Recent news about hacks, data breaches, and theft of personal information has become familiar over the years, but the level of effects has increased exponentially. Simply put, cybersecurity has become a significant threat to economic and national security of the world.
So the governments of several countries have discussed cyber security strategies to control cyber crime. The critical components of these strategies include legal, technical and organizational measures, capacity building and cooperation. Planning strategies is easy but implementing these, is easier said than done.
Most of the cyber-security strategies fail due to missing of key elements like evaluation and control metrics and of course, proper funding due to the reason that most of the times it is confused with a defense strategy. Other reasons include communication gap between stakeholders and unclear instructions. Cyber-security can also cause problems regarding foreign investment. So it is high time the Governments take this matter seriously.
Cybersecurity has become one of the significant security concerns in many developing and least developed countries. Some of the factors contributing to poor cybersecurity are poorly secure networks, lack of cyber laws and short of well-trained IT security experts both in private and government agencies.
Unlike in developed countries, IT security education and awareness are not included in the academic curriculum. Many countries also lack the practice of sharing. Take for an example, not taking part in organizations like FIRST meaning missing out big opportunities to learn and even trainings offered by them. Hence, systems and networks of these countries are easier to break in and in fact, many might have already experienced a few dozens.
Take Africa for instance; it is notorious for economic frauds committed by both young native hackers and international criminals. No wonder the country alone is responsible for 4% of total security breaches worldwide.
Below is a list of obstacles faced by developing and least developed countries
- Lack of Cybersecurity Strategies/Policies and legal & regulatory framework in some countries
- Inadequate fund allocation to cybersecurity ecosystems
- Lack of information security awareness and persistent information security culture
- Inadequate standards and maturity models for cybersecurity
- Lack of a Child Online Protection Framework
- Lack of necessary knowledge, information security professionals and skills within government body
- Lack of specific sector policies, e.g., education
- Resistance to change, especially in the public sector
- Reliance on imported hardware and software
- Lack of sector-specific R&D programs/projects, especially in education
- Lack of appropriate national and global organizational structure to deal with cyber incidents
Besides these, mobile devices and fast broadband also pose a significant threat in developing countries.
Developing countries should show some responsibilities to make cyberspace a secure bubble if they do not want to get crushed in the global market. They can start with the development of Cybersecurity strategies and focus on the use of ICT to enable economic growth. However, procedures are supposed to be implemented for useful results, not developed just for the sake of developing like Kenya. Although the Kenya government established the National Cybersecurity strategy in 2014 as well as tried to cope with cybersecurity threats by copying other countries’ approaches, there has not been any progress at all.
Cyber security ecosystem should include effective cyber laws and regulations, cybersecurity awareness, national and international collaboration, organizational structure as well as online children protection. Since conventional methods are not always reliable for controlling cybercrime, therefore a multi-layered approach which focuses on the core elements of the Cybersecurity ecosystem is essential.
Cyber security education is also equally important. The problem in most of the countries is that there are no government-funded IT security courses available and other IT security certifications are expensive. This condition is further worsened by the lack of computer experts and forensic labs within the government.
Other essential factors that ensure Cybersecurity are Legislation and regulatory framework. Estonia and the UK can be taken as the modal countries in this case. Every state should have its legislation but rather than wasting time in reinventing the wheel, what other countries can do is to improvise the existing law.
Upgrading infrastructures are yet another critical step that can strengthen Cybersecurity to some extent but often is neglected. Just as computer software needs to be updated periodically to perform efficiently as well as to be able to fight against viruses or other security threats, similarly it is essential to upgrade the infrastructures, but many do not realize its necessity while others cannot just afford or are unaware of the free updates available. For example, people in Africa prefer utilizing their extra hours on the social network to updating their devices.
One of the most vital yet prevalent threats is data theft. Many developing countries have neither strong cyber laws nor a database record of criminals. People in some states do not even use the password which is the first line of defense. Therefore it has become easier for criminals to steal and trade information from an individual to companies and even if they get caught, they are likely to get any punishment due to lack of evidence. Apart from this, many institutions or companies are either not aware of the possible security information breaches or are not equipped with proper technologies to detect and investigate any information breaches.
These types of criminal activities are frequent in Africa. Mobile device vulnerability is the next big challenge to Cybersecurity. Millions of people are using it for accessing social networking sites like Facebook with smartphones now that they are available at low prices. They use that same mobile phones at workplaces too which means the mobile phone now has both personal and company information, meaning it can contain the company’s confidential data. Criminals don’t need to try hard enough to get their hands on these data, but use data-stealing apps would suffice.
Developing and least developed countries should think and act fast, else high chances of a digital divide between developed countries and underdeveloped countries. The government should initiate by helping its people be aware of the security issues relating to information technologies through education and training. There should be no places for cultural differences and personal profit. Adopting appropriate legislation and implementing cyber laws, effective institution structure and global partnership are imperative for cyber security. Surely, an R and D department would, in particular, motivate innovation, thereby making everything seem possible.
Author: Chiranjibi Adhikari
President at Information Security Response Team Nepal