The Uganda Communications Commission (the Commission) in partnership with the International Telecommunications Union (ITU) is hosting the Regional Cyber Drill for Africa here in Kampala to raise cyber security consciousness in Africa.
The cyber drill serves to enhance communication and incident response capabilities of the participants, as well as to cultivate a collective effort that is needed to mitigate cyber threats among the region’s national Computer Incident Response Teams (CIRTs). Participating countries include; Botswana, Burundi, Cameroon, DRC, Egypt, Gambia, Kenya, Kingdom of Lesotho, Malawi, Somalia, Tanzania and Zimbabwe
This is the fifth ITU ALERT – Applied learning for Emergency Response Teams (ALERT) international cyber drill for Africa Region focusing on current cyber security issues and hands-on exercises. Participants will be able to validate policies, plans, procedures, processes, and capabilities that enable preparation, prevention, response and continuity of operations.
World over, cyber-attacks are on the rise, partly driven by the upsurge in the use of computers and other devices. For Africa, the threat is greater because the commitment to digitization hasn’t been matched by the same zeal to combat cyber threats.
The event will enhance the communication and incident
response capabilities of the participating teams as well as to ensure a
continued collective effort in mitigating cyber threats among the
Region’s national Computer Incident Response Teams.
While many organizations follow a defensive approach to security, revolving around the deployment of protection security controls with a varying degree of monitoring capabilities. This cyber drill training will cover how organizations can use Cyber Threat Intelligence to proactively identify threats and actionable information in order to better prepare against future attacks while at the same time minimizing the impact of ongoing ones.
The training will also addresses a wide range of CTI standards, technologies and services and how they can be chosen and used effectively, based on the organizational context, maturity and specific needs of an organization
“Africa is lagging behind in digital security and several factors are responsible for this predicament, including limited resources, inadequate knowledge and laxity. However, while cyber security measures might appear a budgetary nuisance, in the event of a cyber-attack, the cost to the affected individual, organisation or government institution could be colossal.” says Mr Fred Otunnu the Acting Executive Director – UCC while officiating at the opening of the four day event.
At the last cyber drill in Abidjan, Ivory Cost in October 2018, it was acknowledged that African businesses are particularly vulnerable to cyber-attacks. In the remarks of the leader of IBM’s elite security unit, Michel Bobillier, pointed out that cyber threats have no borders as data pirates are ready to attack “anything that moves”.
Mr Otunnu noted that in the absence of a robust cyber security strategy, cybercrime could potentially erode confidence in the development of a digital economy in Africa, especially in the eyes of potential foreign investors.
“Therefore, it is imperative that African countries and institutions work together, exchange information about cyber threats so as to effectively deal with the challenge.” he said.
An IT services and consulting firm Serianu published an Africa cyber security report in April 2018 in which the loss to African businesses from cyber-crime was estimated at US$3.5bn.
However, the same report pointed out that more than 95% of public and private organisations in Africa spent less than US$1,500 a year each on their cyber security measures. Small and Medium Enterprises (SMEs), which form the spines of most African economies, were particularly singled out for not giving cyber security adequate attention.
“Whether it is a simple email scam, data theft or fake news, cyber-attacks can have significant repercussions for the victim in terms of financial loss, damage to corporate image or disruption of institutional or governmental operations,” Mr Otunnu observed during his opening remarks.
He said, “It’s my sincere hope that this cyber drill will serve to improve our collective cyber security readiness, protection and incident response capabilities at national, regional and international level.”
The first two days are dedicated to a Technical capacity building workshop on CIRT operations. The two last days are dedicated to the cyber drill exercises structured around various scenarios involving the most common types of cyber attacks while the sharing sessions provides a platform for cooperation and discussions on cyber security.