses .This must be equipped with personnel who have a clear understanding of critical IT information on how to protect the infrastructure or domain.

Other protective measures include not revealing passwords, not responding to emails unless you are sure of who is sending them, not clicking on links you don't understand among others

At the same event, ICT minister Frank Tumwebaze urged participants to ensure that they practice what they learn to protect information systems and networks on which the country depends.

"You are at the frontline of protecting our information systems and networks, ensure that appropriate cyber security controls are in place and constantly reviewed following the National Information Security Framework," Tumwebaze said.

He also asked them to make sure that websites and portals are updated and maintained  and also make sure that they carry out risk assessments in their workplaces as well as implementing controls that limit exposure to threats for the safety of various online systems.