Recent news about hacks, data breaches and theft of personal information has become common over the years but the level of effects has increased exponentially. Simply put, cyber security has become a big threat to economic and national security of the world. So the governments of several countries have discussed cyber security strategies to control cyber crime. The key components of these strategies include legal, technical and organizational measures, capacity building and cooperation. Planning strategies is easy but implementing these, is easier said than done. Most of the cyber-security strategies fail due to missing of key elements like evaluation and control metrics and of course, proper funding due to the reason that most of the times it is confused with a defense strategy. Other reasons include communication gap between stakeholders and unclear instructions. Cyber-security can also cause problems regarding foreign investment. So it is high time the Governments take this matter seriously.
Apparently, cyber security has become one of the major security concerns in many developing and least developed countries. Some of the factors contributing to poor cybersecurity are poorly secure networks, lack of cyber laws and short of well-trained IT security experts both in private and government agencies. Unlike in developed countries, IT security education and awareness are not included in the academic curriculum. Many countries also lack the practice of sharing. Take for an example, not taking part in organizations like FIRST meaning missing out big opportunities to learn and even trainings offered by them. Hence, systems and networks of these countries are easier to break in and in fact, many might have already experienced a few dozens.
Take Africa for instance, it is notorious for economic frauds committed by both native young hackers and international criminals. No wonder the country alone is responsible for 4% of total security breaches worldwide.
Below is a list of obstacles faced by developing and least developed countries
- Lack of Cybersecurity Strategies/Policies and legal & regulatory framework in some countries
- Inadequate fund allocation to cybersecurity ecosystems
- Lack of information security awareness and persistent information security culture
- Inadequate standards and maturity models for cybersecurity
- Lack of a Child Online Protection Framework
- Lack of basic awareness, information security professionals and skills within government body
- Lack of specific sector policies e.g. education
- Resistance to change, especially in public sector
- Reliance on imported hardware and software
- Lack of sector-specific R&D programs/projects, especially in education
- Lack of appropriate national and global organizational structure to deal with cyber incidents
Besides these, mobile devices and fast broadband also pose a great threat in developing countries.
Developing countries should show some responsibilities to make cyberspace a secure bubble if they do not want to get crushed in the global market. They can start with the development of Cybersecurity strategies and focus on the use of ICT to enable economic growth. However, strategies are supposed to be implemented for effective results, not developed just for the sake of developing like Kenya. Although Kenya government developed the National Cybersecurity strategy in 2014 as well as tried to cope with cybersecurity threats by copying other countries’ strategies, there has not been any progress at all.
Cyber security ecosystem should include effective cyber laws and regulations, cybersecurity awareness, national and international collaboration, organizational structure as well as online children protection. Since conventional methods are not always reliable for controlling cybercrime, therefore a multi-layered approach which focuses on the core elements of the Cybersecurity ecosystem is essential.
Cyber security education is also equally important. The problem in most of the countries is that there are no government-funded IT security courses available and other IT security certifications are expensive. This condition is further worsened by the lack of computer experts and forensic labs within the government.
Other essential factors that ensure Cybersecurity are Legislation and regulatory framework. Estonia and UK can be taken as the modal countries in this case. Every country should have their own legislation but rather than wasting time in reinventing the wheel, what other countries can do is to improvise the existing legislation.
Upgrading infrastructures is yet another important step that can strengthen Cybersecurity to some extent but often is neglected. Just as computer software needs to be updated periodically to perform efficiently as well as to be able to fight against viruses or other security threats, similarly it is important to upgrade the infrastructures but many do not realize its necessity while others cannot simply afford or are unaware of the free updates available. For example, people in Africa prefer utilizing their extra hours on social network to updating their devices.
One of the most vital yet prevalent threats is data theft. Many developing countries have neither strong cyber laws nor a database record of criminals. People in some countries do not even use password which actually is the first line of defence. Therefore it has become easier for criminals to steal and trade information from an individual to companies and even if they get caught, they are likely to get any punishment due to lack of evidence. Apart from this, many institutions or companies are either not aware of the possible security information breaches or are not equipped with proper technologies to detect and investigate any information breaches. These types of criminal activities are frequent in Africa. Mobile device vulnerability is next big challenge to Cybersecurity. Millions of people are using it for accessing social networking sites like Facebook with smartphones now that they are being available at cheap prices. They use that same mobile phones at workplaces too which means the mobile phone now has both personal and company information, meaning it can contain company’s confidential data. Criminals don’t need to try hard enough to get their hands on these data, but use data-stealing apps would suffice.
Developing and least developed countries should think and act fast, else high chances of a digital divide between developed countries and underdeveloped countries. The government should initiate by helping its people be aware of the security issues relating to information technologies through education and training. There should be no places for cultural differences and personal profit. Adopting appropriate legislation and implementing cyber laws, effective institution structure and global partnership are imperative for cyber security. Surely, an R and D department would, in particular, motivate innovation, thereby making everything seem possible.
Author: Chiranjibi Adhikari
President at Information Security Response Team Nepal