With Alagie Manneh
Strengthening cybersecurity is part of the planned activities of the National Development Plan (NDP) 2018-2021, under its Critical Enabler 5, which envisions to making The Gambia a Digital nation and a modern information society. It is also part of the planned activities of the Ministry of Information and Communication Infrstructure for the year. This effort is also part of activities 4 and 5 of Objective 2 and 3, respectively, of the Cybersecurity Awareness Implementation Strategy. Against this backdrop, officals of the information ministry including other stakeholders met and held discussions with journalists on cyber security awareness campaign.
What is cyber security and its importance?
principal ICT officer, MOICI
Cybersecurity is the practice of protecting data. When we said data, it is mainly digital content and the systems in which these data reside or the systems which transmit it. It also involves putting in place policies, rules and procedures in order to increase the cyber security posture of an organisation or entity. At national level, it involves putting in place legal and regulatory instruments, or policies in order to improve national security and protect the digital infrasturture of people and entities. The importance is many. One is protection of lives and properties from cyber criminals. Two, to enhance the effective participation of people and entities in the use of digital technologies. It also brings about foreign investment. It brings about economic growth because since the ICT sector is a major contributor to our GDP.
What are cyber risks and threats?
Ismaila Njie: These are risks/threats associated with financial or reputational damage to organisations, resulting from the failure of its information technology systems. Some examples of cyber threats are ransomware, phising, data leakage, hacking and insider threat. Ransomware which is a form of malware (malicious software) that attempts to encrypt (scramble) your data and then extort a ransom to release an unlocked code. Phishing is an attempt to gain sensitive information while posing as a trustworthy contact, for example a bank or online service. Spear phishing is a highly targeted attempt to gain information from an individual. Phishing emails may look completely convincing, often with faultless wording and genuine logos. Data leakage: The ubiquitous and cheap nature of portable storage devices make them a useful tool for the backup and transportation of data. Those features mean they are also a target for data thieves. Hacking involves gaining access to IT systems from outside an organisation. Gaining access to bank account information or credit card databases, intellectual property or tricking staff into revealing usernames and passwords. Insider threat: Your organisation employs staff (full time or as contractors), there is a possibility they could leak data by mistake or maliciously. The potential damage from a leak of documents cannot be underestimated. It is very important for cyber security to be exposed for people to be trained and to know all these things.
What are some cyber risk/threat scenarios?
It could be hackers with unauthorised access to systems. Ransomware and phising and trojan horses are the threats to your systems. If a system is vulnerable, they can easily have access to your system.
Cherno M Bah, chief inspector, GPF
As law enforcement officers, we have series of cyber incidents that comes to our desk day in day out. They are always treated positively. One of them involves a financial institution in the country whose systems were accessed by some scrupulous elements. They were able to manipulate the systems of this financial institution. When they got accessed, they were able to manipulate the accounts of that system and got somebody here in the country to open an account with that institution. Once they opened the account they would save about $10 dollars or so and give that information to those people outside the country. They will jthen ust need to add perhaps two zeros to make the account look as if though its $10,000. Now, the account is credited with 10,000 and once you withdraw the money, there is a particular percentage which you have to send to these guys outside The Gambia.
What is cybersecurity hygiene and what are some of its socio-economic impact?
Max Jonga: Cyber hygiene involves healthy behavior online and healthy maintenance of systems. If these systems are not kept healthy, it could wreak havoc. Critical national information infrastructure holders – these are very key institutions in the country like Nawec, the Africells, the banks and others – if they do not maintain a hygienic operating environment, they could get hacked. For example, an institution like the GRA, if they get hacked and all their systems are brought down and there is no backup, government revenue collections, payments and national revenue all go caput. Pura will make sure the ITC sector is well regulated as per existing cybercrimes and cyber security. In any given society the private sector plays more roles in economic activity than even the government. It is prudent to ensure the private sector is given an enabling environment to make sure it plays its role in cyber security as expected.
Sanusi Drammeh, principal ICT officer
What are the solutions to cybersecurity risks and threats?
Sanusi Drammeh: There are so many solutions that you can employ in order to protect yourself and your entities. One is awareness. When you are aware, you know what the threats are and can use the information to educate others. A protected device is also important and if you have the proper mechanisms installed in a laptop, it helps a lot. Safe online practices are also important such as which websites to visit, which links to click and so on. The other thing is unsolicited emails. You have to be wary of some of these things. There are others that come in the form of emails but if you click on it, it will install a malicious programme on your computer and compromise your system or even corrupt your system. Every computer can be a threat but as a user you need to be aware of these things and protect yourself. The most important thing is to backup your files.
Why is it important to inculcate cyber hygienic practices in people?
Sanusi: It will help protect the threats to the exposure of personal information, people and entities are mitigated. It ensures business transactions and computer secrets are protected from being stolen by cyber criminals. A digitally driven society is also assured which will bring about socio-economic development.
What is cybersecurity hygiene?
Sanusi: Cyber hygiene is a reference to the practices and steps that users of computers and other devices take to maintain system health and improve online security. These practices are often part of a routine to ensure the safety of identity and other details that could be stolen or be corrupted.
Why is it important to have cyber laws, policies and regulation?
Sanusi: Cyber laws are the legal branch of cyber security and these serve as deterrents and criminals will be prosecuted if they are caught. These laws will define what constitutes and offense. The police, the procedures they need to take will also be defined by these laws. Having cyber laws is so important as it will help protect against online fraud, identity theft and other online crimes. At the ministry of information, we have formulated what we called the Cyber Crime Bill, which has three components; the criminal offenses, the procedural matters and the international cooperation. We hope this bill will be adopted by Cabinet and tabled at the National Assembly.
Who are the custodians of cybersecurity regulation in The Gambia?
The custodians of regulations generally in The Gambia as far as ICT and other utility sectors lie with Pura. The ICT sector is one of the main sectors regulated by Pura. The IC Act of 2009 mentioned a lot of these things that are currently being enforced by Pura but strengthened by the new cyber crime bill.
What is the role of the private sector?
Max Jonga: Globally, the private sector is the most highly targeted due to the nature of its intervention areas; from financial institutions, insurance, to manufacturing just to name a few. The private sector is struggling to contend with the growing scope, scale, and complexity of cyber risks to corporations’ finances, reputation, and even property. These risks cut across multiple areas of business operations and permeate relationships with suppliers, customers, and third parties. Most governments are by now aware that cyber threats can severely damage and disrupt their economies and infrastructure, and many invest significant effort and resources to confront this danger.
What is the role of civil society?
Amadou A Bah, president, Gambia Cyber Security Alliance
The CSOs as we know are always energetic and because of that their role move from one school to another, from one Bantaba to the other to reach masses and talk to them about online safety, cyber security and the consciousness of content that they share online. We feel awareness is very, very important in this initiative. This is why MOICI came up with this idea. Another important role the CSO play is policy influence. In Gambia, we did not have a data privacy law before but thanks to our organisation with other CSOs, we have been putting pressure on MOICI, Pura and all stakeholders to make sure we have the right regulations that is going to protect the privacy and integrity of personal data.
Kaddijatou Sey, Office of National Security
The importance of being aware of cyber security
Kaddijatou: Awareness in general is key in everything one does. The cyberspace is the major threat to national security. It is disheartening that most Gambians often use devices without knowing some of its threat to their security. We have cybercrimes, cyber-attack and cyber terrorism which are detrimental but people are not aware. That’s why we are working to make sure people are aware of these threats. Awareness creation on cyber security cannot be underemphasised. It is key and the baseline of cyber solution. There cannot be cyber security without people being aware of the risk surrounding it.
Madiba Sillah, principal information officer, Dept. of Info Services
Responsibility of Info Department Services on Cyber Security
Madiba: The role of the Information Department is to ensure government comuniciates to the public by launching public information campaigns and to popularise government initiatives and progrmammes. In essence, we are both an influential entity and a threat factor when it comes to cyber security. We can help by sensitising the public, using the media and raise awareness of some of these things and the efforts we should put in place to ensure safety and healthy online activities. The other issue is for the media to be wary of some of these agents that are spreading misinformation using very credible media platforms. They sort of impersonate these media platforms that are credible and well-known and that is quite dangerous and it’s something we should think of when it comes to cyber security.
Ousman Yayo, ICT officer,
Ministry of Interior
Our role as a ministry is to make sure that we have good policies, laws and policies whereby the service providers and consumers have a good relationship. We are also responsible for the internal security of the country and make sure people are protected, their goods and the environment in which they live so that they may move freely without fear for their safety and well-being.