Uganda still regarded a high-risk nation for Cyber-attacks

ICT ministry PS Vicent Bagiire

Cybercrime throughout Uganda is resulting in a loss of up to 122 billion Ugandan shillings for the nation according to a new Africa cybersecurity report for 2016, as compiled by Kenyan cybercrime organization, Serianu Cyber Threat Intelligence.

Internet usage is growing rapidly in Uganda. Data from the United Nations Department of Economic and Social Affairs shows that just 0.1% of the population had internet access in 2000, but now almost a third (31.3%) of the Ugandan population are online, amounting to over 13 million web users. Consequently, the number of Ugandan cyber-criminals is rising thanks to the increasing sophistication of their knowledge while the lack of a cybercrime regulatory framework by the Ugandan authorities is creating huge loopholes for hackers to exploit online.

One of the most common sources of cybercrime in Uganda and worldwide is the exploitation of vulnerabilities within web applications. This involves a cyber-criminal targeting complex source code within content management systems (CMS) such as Word Press and Magento, database administration frameworks and other Software as a Service (SaaS) applications hosted either locally or within the cloud.

Too many web application attacks still go undetected because of the complexity of the source code within these applications and the lack of internal awareness or understanding of how things work. Even an out-of-the-box web application firewall solution can screen all incoming traffic to a web application and filter out those malicious hackers who seek to steal business-critical data using attack vectors such as XSS attacks and SQL injections.

The Africa cyber security report 2016, which reviewed cybercrime data from six African nations - including Uganda, Tanzania, Kenya, and Nigeria - listed the most common points of attack for cyber-attackers as organizations including government departments, financial institutions, and insurance firms.

Furthermore, the continent features prominently within the Global Threat Impact Index published in May this year. Five of the ten nations on the planet with the greatest risk profile for cybercrime were based in Africa, including Uganda in seventh place. Zambia is regarded as the world's most at-risk country in terms of cyber-attacks, followed by Nigeria in second position.

Vincent Bagiire, the Permanent secretary, Ministry of Information and Communication Technology and National Guidance, admitted at the latest East Africa Information Security Conference that "everybody is vulnerable".

"In case you are paying for a service using mobile money, both systems - sending and receiving - must be secure. It makes no sense for just one party to be secure," added Bagiire.

Bagiire recommended that Ugandan consumers and businesses alike - particularly organizations that handle large amounts of sensitive data - should invest in adequate cyber protection for their interests in line with the "value they attach to their information".

The need for web application protection has never been greater. Malware variants are cropping up online around the world with every month that goes by, such is the innovation shown by today's cyber-criminals. Complacency is a dangerous thing for any organization, but it is especially dangerous for those who operate online.

The financial implications of a cyber attack extend much further than any initial attack when you take into account the potential damage to reputation, legal costs, and the time and money it takes to restore online infrastructures.